Microsoft Errantly Flagged Google Chrome as a Virus

For five or six hours this morning, the Microsoft Antivirus programs were falsely flagging Google Chrome as a virus.

Users of Microsoft’s Forefront Client Security, Forefront Endpoint Protection, or Security Essentials programs, who also had the Google Chrome browser installed, were alerted by the antivirus programs that chrome.exe was infected with PWS:Win32/Zbot.

The problem began after computers running the Microsoft antivirus programs (MS AV) received this morning’s definition file.  The file was versioned 1.113.656.0 and was released around 7am eastern time.  MS AV informed users that this was a dangerous infection and prompted them to allow the anti-malware programs to delete the Chrome executable file.

A new definition file is available for MS AV on Windows Update.  I can also be manually downloaded from

If you had your Chrome executable deleted and can no longer run the program, you should be able to re-install it from  Your settings and bookmarks should be unaffected as it was the chrome.exe file that was targeted and not the settings files.

As Chrome is set by default to update itself, it is unclear whether this affected issue would have flagged old versions of Chrome or if it was only flagging the most recent version (14.0.835.186, released on September 20th, 2011).

Only users who ran Chrome this morning or whose computers ran a system scan after the 1.113.656.0 definition file was installed would have received the message.

Although Microsoft does not mention Chrome specifically, they do make reference to a problem with the 1.113.656.0 update at, which is the information page for the PWS:Win32/Zbot malware.


–Updated September 30, 2011 at 9:19 pm–

See Wired’s article about the problem.

Google has provided step-by-step instructions for recovering / re-installing Chrome, if you were affected by this issue.

Both Wired and Google specifically refer to “Microsoft Security Essentials,” but I can vouch that this was definitely a problem with Microsoft Forefront Client Security and it was likely a problem with Forefront Endpoint Protection (the latest version of Forefront).

Leave a Reply