Microsoft Defender Panics Admins With Emotet False Positives

Share post:

Microsoft Defender for Endpoint is currently blocking access to Office documents and some executables because the files are marked false-positive and may bundle an Emotet malware payload.

Windows system admins have reported this since they updated Microsoft’s enterprise endpoint security platform definitions, to version 1.353.1874.0.

When triggered, Defender for Endpoint will block the file from opening and displays an error indicating suspicious activity related to Win32 /PowEmotet.SB or Win32 /PowEmotet.SC.

While Microsoft has not yet released final information about the problem, the most likely reason is that the tech giant has increased sensitivity to detecting Emotet-like behaviour in updates released yesterday, and that renders Defender’s generic behavioural detection engine is extremely sensitive and prone to reporting false positives.

The change was also most likely caused by the recent revival of the Emotet botnet two weeks ago, after Emotet research group Cryptolaemus, GData, and Advanced Intel began to detect TrickBot dropping Emotet loaders on infected devices.

Amid the false alarms, the timing of the bug is really bad, since Emotet is coming back and most Windows administrators are already panicking.

Many of them reported that they had almost taken their data centers offline to prevent the possible Emotet infection before realizing that these were likely false positives.

Microsoft has stated that it has solved the problem for cloud-connected users and will fix the bug for everyone else as soon as possible.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways