Microsoft Defender Alert Mistakens Office Update as Ransomware

By

Microsoft Defender falsely marked innocent Office updates as a ransomware threat activity, flooding Windows system admins with countless alerts.

Microsoft PowerPoint Users Beware: Hackers Are Using it to Spread Malware
In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. by Sean Gallup/Getty Images

Microsoft Defender False Ransomware Alert

As per a news story by Bleeping Computer, Windows system admins have reported that there have been numerous false alerts after Microsoft Defender for Endpoint mistakenly tagged a new Office update as malicious ransomware activity.

That said, the reports of Windows system admins said that the error has ended up flooding their systems with false ransomware alerts.

The Microsoft report says that the downpour of false-positive ransomware alerts started on March 16, wherein Windows users might have been mistakenly alerted of malicious activity.

Defender Mistakens Office Update as Ransomware

The alert from Microsoft Defender says there is "ransomware behavior detected in the file system." But the prompt also disclosed that the alert was brought upon by the file OfficeSvcMge.exe, which is actually an Office update.

The Microsoft report went on to say that the Office update contained a code that triggered the alert system of Defender even if there was no actual threat, to begin with, making it a mere false alarm.

The tech giant said that it has already fixed the issue by tweaking the code of the update, noting that Defender would no longer send ransomware warnings regarding the Office update.

As such, once the new update has been rolled out, its users would no longer be alerted with a warning that mistakenly tagged an Office update as a ransomware activity in their systems.

On top of that, the update of Microsoft also clears out any previous ransomware alert logs on the systems of the affected users, automatically clearing them out without the need for any admin access.

Microsoft Outlook Apps on iPhones, Android Devices Now Aggressively Show MORE Ads
International buyers listen to a speeck in front of a Microsoft logo during the Computex tech show in Taipei on June 4, 2014. by SAM YEH/AFP via Getty Images

Microsoft added that the error with Microsoft Defender for Endpoint might have affected Windows admin users that looked at the ransomware alerts of the anti-malware component of the operating system.

It is not the first instance that Microsoft Defender for Endpoint has mistaken an innocent file as malware.

In fact, Bleeping Computer noted in the same story that the anti-malware system previously blocked Windows users from opening Office documents after tagging them as Emotet malware payloads.

Microsoft Defender for Home

Elsewhere, according to a recent report by Tech Radar, Microsoft revealed that it is testing a new anti-virus for the home users of Windows.

A new Microsoft Defender for personal users is now available in the Dev Channel of Windows 11 Insider Preview Build 22572.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Ransomware
Join the Discussion
Most Popular
Real Time Analytics