Microsoft Defender falsely detects an Office update as 'ransomware' and becomes a storm of alerts
Microsoft Defender, the security software that comes standard with Windows, has been so highly rated that the former Mozilla developer said, ' If you have this, you don't need third-party security software .' However, it turns out that Microsoft Defender misidentified the update of Microsoft Office, which was supposed to be 'relative', as ransomware and issued an alert.
Microsoft Defender tags Office updates as ransomware activity
From March 16th to 17th, 2022, there were a series of reports on Twitter that 'Microsoft Defender is tagging Office updates as ransomware.' There are also many posts on the Reddit thread on the online bulletin board stating that Microsoft Defender falsely detects Office as ransomware.
Defender for endpoint Spamming ransomware alerts ?? Happy Wednesday ...— SighSec (@SighSec) March 16, 2022
In response to this, Microsoft said, 'Since March 16, a series of false positives due to the detection of ransomware behavior in the file system have occurred. Specifically,' Detecting ransomware behavior in the file system. 'Yes' is displayed, and an alert to 'OfficeSvcMgr.exe' has occurred. '
According to a Microsoft research report, the problem was that the update of Microsoft Defender for Endpoints , a Microsoft service that analyzes security via the cloud, triggered an alert even though the ransomware was not working. Is the cause. Microsoft has announced that its engineers have updated the logic in the cloud to prevent alerts and automatically delete log false positives.
In November 2021, Microsoft Defender for Endpoint had a problem of falsely detecting 'Office was infected with malwareEmotet ', and in December, it falsely detected its own Log4j scanner and issued an alert. There was a problem that was displayed.
Bleeping Computer, which handles security-related news, contacted a Microsoft spokeswoman, but said that no comments were received at the time of writing the article.
in Security, Posted by log1l_ks