Microsoft Defender flags Google Chrome updates as suspicious


Level 16
Thread author
Aug 28, 2015
Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue.

According to Windows system admins reports [1, 2, 3, 4], the security solution (formerly known as Microsoft Defender ATP) began marking Chrome updates as suspicious starting last evening.

Those who encountered this issue reported seeing "Multi-stage incident involving Execution & Defense evasion" alerts on affected Windows endpoints monitored using Defender for Endpoint.

In a Microsoft 365 Defender service advisory issued after reports of these alarming alerts started showing up online, Microsoft revealed that they were erroneously triggered by a false positive and not due to malicious activity.

"Admins may receive a false positive alert for Google Update on Microsoft Defender for Endpoint monitored devices," Microsoft said.

Roughly one and a half hours later, the advisory was updated, with Redmond saying the false positive issue was addressed and the service restored.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.