Trend Micro AV nukes innocent Sharepoint code, admins despair

Servers fall over after JavaScript file trashed by mistake

Trend Micro's antivirus software has flagged benign Sharepoint code as potentially malign and nuked the files, causing the Microsoft package to fall over.

After installing a dodgy update, Trend's OfficeScan tool removes a harmless JavaScript file from Sharepoint, leaving crashing servers in its wake.

Aggrieved admins have aired their frustration on Reddit.

More than a full day after our initial inquiries, Trend Micro confirmed on Thursday that there was a problem and that a misfiring update – which it has since pulled – was to blame.

False positives are a well-known Achilles’ heel of anti-malware packages. All vendors trip over the issue from time to time.

Updated

Trend said the NEMUCOD ransomware family uses "aggressive methods of obfuscation" in trying to avoid detection by traditional security, so the firm used an "unconventional method of detection" to tackle it.

"Unfortunately, the result of this unconventional method was that certain customer customized versions of the particular JavaScript file was incorrectly detected as malicious."

Trend said it was still analysing the issue and will modify QA testing "to try and prevent a similar issue from occurring again in the future if possible". ®


Biting the hand that feeds IT © 1998–2017