Reports say Microsoft Defender has started flagging the legitimate open-source Microsoft Activation Scripts (MAS) project while attempting to block fake and malicious impostors.
Users running the genuine PowerShell-based MAS are reportedly seeing alerts labeled “Trojan:PowerShell/FakeMas.DA!MTB”, even though the script itself is open source.
The issue appears to be related to Defender’s broad detection approach, which is catching both fake variants and the original project without clear differentiation.