Microsoft Defender Panics Admins With Emotet False Positives

Share post:

Microsoft Defender for Endpoint is currently blocking access to Office documents and some executables because the files are marked false-positive and may bundle an Emotet malware payload.

Windows system admins have reported this since they updated Microsoft’s enterprise endpoint security platform definitions, to version 1.353.1874.0.

When triggered, Defender for Endpoint will block the file from opening and displays an error indicating suspicious activity related to Win32 /PowEmotet.SB or Win32 /PowEmotet.SC.

While Microsoft has not yet released final information about the problem, the most likely reason is that the tech giant has increased sensitivity to detecting Emotet-like behaviour in updates released yesterday, and that renders Defender’s generic behavioural detection engine is extremely sensitive and prone to reporting false positives.

The change was also most likely caused by the recent revival of the Emotet botnet two weeks ago, after Emotet research group Cryptolaemus, GData, and Advanced Intel began to detect TrickBot dropping Emotet loaders on infected devices.

Amid the false alarms, the timing of the bug is really bad, since Emotet is coming back and most Windows administrators are already panicking.

Many of them reported that they had almost taken their data centers offline to prevent the possible Emotet infection before realizing that these were likely false positives.

Microsoft has stated that it has solved the problem for cloud-connected users and will fix the bug for everyone else as soon as possible.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways