Microsoft Defender for Endpoint Misidentifies Office Updates as Ransomware
Microsoft Defender for Endpoint mistakenly flagged the Office update process (OfficeSvcMgr.exe) as ransomware, triggering alerts for administrators; Microsoft acknowledged the false positive, explained it stemmed from a code issue, and has since released a fix to prevent further misdetections.
According to Neowin, Microsoft made a significant error: its Microsoft Defender for Endpoint began detecting updates to its own Office applications as ransomware, incorrectly identifying the process “OfficeSvcMgr.exe” as malicious.
System administrators noticed ransomware alerts after updating to the latest Defender for Endpoint, leading to the discovery of this false positive. Microsoft confirmed the issue and began working on a resolution.
Microsoft security and compliance chief technologist Steve Scholz explained the problem on Reddit under the username “Steve_Scholz,” confirming it was a false alarm.
In a follow‑up response, Scholz clarified that the issue was caused by a code problem, which has now been fixed.
Microsoft’s acknowledgment and the subsequent fix aim to prevent similar misdetections in the future.
IT Services Circle
Delivering cutting-edge internet insights and practical learning resources. We're a passionate and principled IT media platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.