After Defender flagged Office as virus, Microsoft gets serious about fixing false positives

A Microsoft Defender logo and text that reads Microsoft Defender for Endpoint

Recently Microsoft had a major goof-up as the company's Defender for Endpoint security solution flagged its own Office updates as malware. The product misidentified "OfficeSvcMgr.exe" as something that has ransomware behavior. After system admins made a hue and cry about it Microsoft probably noticed the issue and later Steve Scholz, the company's Principal Technical Specialist for Security & Compliance, clarified that the report was a false positive. The issue was also fixed within the day.

However, Microsoft isn't just basking in glory after fixing that false positive error. The company looks to be actively working on putting an end to such issues, at least in the case of its Defender for Endpoint product, since these alerts generally cause wide-scale disruptions.

It has published a guidance for security operators and security administrators who are using Microsoft Defender for Endpoint. Basically these are the steps that one can use to help eliminate a lot of such false positives. The following diagram shows the gist of the steps but you can view them in detail in the original article here.

Step diagram to analyze false positives

Overall, it looks like a good initiative from the Redmond firm as this guidance can not only potentially help clear up a lot of false positives but will also help the company better understand threats and non-threats.

Report a problem with article
A sad Mark Zuckerberg next to a physical Bitcoin and logos of Meta and Facebook
Next Article

Meta sued for allowing fraudulent crypto ads

Microsoft Edge Chromium logo on new tab screenshots
Previous Article

Microsoft reminds all that Internet Explorer dies in June, details IE mode end of life

15 Comments - Add comment

Advertisement