Windows Defender mistakes Dell firmware updates as Trojan:Win32/Vigorf.A

Many users with Dell computers have reported that Windows 10/11 mistakenly identifies firmware updates with the Trojan:Win32/Vigorf.A. This Trojan is a casual malware that Microsoft Windows Defender detects automatically when it suspects something corrupt or wrong with the recently accessed files.

In this case, many Dell computers seem to be affected, and Windows Defender will label certain recent firmware updates with this tag, quarantining them or, in some cases, deleting them.

Users have reported this on both official Windows and Dell forums, and it has happened on Windows 10 and Windows 11 version 22H2.

So I know back in 2022, Windows Defender was making false positives on Dell PCs. Unfortunately, it appears to be happening again. This afternoon I was met with:

Detected: Trojan:Win32/VigorfA

This was connected with C:\ProgramData\Dell\SARemediation\SystemRepair\Snapshots\Backup\[long code]

And also file:\Device\HarddiskVolumeShadowCopy1\Windows\[long code]\DellUpdate.Msi

Could someone from Dell please confirm this is a false positive detection?

Both of the “Affected items” on Windows Security are linked with Dell.

For now, the detection seems to be a false positive, meaning that Windows Defender mistakenly identifies a threat in these updates. According to the independent advisors, though, Microsoft is already looking into it.

For now, it preponderantly affects only Dell computers, and the Trojan:Win32/Vigorf.A detection might automatically appear after turning your device on. Scanning your computer will prompt Windows Defender to quarantine or remove the files. If it affects you, you should let Microsoft know in the Feedback Hub.

We don’t know if the latest Patch Tuesday updates affected Windows Defender, but the Redmond-based tech giant will most likely provide more clarifications in the next few days.

All you have to know is that, currently, this is a false positive, and your Dell device is not in danger.