Yesterday, Microsoft Defender for Endpoint, a cybersecurity application, started detecting Office updates as ransomware. The antivirus program mistakenly mistook the OfficeSvcMgr.exe file for malware.
The issue came to light when system administrators received ransomware injection attempts after updating Microsoft Defender for Endpoint Antivirus. Once the number of complaints reached a certain limit, Microsoft began fixing the bug and confirmed it was a “false positive” response.
Company spokesman Steve Scholz outlined the issue in a Reddit thread, saying that since the morning of March 16, many Microsoft Defender for Endpoint users have been receiving notifications of ransomware activity. Microsoft determined that the positives were wrong and updated the “cloud logic” to fix the problem.
In one of the replies in the same thread, Scholz explained that the problem was caused by bugs in the code that have since been fixed.