Recently there have been a lot of reports of Windows Defender suddenly detecting files as Trojan:Win32/Bluteal.B!rfn. The detected files range from CPU miners, which would make sense, to legitimate Windows files, which do not. 

For example, one of our visitors posted in the forums on June 24th that Windows Defender had started to detect the "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll", which is a legitimate file, as Trojan:Win32/Bluteal.B!rfn.

Detections for Trojan:Win32/Bluteal.B!rfn appear to have been added to Windows Defender around May 18th, 2018 according to a page in Microsoft's Windows Defender Security Intelligence site. This seems to be a heuristic definition with a vague description of "This threat can perform a number of actions of a malicious hacker's choice on your PC."

When searching for similar cases, I found numerous reports of other programs, Windows DLLs being detected as BluTeal starting around the end of May. For example, one Reddit thread from 2 days ago shows different users reporting this same behavior on numerous Windows 10 1803 machines.

A brief list of programs and files that have been detected as Bluteal include:

C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vde5ed89a#\457b4a4c20bed2246e03f1f9e5eaa1a5\Microsoft.VisualStudio.Utilities.Internal.ni.dll
ArchieSteamFarm.dll 
SPCB.exe (SharePoint Client Browser)
Oracle_VM_VirtualBox_Extension_Pack-5.2.12.vbox-extpack
AutoHotkey
mtrand.so

Microsoft confirms this is a false positive

After reaching out to Microsoft about this, I was told that this detection was a false positive and that it has already been addressed, but was not told what definition update pushed the fix or when it was resolved.

According to definition version 1.271.37.0, this detection may have been resolved yesterday, June 26th, as it is listed in this update.

If you are still seeing this behavior, you should check for new updates for Windows Defender and install them.

To check for new updates you can go to Settings -> Update & Security -> Windows Update and select Check for updates. If new Windows Defender definitions are available, they will be listed as "Definition Update for Windows Defender".