Microsoft Defender issues false positive alert for Google Chrome updates

BleepingComputer reports that Microsoft Defender for Endpoint has mistakenly flagged Google Chrome updates as suspicious. Windows endpoints leveraging have been receiving "Multi-stage incident involving Execution & Defense evasion" alerts, which have been sent as a result of a false positive issue, according to Microsoft. Microsoft has already addressed the issue nearly an hour and a half after its initial advisory. "We determined these are false positive results and we have updated the logic for this alert to resolve the issue some customers may have experienced," said a Microsoft spokesperson. False positive issues have plagued Defender for Endpoint in the past two years, with Defender flagging Office updates as malicious due to detected ransomware behavior on Windows endpoints. Office documents and some executables were blocked by Defender ATP in November due to a false positive alert on Emotet malware payloads, while "sensor tampering" alerts associated with Log4j processes were mistakenly sent in December.