l + f: Emotet false positive from Microsoft Defender

(Image: heise)

An update of the Microsoft Defender Antivirus detection databases caused a stir since Tuesday due to a false positive. For example, when opening or printing Office documents, the virus protection from Microsoft warned that a malware named Behavior: Win32 / PowEmotet.SB was detected.

Security researcher Kevin Beaumont reported on the false alarm on Twitter.

According to the Microsoft database entry for Behavior: Win32 / PowEmotet.SB, the signature of the behavior recognition module (Behavior: as part of the name) was originally rolled out on November 26th. An update of the signature on Tuesday, which noted the changelog of the Microsoft Defender signature updates, then apparently led to a false positive. Version 1.353.1888.0 from today’s December 1st should correct this.

The updates are usually downloaded and installed automatically via Windows Update. If you still receive the false alarm, you should call up Windows Update in the control panel and install updates.

The false alarm comes just at the time when the cyber gang behind the most dangerous malware Emotet was activated again. The old botnet was broken up earlier in the year by security authorities and the malware uninstalled. Therefore, the false virus warning has now caused a lot of excitement.


To home page


Emotet false positive Microsoft Defender

For Latest Updates Follow us on Google News

PREV Morocco: A draw and happy, the summary of the CAN match.
NEXT Experts expect fresh snow and winter thunderstorms