When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft Defender goofed up as it flagged its own Office updates as malware

A Microsoft Defender logo and text that reads Microsoft Defender for Endpoint

Microsoft made a major goof-up today as the company's Defender for Endpoint security started detecting updates for its own Office app as ransomware. The antivirus program was misidentifying the "OfficeSvcMgr.exe" as malicious software.

The issue was first discovered when system administrators earlier today started noticing alerts for ransomware upon updating their latest Microsoft Defender for Endpoint. Upon realizing this, Microsoft started working on the issue and confirmed it is indeed a false positive alert.

The company's Steve Scholz with the username "Steve_Scholz" on Reddit explained the problem on a thread there. Scholz is the Principal Technical Specialist for Security & Compliance at Microsoft.

He wrote:

FYI
This was a False/Positive and has now been corrected. Please see the details below:

Starting on the morning of March 16th, customers may have experienced a series of false-positive detections that are attributed to a Ransomware behavior detection in the file system. Microsoft has investigated this spike of detections and determined they are false positive results. Microsoft has updated cloud logic to suppress the false positives.

Description
• Customers may have experienced a series of false-positive detections that are attributed to a Ransomware behavior detection in the file system.
• Microsoft has updated cloud logic to prevent future alerts being generated and to clear the previous false positives.

In another response on the same thread, Scholz explained that the problem was caused by a code issue which has since been fixed.

Source: Steve_Scholz (Reddit) (1, 2)

Report a problem with article
Next Article

Malware sneaking into iOS through legitimate ways Apple provides for testing unvetted apps

Previous Article

Microsoft emphasizes on 'Cloud' in its Partner Network, retains old IURs and adds benefits

Join the conversation!

Login or Sign Up to read and post a comment.

20 Comments - Add comment