Microsoft made a major goof-up today as the company's Defender for Endpoint security started detecting updates for its own Office app as ransomware. The antivirus program was misidentifying the "OfficeSvcMgr.exe" as malicious software.
The issue was first discovered when system administrators earlier today started noticing alerts for ransomware upon updating their latest Microsoft Defender for Endpoint. Upon realizing this, Microsoft started working on the issue and confirmed it is indeed a false positive alert.
The company's Steve Scholz with the username "Steve_Scholz" on Reddit explained the problem on a thread there. Scholz is the Principal Technical Specialist for Security & Compliance at Microsoft.
This was a False/Positive and has now been corrected. Please see the details below:
Starting on the morning of March 16th, customers may have experienced a series of false-positive detections that are attributed to a Ransomware behavior detection in the file system. Microsoft has investigated this spike of detections and determined they are false positive results. Microsoft has updated cloud logic to suppress the false positives.
• Customers may have experienced a series of false-positive detections that are attributed to a Ransomware behavior detection in the file system.
• Microsoft has updated cloud logic to prevent future alerts being generated and to clear the previous false positives.
In another response on the same thread, Scholz explained that the problem was caused by a code issue which has since been fixed.