Newsletter Archives

  • When you are flagged as malicious


    Susan Bradley

    By Susan Bradley

    We rely too much on automated reporting in our security solutions.

    Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.

    Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.

    Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).