Microsoft Defender Panics Admins With Emotet False Positives

Share post:

Microsoft Defender for Endpoint is currently blocking access to Office documents and some executables because the files are marked false-positive and may bundle an Emotet malware payload.

Windows system admins have reported this since they updated Microsoft’s enterprise endpoint security platform definitions, to version 1.353.1874.0.

When triggered, Defender for Endpoint will block the file from opening and displays an error indicating suspicious activity related to Win32 /PowEmotet.SB or Win32 /PowEmotet.SC.

While Microsoft has not yet released final information about the problem, the most likely reason is that the tech giant has increased sensitivity to detecting Emotet-like behaviour in updates released yesterday, and that renders Defender’s generic behavioural detection engine is extremely sensitive and prone to reporting false positives.

The change was also most likely caused by the recent revival of the Emotet botnet two weeks ago, after Emotet research group Cryptolaemus, GData, and Advanced Intel began to detect TrickBot dropping Emotet loaders on infected devices.

Amid the false alarms, the timing of the bug is really bad, since Emotet is coming back and most Windows administrators are already panicking.

Many of them reported that they had almost taken their data centers offline to prevent the possible Emotet infection before realizing that these were likely false positives.

Microsoft has stated that it has solved the problem for cloud-connected users and will fix the bug for everyone else as soon as possible.

For more information, read the original story in BleepingComputer.

SUBSCRIBE NOW

Related articles

Canadian School Boards Hit by Data Breach in PowerSchool Cyber Incident

A significant data breach involving PowerSchool, a widely used student information system, has affected multiple school boards across...

Chinese Hackers Compromised More U.S. Telecom Networks Than Previously Known

A new report from the Wall Street Journal reveals that a Chinese hacking campaign has compromised more U.S....

Cyber Security Today Year End Review: December 21, 2024

This is our year end show. We'll be back in early January, 2025. Merry Christmas and Happy Holidays. Join...

Millions Stolen in Crypto Wallets Linked to 2022 LastPass Hack: Cyber Security Today for Friday, December 20, 2024

Millions Stolen in Crypto Wallets Linked to 2022 LastPass Hack, TP-Link Routers Face Possible U.S. Ban Over National...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways