Jump to content
Login new information ×
Login new information

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Karlston

By Karlston
in Security & Privacy News

Recommended Posts

Karlston

Karlston

Posted
Posted

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Microsoft Defender ATP detects Chrome updates as PHP backdoors

 

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file.

 

System admins are reporting that Microsoft's enterprise endpoint security platform (previously known as Microsoft Defender ATP) is detecting the sl.pak component in both Chrome 88.0.4324.104 and 88.0.4324.146 (the latest version, released yesterday) installers as a PHP/Funvalget.A backdoor.

 

Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

Chrome false positive reports
Reports of Chrome updates tagged as malicious

BleepingComputer has also contacted Microsoft for more information and to confirm that this is an issue of a false positive detection but has not heard back.

 

As first reported by ZDNet, according to a screenshot showing the Chrome sl.pak language file being tagged as a backdoor, Microsoft Defender for Endpoint automatically blocks the detected files using quarantine as a remediation action.

Defender detecting Chrome installer component as backdoor
Defender detecting Chrome installer component as a backdoor (ZDNet)

Although Microsoft hasn't yet provided an official statement regarding this issue, at least one report claims that the company has acknowledged it as a false positive and has updated Microsoft Defender's malware definitions.

 

To clear the cached detection on endpoints in their environment, systems admins are advised to update to the latest malware definitions by using this procedure:

  1. Go into Defender's directory using a command prompt opened as admin: cd %ProgramFiles%\Windows Defender
  2. Run these two commands to clear the current cache and trigger an update: MpCmdRun.exe -removedefinitions -dynamicsignatures and MpCmdRun.exe -SignatureUpdate

 

 

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Link to comment
Share on other sites
  • Views 306
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...