Microsoft Defender falsely marked innocent Office updates as a ransomware threat activity, flooding Windows system admins with countless alerts.
In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic.
Microsoft Defender False Ransomware Alert
As per a news story by Bleeping Computer, Windows system admins have reported that there have been numerous false alerts after Microsoft Defender for Endpoint mistakenly tagged a new Office update as malicious ransomware activity.
That said, the reports of Windows system admins said that the error has ended up flooding their systems with false ransomware alerts.
The Microsoft report says that the downpour of false-positive ransomware alerts started on March 16, wherein Windows users might have been mistakenly alerted of malicious activity.
Defender Mistakens Office Update as Ransomware
The alert from Microsoft Defender says there is "ransomware behavior detected in the file system." But the prompt also disclosed that the alert was brought upon by the file OfficeSvcMge.exe, which is actually an Office update.
The Microsoft report went on to say that the Office update contained a code that triggered the alert system of Defender even if there was no actual threat, to begin with, making it a mere false alarm.
The tech giant said that it has already fixed the issue by tweaking the code of the update, noting that Defender would no longer send ransomware warnings regarding the Office update.
As such, once the new update has been rolled out, its users would no longer be alerted with a warning that mistakenly tagged an Office update as a ransomware activity in their systems.
On top of that, the update of Microsoft also clears out any previous ransomware alert logs on the systems of the affected users, automatically clearing them out without the need for any admin access.
International buyers listen to a speeck in front of a Microsoft logo during the Computex tech show in Taipei on June 4, 2014. More than 1,500 exhibitors, including some of the world's leading technology brands, will set out their stalls at Computex in the capital, with 130,000 visitors expected for the five-day event.
Microsoft added that the error with Microsoft Defender for Endpoint might have affected Windows admin users that looked at the ransomware alerts of the anti-malware component of the operating system.
It is not the first instance that Microsoft Defender for Endpoint has mistaken an innocent file as malware.
In fact, Bleeping Computer noted in the same story that the anti-malware system previously blocked Windows users from opening Office documents after tagging them as Emotet malware payloads.
Read Also: New Microsoft Defender Anti-Ransomware AI Enhances the Current Cloud Protection Features
Microsoft Defender for Home
Elsewhere, according to a recent report by Tech Radar, Microsoft revealed that it is testing a new anti-virus for the home users of Windows.
A new Microsoft Defender for personal users is now available in the Dev Channel of Windows 11 Insider Preview Build 22572.
Related Article: Windows Users Beware: Update Stops Microsoft Defender for Endpoint to Start for SOME
This article is owned by Tech Times
Written by Teejay Boris
