WatchGuard Support Center

Knowledge Base - Article

000016322
 Resolved TDR False Positive for GoogleUpdateSetup.exe

Information
On 5 November between 02:25 UTC and 04:15 UTC, our European Threat Detection and Response service misidentified Google Chrome updater GoogleUpdateSetup.exe with MD5 hash F1F48B873A89B541B32DB473DD2D7B58 as a threat. WatchGuard has since confirmed that this a false positive and has taken action to prevent this issue going forward. 
All impacted systems generated an indicator with score of 8, which triggered configured remediation or containment policies. If your system was impacted, WatchGuard recommends you undo any automatic remediation that occurred as a result.

In ThreatSync > Remediations, filter for any action on 5 November. Any remediation between 02:25 UTC and 04:15 UTC for files named GoogleUpdateSetup.exe can be safely unquarantined.

In ThreatSync -> Indicators, filter for any indicator on 5 November. Any open indicator for files named GoogleUpdate.exe can be safely marked as Externally remediated