Windows system administrators falsely received Defender warnings about possible ransomware on their systems on Wednesday. The enterprise version of Defender gave false positives after updates to MS Office.
Among other things on Reddit Dozens of users are complaining about false reports of ransomware on their systems. It would be about multiple reports that came in. That would have started around noon on Wednesday. The warnings occurred to administrators with a Defender for Endpoint package, the enterprise model of the security software.
The notifications are said to be due to an MS Office update, specifically OfficeSvcMgr.exe. It would falsely report that MS Office files contain ransomware.
Microsoft employee Steve Scholz says in a comment on Reddit that it was a false positive. In another response Scholz says the error arose after an internal code update from Defender, but he doesn’t provide details about it. The company has now made an adjustment, so that the false positives no longer occur. It’s not clear how many administrators saw the notification.