On July 25th, 2022 between 8:10am UTC and 1:10pm UTC, Malwarebytes had a false detection in the Endpoint Detection and Response (EDR) product with the Mimiktatz Command detection rule. Due to this incident, you may have received high severity suspicious activity alerts for Microsoft Teams, Slack, or other legitimate applications.
- Teams, Slack, or other legitimate application files detected by Suspicious Activity Monitoring.
- Mimikatz Command rule triggered in the Suspicious Activity Details page.
During an Endpoint Detection and Response update, the Mimikatz Command rule was not correctly configured by the exclusion engine due to a bug.
On July 26th, 2022, Malwarebytes automatically closed all suspicious activity alerts related to this incident and resolved the engine bug. No further action is required.