Win32/PowEmotet.SB + Win32/PowEmotet.SC (Emotet Trojan)

Emotet trojan
Emotet trojan
Written by Brendan Smith

Microsoft Defender for Endpoint is suddenly blocking Office, preventing users from opening documents. Moreover, a number of executable files have also come under the hot hand. It turned out that the false positive detection of the Emotet malware was to blame.

Administrators of Windows computers complained about the problem. Judging by numerous reports, the bug appeared after the “Defender” was updated to version 1.353.1874.0. Thus, Microsoft Defender blocks the opening of files and issues a warning about suspicious activity related to Win32/PowEmotet.SB or Win32/PowEmotet.SC. Some administrators were unable to open Excel documents and cited the upgrade to version 1.353.1874.0 as the reason:

Emotet false positive

False-positive on a Windows 10 with a fresh Microsoft Defender signature database

While Microsoft hasn’t yet shared any info on what causes this situation, the most likely reason is that the company has increased the sensitivity for detecting Emotet-like behavior in updates released today, which makes Defender’s generic behavioral detection engine too sensitive prone to false positives.

Microsoft representatives have already responded to complaints from administrators and said that the corporation is working to fix the problem.

πŸ€” How do I know if PowEmotet is actually installed on my computer??

This is most likely a false positive at this time. To be 100% sure of this, scan your computer using Gridinsoft Anti-malware.

πŸ€” How to scan my PC with Microsoft Defender?

Most of the time, Microsoft Defender will neutralize threats before they ever become a problem. If this is the case, you can see past threat reports in the Windows Security app.

  1. Open Windows Settings. The easiest way is to click the start button and then the gear icon. Alternately, you can press the Windows key + i on your keyboard.
  2. Click on Update & Security
  3. From here, you can see if your PC has any updates available under the Windows Update tab. This is also where you will see definition updates for Windows Defender if they are available.
  4. Select Windows Security and then click the button at the top of the page labeled Open Windows Security.

    Windows Security

  5. Select Virus & threat protection.
  6. Select Scan options to get started.

    Windows Security Scan options

  7. Select the radio button (the small circle) next to Windows Defender Offline scan Keep in mind, this option will take around 15 minutes if not more and will require your PC to restart. Be sure to save any work before proceeding.
  8. Click Scan now

If you want to save some time or your start menu isn’t working correctly, you can use Windows key + R on your keyboard to open the Run dialog box and type “windowsdefender” and then pressing enter.

From the Virus & protection page, you can see some stats from recent scans, including the latest type of scan and if any threats were found. If there were threats, you can select the Protection history link to see recent activity.

Microsoft suppressed the detection to prevent future spikes in alerts for customers connected to the cloud. A new security intelligence build to fix the issue is expected to be released soon.

⚑ Microsoft reported: Definition update 1888 resolved Win32/PowEmotet.SB & Win32/PowEmotet.SC issue.

Brendan Smith
Brendan Smith
IT Security Expert
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer's work, the proverb "Forewarned is forearmed" describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | Gridinsoft
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

I need your help to share this article.

It is your turn to help other people with PowEmotet detection. You can use buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith
User Review
4.73 (44 votes)
Comments Rating 5 (1 review)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

One Response

  1. Barbara December 1, 2021

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.