Microsoft Defender flags Google Chrome updates as suspicious

Trooper

Level 16
Thread author
Well-known
Aug 28, 2015
739
Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue.

According to Windows system admins reports [1, 2, 3, 4], the security solution (formerly known as Microsoft Defender ATP) began marking Chrome updates as suspicious starting last evening.

Those who encountered this issue reported seeing "Multi-stage incident involving Execution & Defense evasion" alerts on affected Windows endpoints monitored using Defender for Endpoint.

In a Microsoft 365 Defender service advisory issued after reports of these alarming alerts started showing up online, Microsoft revealed that they were erroneously triggered by a false positive and not due to malicious activity.

"Admins may receive a false positive alert for Google Update on Microsoft Defender for Endpoint monitored devices," Microsoft said.

Roughly one and a half hours later, the advisory was updated, with Redmond saying the false positive issue was addressed and the service restored.
 
Top