Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft’s top enterprise security solution, is currently having a bad day and labeling yesterday’s Google Chrome browser update as a backdoor trojan.
Microsoft Defender Advanced Threat Protection (ATP) is a comprehensive security solution that provides real-time threat detection and response capabilities to protect organizations from cyber-attacks. It is a cloud-based service that leverages advanced analytics and machine learning to identify and respond to threats quickly.
Microsoft Defender ATP is designed to provide a proactive approach to security by identifying potential security breaches before they can cause significant harm. It uses behavioral analysis and machine learning to detect unusual activity on endpoints, such as unauthorized access attempts, suspicious behavior, and malicious file activity. In addition, Microsoft is a leading IT certification vendor, offering certifications in areas such as cloud computing, cybersecurity, data management, and more. Microsoft certifications are highly regarded and are designed to validate an individual’s ability to use Microsoft products and services. IT certification vendors like Microsoft, CompTIA, Cisco, AWS, VMware, Oracle..etc., offer a range of certification programs designed to help individuals validate their knowledge and skills in specific areas. Vendor IT certification courses and exam websites like PrepAway offer individuals an opportunity to obtain recognized credentials in a specific technology or product.
As per the screenshot above, but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named “PHP/Funvalget.A.”
The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months.
System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possitive” and not an actual threat.
ATP is triggering on C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.146\Locales\sk.pak
— Dark Defender (@ShadyDefender) February 3, 2021
Hey @msftsecresponse – Seeing lots of Defender ATP alerts this morning on C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Locales\sl.pak detected as PHP/Funvalget.A. Can you confirm this is a false positive? SHA256 in reply.
— W. David Winslow (@wdwinslow) February 3, 2021
Defender detected sl.pak as ‘Backdoor:PHP/Funvalget.A’
C:\Program Files\Google\Chrome\Application\88.0.4324.146\Locales\sl.pak
Defender detected chrome.7z as ‘Backdoor:PHP/Funvalget.A’
C:\Program Files\Google\Chrome\Application\88.0.4324.146\Installer\chrome.7z
— itquartz (@itquartz) February 3, 2021
ZDNet has contacted a Microsoft spokesperson before this article publication, seeking a formal statement on the ATP detections.
Chances are that this is indeed an erroneous detection, but until a formal announcement, administrators are advised to wait before taking other actions.
The free version of the Microsoft Defender antivirus, the one that ships with all recent Windows versions, has not detected the recent Chrome update as malicious, according to multiple ZDNet tests.
