- Jul 3, 2015
- 8,153
Windows Defender Detecting Legitimate Files as Trojan:Win32/Bluteal.B!rfn
June 27, 2018
Recently there have been a lot of reports of Windows Defender suddenly detecting files as Trojan:Win32/Bluteal.B!rfn. The detected files range from CPU miners, which would make sense, to legitimate Windows files, which do not.
For example, one of our visitors posted in the forums on June 24th that Windows Defender had started to detect the "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll", which is a legitimate file, as Trojan:Win32/Bluteal.B!rfn.
Detections for Trojan:Win32/Bluteal.B!rfn appear to have been added to Windows Defender around May 18th, 2018 according to a page in Microsoft's Windows Defender Security Intelligence site.
Microsoft confirms this is a false positive
After reaching out to Microsoft about this, I was told that this detection was a false positive and that it has already been addressed, but was not told what definition update pushed the fix or when it was resolved.
https://www.bleepingcomputer.com/ne...legitimate-files-as-trojan-win32-blutealbrfn/
June 27, 2018
Recently there have been a lot of reports of Windows Defender suddenly detecting files as Trojan:Win32/Bluteal.B!rfn. The detected files range from CPU miners, which would make sense, to legitimate Windows files, which do not.
For example, one of our visitors posted in the forums on June 24th that Windows Defender had started to detect the "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll", which is a legitimate file, as Trojan:Win32/Bluteal.B!rfn.
Detections for Trojan:Win32/Bluteal.B!rfn appear to have been added to Windows Defender around May 18th, 2018 according to a page in Microsoft's Windows Defender Security Intelligence site.
Microsoft confirms this is a false positive
After reaching out to Microsoft about this, I was told that this detection was a false positive and that it has already been addressed, but was not told what definition update pushed the fix or when it was resolved.
https://www.bleepingcomputer.com/ne...legitimate-files-as-trojan-win32-blutealbrfn/