Microsoft Defender Flags N-ABLE Component as Malware

Microsoft Defender has recently begun detecting the "software-scanner.exe" process, associated with N-ABLE's MSP Agent Core, as a threat identified as Trojan:Win32/SalatStealer.NZ!MTB. This detection has been reported by users on social media platforms, indicating that the security software is flagging a component of the legitimate remote monitoring and management tool as malicious. N-ABLE is widely used by managed service providers (MSPs) for remote monitoring and management of client systems. The detection of its core component as malware could potentially disrupt operations for MSPs relying on this tool. Given the lack of additional context in the original report, it is not possible to determine whether this detection is a false positive or indicative of an actual compromise. However, the impact of such detections can be significant, potentially leading to operational disruptions for MSPs. It is recommended that affected users check for updates from both Microsoft and N-ABLE regarding this detection. Additionally, verifying the integrity of the detected file and comparing it with known good versions could help determine if this is a false positive or a genuine threat.