Issue caused by Microsoft Defender misidentifying Office updates as malware

Microsoft made a major mistake today as the company's Defender for Endpoint security began detecting updates to its own Office applications as ransomware. Antivirus programs mistakenly identify "OfficeSvcMgr.exe" as malware.

The issue was first discovered when system administrators began noticing ransomware alerts earlier today when updating their latest Microsoft Defender for Endpoint. After realizing this, Microsoft began working on the issue and confirmed that it was indeed a false positive alert.

The company's Steve Scholz, who goes by "Steve_Scholz" on Reddit, explained the problem in a post there. Scholz is Microsoft's chief technical expert for security and compliance.

He wrote:

FYI
This was an error/positive result and has been corrected. Please review the details below:

Starting on the morning of March 16, customers may experience a series of false positive detections attributed to the detection of ransomware behavior in the file system. Microsoft has investigated this spike in detections and determined they were false positive results. Microsoft has updated cloud logic to suppress false positives.

Note
• Customers may have experienced a series of false positive detections that were attributed to the detection of ransomware behavior in the file system.
•Microsoft has updated cloud logic to prevent future alerts from being generated and clear previous false positives.

In another reply on the same thread, Scholz explained that the issue was caused by a code issue that has been fixed.

The above is the detailed content of Issue caused by Microsoft Defender misidentifying Office updates as malware. For more information, please follow other related articles on the PHP Chinese website!