{"id":1767,"date":"2021-12-01T10:24:34","date_gmt":"2021-12-01T02:24:34","guid":{"rendered":"https:\/\/tongwing.woon.sg\/blog\/?p=1767"},"modified":"2021-12-01T10:24:34","modified_gmt":"2021-12-01T02:24:34","slug":"microsoft-defender-scares-admins-with-emotet-false-positives","status":"publish","type":"post","link":"https:\/\/tongwing.woon.sg\/blog\/microsoft-defender-scares-admins-with-emotet-false-positives\/","title":{"rendered":"Microsoft Defender scares admins with Emotet false positives"},"content":{"rendered":"

Got hit by this today. Was trying to open a Word doc from a colleague when I receive the following scary warning.
\n\"\"<\/p>\n

Submitting the same file to VirusTotal returns 0 threats detected. Hmmm.
\n\"\"<\/p>\n

Searching for the keyword Win32\/PowEmotet.SB returns the following:<\/p>\n

Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload.<\/p><\/blockquote>\n

Source: Microsoft Defender scares admins with Emotet false positives<\/a><\/em><\/p>\n

If you are hit by the same issue, just update your threat definition and it should go away:
\n\"\"<\/p>\n","protected":false},"excerpt":{"rendered":"

Got hit by this today. Was trying to open a Word doc from a colleague when I receive the following scary warning. Submitting the same file to VirusTotal returns 0 threats detected. Hmmm. Searching for the keyword Win32\/PowEmotet.SB returns the following: Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1767"}],"collection":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/comments?post=1767"}],"version-history":[{"count":2,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1767\/revisions"}],"predecessor-version":[{"id":1776,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1767\/revisions\/1776"}],"wp:attachment":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/media?parent=1767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/categories?post=1767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/tags?post=1767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}