Home » Technology » Microsoft » Microsoft Defender Sees Office updates as malware

Microsoft Defender Sees Office updates as malware

Microsoft Defender’s security solution had a curious flaw: According to a report, Defender briefly marked Microsoft’s own Office updates as malware. However, the “false positive” detection has already been corrected. This is from a message from Online magazines Neowin from. Microsoft made a big mistake when Defender for Endpoint Security started detecting updates to its own Office app as ransomware. The antivirus program incorrectly identified the OfficeSvcMgr.exe file as malicious software.

This incorrect classification of the updates was discovered by system administrators who were surprised by the message in the Microsoft Defender for Endpoint warnings about the “ransomware”.

False reports in Defender are not uncommon. Applications are often classified as “Potentially Unwanted Software” or updates are marked as infected without any real intention. Problems with false positives keep popping up, but Microsoft can usually correct them quickly.

False Positive

After contacting Microsoft support, the Defender team resolved the issue and first confirmed that it was indeed a false positive warning. Steve Scholz explained the issue in a thread on Reddit. Scholz is the foremost security and compliance technical specialist at Microsoft. His team analyzed the error and quickly found a solution. In another reply in the same thread, he explained that the problem was caused by a code bug that has since been fixed.


  • FOR YOUR INFORMATION. This was a false/positive and has now been corrected. Read the details:
  • Since the morning of March 16, customers may have experienced a number of false positives attributed to the detection of ransomware behavior in the file system. Microsoft examined this cluster of detections and determined that they were false positives. Microsoft has updated the cloud logic to suppress the false positives.


  • Customers may have experienced some false positives attributed to a detection of ransomware behavior in the file system.
  • Microsoft has updated the cloud logic to avoid generating future alerts and to clear the past false positives.
Mark Goodman

Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.