Jump to content
  • After Defender flagged Office as virus, Microsoft gets serious about fixing false positives

    aum

    • 427 views
    • 2 minutes
     Share


    • 427 views
    • 2 minutes

    Recently Microsoft had a major goof-up as the company's Defender for Endpoint security solution flagged its own Office updates as malware. The product misidentified "OfficeSvcMgr.exe" as something that has ransomware behavior. After system admins made a hue and cry about it Microsoft probably noticed the issue and later Steve Scholz, the company's Principal Technical Specialist for Security & Compliance, clarified that the report was a false positive. The issue was also fixed within the day.

     

    However, Microsoft isn't just basking in glory after fixing that false positive error. The company looks to be actively working on putting an end to such issues, at least in the case of its Defender for Endpoint product, since these alerts generally cause wide-scale disruptions.

     

    It has published a guidance for security operators and security administrators who are using Microsoft Defender for Endpoint. Basically these are the steps that one can use to help eliminate a lot of such false positives. The following diagram shows the gist of the steps but you can view them in detail in the original article here.

     

    1647594272_false_postive_steps_(source-_

     

    Overall, it looks like a good initiative from the Redmond firm as this guidance can not only potentially help clear up a lot of false positives but will also help the company better understand threats and non-threats.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...