Microsoft Defender flags Google Chrome updates as 'suspicious'

The Microsoft Defender for Endpoint tool is said to be tagging Google Chrome updates (delivered via Google Update) as suspicious activity and could lead to security risks.

According to reports by a series of Windows system administrators on Reddit and many other technology forums, the default Windows security solution (formerly known as Microsoft Defender ATP) has started marking Chrome updates. is "suspicious" since the evening of April 20.

Microsoft Defender thinks the "goopdate" DLL file is suspicious because it is not signed by the Google Updater service (GoogleUpdate.exe).

As can be seen in the screenshot below, a Windows system administrator by the name of Twitter Kevin Gray noticed "unusual" behavior by Microsoft Defender when running Google Chrome updates:

Responding to this anomaly, a Microsoft representative confirmed that Microsoft Defender warnings for Chrome's update files were mistakenly triggered due to errors in suspicious file screening, not due to actual malicious activity. appearance on the system:

"Administrators may receive a 'false positive' warning for Google Update on Microsoft Defender for Endpoint monitored devices. Issue resolved and service restored."

Microsoft Defender for Home usually performs quite well and is rated well in AV-Comparatives and AV-TEST's top antivirus tool rankings. However, the enterprise version of this security toolkit makes mistakes quite often. There have been many cases where Microsoft Defender for Endpoint has flagged really harmless files and services as malicious, and the latest case with Google Chrome is a prime example.
Before that, Microsoft Defender for Endpoint even falsely flagged Microsoft's own Office updates as malware. Following that incident, Microsoft released guidance to reduce such errors, but the move doesn't seem to have helped much in practice yet.

Microsoft Defender disappoints in its ability to work offline, the detection rate of security risks is just over 60%
Microsoft Defender warns Office update is a virus
Detecting a botnet that can easily bypass Windows Defender and steal crypto wallet data

Operate and exploit advertising by iCOMM Vietnam Media and Technology Joint Stock Company.
116 Thai Ha, Trung Liet Ward, Dong Da District, Hanoi.
Editor in chief: Tran Vo
Tel: (+84) 903076053/7 Fax: (+84) 903030935
Responsible agency: Union of Science and High-Tech Production and Telecommunications (HTI) - Vietnam Academy of Science and Technology
Copyright © 2020 iCOMM Tech JSC