Got hit by this today. Was trying to open a Word doc from a colleague when I receive the following scary warning.
Submitting the same file to VirusTotal returns 0 threats detected. Hmmm.
Searching for the keyword Win32/PowEmotet.SB returns the following:
Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload.
Source: Microsoft Defender scares admins with Emotet false positives
If you are hit by the same issue, just update your threat definition and it should go away:
