Internet

Microsoft Defender alerts for false positives

Antiviruses are necessary to prevent viruses and threats from entering computers and any mobile device. However, sometimes they get confused and do not work as we would like. It is, for example, what is known as a false positive. It can detect a file or folder as if it were a virus. In this article we echo how Microsoft Defender is alerting of the entry of Emotet and it locks Word files, but it is actually a false positive.

Microsoft Defender detects files as fake Emotet

Specifically detects Office documents and some executables as if they were payload files of the Emotet malware. They are actually false positives, but it causes users to be unable to open them and the consequent inconvenience that this can lead to, especially when it comes to text documents that may be important.

Especially are the system administrators those who are encountering this problem. They indicate that this has happened since they updated the definitions of the security platform to the latest version. Although always keeping systems up to date is very important, it is true that sometimes problems like the one we mentioned can arise.

Once activated, what Microsoft Defender does is to block when trying to open the file and throws an error indicating that there is a suspicious activity linked to Win32 / PowEmotet.SB or Win32 / PowEmotet.SC.

According to the researchers who have analyzed this problem, the cause begins after updating to version 1.353.1874.0. At the moment, Microsoft has not released any solution to avoid this problem. However, the researchers believe that Microsoft has increased the sensitivity to detect files that may be Emotet.

New Emotet campaign

The Emotet botnet is reactivated

One of the causes may be that recently the Emotet botnet It has reactivated again. It is one of the most important threats in recent years. Now, a group of security researchers found that it has reinfected devices. You can always check if your computer is infected with Emotet.

This we mentioned, together with the false positives from Microsoft Defender, makes many administrators alert and may believe that their computer has actually been infected by Emotet and quickly begin to take action, even though it is really a false positive.

Keep in mind that this is not the first time that Microsoft Defender has detected a threat that really is not. In fact, it is not something exclusive and can also affect other antivirus on the market.

From RedesZone we always recommend having a good antivirus. It is undoubtedly a fundamental piece to prevent the entry of threats. Now, we must always keep it updated so that problems do not occur. Those problems can range from not detecting threats, to detecting secure files as if they are actually a problem. It is also important to differentiate between antivirus and antimalware.

In short, if you are a system administrator and recently you have received an alert from Microsoft Defender detecting an Office file as a threat, it is likely that it is a false positive and you think it is a malicious payload from Emotet.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *