Microsoft Defender ATP is detecting yesterday’s Chrome update as a back door

Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft’s best business security solution, is having a bad day right now, labeling yesterday’s Google Chrome browser update as a backdoor trojan.

The detections, as seen in a screenshot above shared with ZDNet by one of our readers, for Google Chrome are 88.0.4324.146, the latest version of the Chrome browser, which Google released last night.

As seen in the screenshot above, but also based on reports shared on Twitter by other baffled system administrators, Defender ATP is currently detecting multiple files that are part of the Chrome v88.0.4324.146 update package as a generic backdoor trojan called “PHP / Funvalget. A.”

The warnings have caused quite a stir in corporate environments in light of the recent, multiple attacks on the software supply chain that have affected companies around the world in recent months.

System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possibility” and not an actual threat.

ZDNet contacted a Microsoft spokesperson prior to the publication of this article for a formal statement regarding the ATP detections.

There is a good chance that this is indeed a false detection, but until a formal announcement is made, administrators are advised to hold off taking other actions.

The free version of the Microsoft Defender antivirus, which comes with all recent Windows versions, did not mark the recent Chrome update as malicious, according to several ZDNet to test.

Updated at 3:55 PM ET to add that Microsoft has confirmed that the current Funvalget detections for Chrome files were false positive because of “an automation bug.”