Microsoft Defender gives a false positive for Emotet malware in Office – Computer – News

Microsoft Defender for Endpoint has been blocking opening some Office documents since Tuesday because it gives a false positive for Emotet malware. The problem seems to occur since version 1.353.1874.0.

Since Tuesday, several system administrators have issues with Windows Defender for Endpoint, BleepingComputer reports. The software thinks it recognizes the payload of Emotet malware in Excel files or other Office apps that use MSIP.ExecutionHost.exe, reports an user. BleepingComputer was able to reproduce the false positive.

Microsoft Defender for Endpoint blocks opening a file if it is marked with a false positive. This prevents users from accessing their files if the software believes it recognizes the malware.

A Microsoft spokesperson has said it is working on a solution. Customers who are connected via the cloud should no longer have the problem. The company has not provided further details on how the problem was caused.

Emotet is a notorious type of malware that was spread via Word documents, among other things. The malware was offered by criminals as malware-as-a-service and as a result was widely used. Earlier this month, after months of silence, the malware was reintroduced active.

–