Microsoft Defender Antivirus mistook Office updates for ransomware

Microsoft Defender Antivirus mistook Office updates for ransomware

Yesterday, Microsoft Defender for Endpoint, a cybersecurity application, started detecting Office updates as ransomware. The antivirus program mistakenly mistook the OfficeSvcMgr.exe file for malware.

Image source: Microsoft

Image source: Microsoft

The issue came to light when system administrators received ransomware injection attempts after updating Microsoft Defender for Endpoint Antivirus. Once the number of complaints reached a certain limit, Microsoft began fixing the bug and confirmed it was a “false positive” response.

Company spokesman Steve Scholz outlined the issue in a Reddit thread, saying that since the morning of March 16, many Microsoft Defender for Endpoint users have been receiving notifications of ransomware activity. Microsoft determined that the positives were wrong and updated the “cloud logic” to fix the problem.

In one of the replies in the same thread, Scholz explained that the problem was caused by bugs in the code that have since been fixed.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment