HomeWinBuzzer NewsMicrosoft Defender Flags Office as a Virus, Prompting Microsoft to Tackle False...

Microsoft Defender Flags Office as a Virus, Prompting Microsoft to Tackle False Positives

Microsoft is rolling out a guidance for preventing false positives in Microsoft Defender for Endpoint following Microsoft Office incident.


Earlier this week, had an embarrassing episode with its cybersecurity suite. In a strange situation, was flagging the company's own Office suite as a virus. While this is hilarious, it also shows a problem with false positives. Microsoft has now decided to do more to prevent such issues in Defender.

False positives are when an anti-virus tool flags a legitimate tool as being infected and warns users about using its. Product misidentification does not happen often, but it is a problem Microsoft has seen sometimes on Microsoft Defender for Endpoint. This week's Office false positive was just a high profile incident.

System admins reached out to Microsoft to complain about the issue. Steve Scholz, Microsoft Principal Technical Specialist for Security & Compliance confirmed this was a false positive. Furthermore, Microsoft fixed the issue that same day.

A quick fix is one thing, but the company wants to do more. Microsoft is now working on adding features to Microsoft Defender that could greatly reduce the number of false positives.

New Guidance

In a new guidance for security admins and operators, Microsoft says there are steps they can take to prevent false positives:

“Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in Defender, your security operations can take steps to address them by using the following process:

  • Review and classify alerts
  • Review remediation actions that were taken
  • Review and define exclusions
  • Submit an entity for analysis
  • Review and adjust your threat protection settings”

Tip of the day: With a single registry tweak, it's possible to add a ‘Take Ownership' button to the right-click context menu that performs all of the necessary actions for you. You'll gain full access to all possible actions, including deletion, renaming, and more. All files and subfolders will also be under your name.

The Take Ownership context menu will set the currently active user as the owner of the files, though they must also be an administrator. They can then enter the folder or modify the file as they usually would.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News