Antiviruses are necessary to prevent viruses and threats from entering computers and any mobile device. However, sometimes they get confused and do not work as we would like. It is, for example, what is known as a false positive. It can detect a file or folder as if it were a virus. In this article we echo how Microsoft Defender is alerting to Emotet entry and blocking Word files, but in reality it is a false positive.
Microsoft Defender detects files as fake Emotet
Specifically, it detects Office documents and some executables as if they were files with an Emotet malware payload. They are actually false positives, but it causes users to be unable to open them and the consequent inconvenience that this can lead to, especially when it comes to text documents that may be important.
Especially it is system administrators who are encountering this problem. They indicate that this has happened since they updated the definitions of the security platform to the latest version. Although always keeping systems up to date is very important, it is true that sometimes problems like the one we mentioned can arise.
Once activated, what Microsoft Defender does is block when trying to open the file and throws an error indicating that there is a suspicious activity linked to Win32 / PowEmotet.SB or Win32 / PowEmotet.SC.
According to the researchers who have analyzed this problem, the cause begins after updating to version 1.353.1874.0. At the moment, Microsoft has not released any solution to avoid this problem. However, the researchers believe that Microsoft has increased the sensitivity to detect files that may be Emotet.
The Emotet botnet is reactivated
One of the causes may be that the Emotet botnet has recently been reactivated. It is one of the most important threats in recent years. Now, a group of security researchers found that it has reinfected devices. You can always check if your computer is infected with Emotet.
This that we mentioned, together with the false positives of Microsoft Defender, makes many administrators are alert and may believe that their computer has actually been infected by Emotet and quickly begin to take action, although it really is a false positive.
Keep in mind that it is not the first time that Microsoft Defender has detected a threat that it really is not. In fact, it is not something exclusive and can also affect other antivirus on the market.
From this article we always recommend having a good antivirus . It is undoubtedly a fundamental piece to prevent the entry of threats. Now, we must always keep it updated so that problems do not occur. Those problems can range from not detecting threats, to detecting secure files as actually being a problem. It is also important to differentiate between antivirus and antimalware.
In short, if you are a system administrator and recently you have received an alert from Microsoft Defender detecting an Office file as a threat, it is likely that it is a false positive and you think it is a malicious payload from Emotet.