Tech

Microsoft Defender labels Office as ransomware… by mistake

Deepak GuptaMarch 17, 2022
0

Windows administrators were given a serious scare yesterday when they received in Microsoft Defender what they described as a “rain of ransomware alerts”. And sourced from the Office productivity suite, nothing less. We do not know if it will have also affected the consumer versions, but don’t worry, it was about those false positives which are quite common in security services.

Microsoft Defender for Endpoint started labeling Office updates as malicious activity and more than one fell off the chair considering the degree of adoption of a suite like Office and that the alert type was Ransomware, the biggest threat in cybersecurity in recent years.

Fortunately it was a mistake. “Our investigation found that a recently implemented update within the service components that detect ransomware alerts caused a code error that triggered the alerts when there was no real problem. We have implemented a code update to fix it and make sure there are no new alerts.”they explain from Microsoft.

After the update of the security service by Microsoft, incorrect ransomware activity alerts should no longer be generated. All registered false positives should also be automatically deleted from the portal without requiring administrator intervention.

Microsoft Defender and false positives

Although it is curious that the Microsoft security service labels the flagship software of the brand as malware, It is not the first time and cases of false positives abound in all cybersecurity solutions. Last November, Defender for Endpoint also blocked opening Office documents and launching some suite executables due to another false positive labeling them as Emotet malware payloads.

In December, it also mistakenly displayed “sensor tampering” alerts tied to the Microsoft 365 Defender scanner that was implemented to combat Log4j processes, an actively exploited zero-day vulnerability that affected Apache and put a good chunk of it at risk. from Internet.

Microsoft Defender labels Office as ransomware... by error 31

2020 also saw erroneous alerts from Microsoft Defender failing to qualify network devices infected with Cobalt Strike and another event marking Chrome updates as PHP backdoors. In these matters, it is obvious that it is ‘better to pass than not to arrive’but treating Office as ransomware is already too much…

We have other articles that may interest you:
  1. The smallest portable Mac is the work of this YouTuber
  2. Instagram will be less and less Instagram and more Tik Tok
  3. How to deactivate your Messenger account
  4. Xbox 20 years: Meet the 76 video games that will return to the catalog
  5. This foldable and ultra-compact electric motorcycle is easy to store under a desk
  6. Only if you have more than 1 million dollars can you bid on this Batman comic
Deepak GuptaMarch 17, 2022
0

Related Articles

So you can use your favorite controller on any console

July 6, 2021

HBO has changed something key in its adaptation of The Last of Us (but the decision is justified)

January 23, 2023

The weirdest NFTs ever sold

December 3, 2021

Take advantage of your popularity on TikTok for your other projects

June 25, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *