Microsoft Defender for Endpoint is suddenly blocking Office, preventing users from opening documents. Moreover, a number of executable files have also come under the hot hand. It turned out that the false positive detection of the Emotet malware was to blame.
Administrators of Windows computers complained about the problem. Judging by numerous reports, the bug appeared after the “Defender” was updated to version 1.353.1874.0. Thus, Microsoft Defender blocks the opening of files and issues a warning about suspicious activity related to Win32/PowEmotet.SB or Win32/PowEmotet.SC. Some administrators were unable to open Excel documents and cited the upgrade to version 1.353.1874.0 as the reason:
We’re seeing issues with definition update 1.353.1874.0 detecting printing as Win32/PowEmotet.SB this afternoon.
— SydeEye (@SydeEyeDotCom) November 30, 2021
While Microsoft hasn’t yet shared any info on what causes this situation, the most likely reason is that the company has increased the sensitivity for detecting Emotet-like behavior in updates released today, which makes Defender’s generic behavioral detection engine too sensitive prone to false positives.
Microsoft representatives have already responded to complaints from administrators and said that the corporation is working to fix the problem.
🤔 How do I know if PowEmotet is actually installed on my computer??
This is most likely a false positive at this time. To be 100% sure of this, scan your computer using Gridinsoft Anti-malware.
🤔 How to scan my PC with Microsoft Defender?
Most of the time, Microsoft Defender will neutralize threats before they ever become a problem. If this is the case, you can see past threat reports in the Windows Security app.
- Open Windows Settings. The easiest way is to click the start button and then the gear icon. Alternately, you can press the Windows key + i on your keyboard.
- Click on Update & Security
- From here, you can see if your PC has any updates available under the Windows Update tab. This is also where you will see definition updates for Windows Defender if they are available.
- Select Windows Security and then click the button at the top of the page labeled Open Windows Security.
- Select Virus & threat protection.
- Select Scan options to get started.
- Select the radio button (the small circle) next to Windows Defender Offline scan Keep in mind, this option will take around 15 minutes if not more and will require your PC to restart. Be sure to save any work before proceeding.
- Click Scan now
If you want to save some time or your start menu isn’t working correctly, you can use Windows key + R on your keyboard to open the Run dialog box and type “windowsdefender” and then pressing enter.
From the Virus & protection page, you can see some stats from recent scans, including the latest type of scan and if any threats were found. If there were threats, you can select the Protection history link to see recent activity.
⚡ Microsoft reported: Definition update 1888 resolved Win32/PowEmotet.SB & Win32/PowEmotet.SC issue.
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.
I need your help to share this article.
It is your turn to help other people with PowEmotet detection. You can use buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.Brendan Smith
User Review( votes)
I opened a PowerPoint file download from Microsoft and got Behaviour:Win32/PowEmotet.SB alarm, lol.