The question begs.... Can / Will / Is MSFT trying to 'weaponize' Defender to act against competitors?
Microsoft Defender casts a jaundiced eye over Citrix, slams services in quarantine on suspicion of being malware
Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan. Administrators and users alike found that update 1.321.1319.0 of the malware masher left Citrix's platform a …
Friday 14th August 2020 22:40 GMT Anonymous Coward
Saturday 15th August 2020 00:50 GMT RM Myers
Yes, at least Checkpoint's antivirus software (ZoneAlarm free) had the decency to only treat their own product as a virus. In fact, every time the damn thing ran a scan it found 2 or 3 files to quarantine, and they were always part of their own product.
One of the few free software programs that was overpriced.
Saturday 15th August 2020 00:19 GMT ecofeco
Saturday 15th August 2020 10:20 GMT karlkarl
But Windows Defender doesn't detect malware. Its main role is to detect piracy related tools such as cracks.
So why did Citrix's tool get flagged? Either Microsoft are being a little anti-competitive or my personal guess is that Citrix has modified some middleware in such a way that it appears like it is cracked. It isn't uncommon for companies to legally crack software for integration (i.e removing checks because they have their own license system, etc).
Saturday 15th August 2020 16:45 GMT I Am Spartacus
Microsoft Defender fails Microsoft
A have a Surface tablet that runs Windows 10 and Defender. It has decided that a feature update from Microsoft is malware and refuses to install it. Windows 10 detects that the install has failed and repeats the download / install.
Rinse and repeat. The surface now can't take any MS updates.
So why not just disable Defender? Because its controlled by policies published by the CIO, who has read the Dummies Guid to Defender, and turned on all the defence mechanisms remotely. Including the one that allows safe removal of Defender.
So, I now have a shiny doorstop.
Saturday 15th August 2020 18:26 GMT IGotOut
Another company to avoid
"Our prod environment with over 3000 users is hard down cc"
That's because you or your company are a bunch of morons.
Even since Win 3 I have NEVER rolled out patches or updated globally. Do a few, then a small batch, then think about going bigger only if you have NO issues.
The same goes for Unix, Linux or even OS2 warp.
Saturday 15th August 2020 18:58 GMT adam payne
Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan.
With Microsoft's rep it could have been worse (or better depending on how you feel about Windows), it could have finally killed Windows.
Update: it breaks the f*** out of Citrix. BrokerService.exe gets tagged as malware and quarantined. Our prod environment with over 3000 users is hard down cc
Rule 1: Do not deploy patches to your production environment unless you've tested them first.