Google chrome

Microsoft Defender once again flagged Google Chrome updates as ‘suspicious’

Earlier today, Reddit sysadmins and others started reporting (1 , 2) that Google Chrome updates were flagged as “suspicious” by Microsoft Defender for Endpoint. Apparently Microsoft’s security solution thought the “goopdate” DLL file was suspicious because it was not signed by the Google Updater service (GoogleUpdate.exe).

As you can see in the image below, the Twitter user Kevin Gray noticed the following activity on the Defender side when performing Google Chrome updates:

Defender flags Google update as malware

Microsoft appears to have confirmed that the finding was indeed a false positive and has since fixed the bug according to MVP Ota Hirufumi on Twitter:

While Microsoft Defender for Home has generally done well in recent antivirus rankings for AV-Comparatives and AV-TEST, the enterprise variant of the product has had many instances where it has flagged genuinely harmless files and services as malicious.

For example, last year in February, the same thing happened when Defender for Endpoint thought Chrome updates were malicious; and very recently it even falsely flagged its own Office updates as malware.

Following this incident, Microsoft published a guide for false positives/negatives to reduce these errors, but this decision does not seem to have helped much yet.

Going through BeepComputer