Microsoft Defender Tags Office Updates As Ransomware (bleepingcomputer.com) 33
joshuark writes: In one of those in-your-face irony or karmic debt, Bleeping Computer reports that Microsoft Defender tags Office updates as ransomware. The article states: "Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems."
Further on, an explanation for the source of the karmic irony is: "The root cause of the false positives was a recently deployed update within service components for detecting ransomware alerts." Couldn't this have waited for April 1st?
Bleeping Computer goes on, "A Microsoft spokesperson was not available for comment when contacted by BleepingComputer earlier today."
Further on, an explanation for the source of the karmic irony is: "The root cause of the false positives was a recently deployed update within service components for detecting ransomware alerts." Couldn't this have waited for April 1st?
Bleeping Computer goes on, "A Microsoft spokesperson was not available for comment when contacted by BleepingComputer earlier today."
So... Defender works then? (Score:5, Funny)
Are we entirely sure the Office update is not ransom ware?
Re: (Score:2)
Re: (Score:1)
Re: So... Defender works then? (Score:1)
Re: (Score:2)
If you switch to using Microsoft's 'OneCloud' storage - the default for Office365 - you DO lose access to your files if your O365 license is not paid ...
Re: (Score:2)
Are we entirely sure the Office update is not ransom ware?
Well... MS does want people to move to subscription service for Office. Seems kinda ransom-y to me...
Re: (Score:2)
Re: (Score:2)
Are we entirely sure the Office update is not ransom ware?
Indeed. I wonder why they call it a "false positive", when it is a piece of software harmful to your computer, your health, and the while industry!
And? (Score:3)
You mean those "updates" aren't ransomware?
"That's a lot of data you have there. Sure would be a shame if something happened to it."
Re: (Score:2)
You mean those "updates" aren't ransomware?
"That's a lot of data you have there. Sure would be a shame if something happened to it."
Maybe you are interested in our O365 subscription service? You know, for your own protection.
O365 subscription service use the full fat apps + (Score:2)
O365 subscription service use the full fat apps + web apps.
Re: (Score:2)
No they're not.
With Ransomware you get your system back after you pay (sometimes).
With Microsoft, they change things and even if you pay, there's no way to revert the changes they forced on you!
- Yo Grark
Finally (Score:2, Funny)
Re: (Score:2)
They are trying to make up for not having identified the Windows 10 "update" as malware back in the day. Too little, far too late.
As Foretold (Score:1)
Microsoft Defender Tags Office Updates As Ransomware
Not sure which one, but I'm pretty sure Shakespeare wrote a play about this happening.
Re: (Score:2)
Microsoft Defender Tags Office Updates As Ransomware
Not sure which one, but I'm pretty sure Shakespeare wrote a play about this happening.
Maybe Comedy of Errors, where twins keep getting mistaken for each other?
Re: As Foretold (Score:1)
Re: As Foretold (Score:1)
Re: (Score:1)
Yep that's the one!
Operational independence? (Score:2)
Irony aside, this just makes me trust Defender slightly more. The fact that they aren't just blanket allowlisting anything from Microsoft means that it might actually catch shit if Microsoft's update servers were compromised.
Re: (Score:2, Funny)
*whitelisting
There, I've corrected it for you.
Latest AV software flags everything as malware (Score:2)
Most of the malware detection software seems to be headed very much in the direction of, "I haven't seen this before, let's check the binary hash to see if the Internet has seen it (e.g. VirusTotal). No? Must be malware!" It's the most braindead approach to malware that anyone could write in their sleep. The result is that every single software update is malware until enough people declare it as "okay." And Enterprise AV companies are somehow making money off of that. Once an executable has been flagg
The Microsoft spokesman (Score:2)
Was also identified as malware and will be replaced by Clippy.
"Trash" quality level (Score:2)
Apparently MS can get away with that. This is so incompetent, it is staggering. Of course, you would not only test your own applications against your own AV, you would also explicitly whitelist them. Doing that reliably seems to be beyond the capabilities of Microsoft "engineers" or is unwanted by its management.
Re: (Score:2)
Re: (Score:1)
Even gcc was flagged as malware a few weeks ago.
Re: (Score:2)
Probably indicates that overall detection quality is getting worse and they tried (and obviously failed) to compensate by adjusting sensitivity. That does not bode well.
Microsoft products ARE ransomware (Score:2)