I've been getting a ton of alerts from Microsoft Defender about Office[1].js located in a specific path on my computer. This has been happening for about four hours now. On checking VirusTotal, it seems like only Microsoft is flagging it as 'Malgent' malware. I've got the hash for reference: e2af4273f254c69f4f3e44a17666e60a4b4575cabb65f6968d4d478b1d2a8848.
I'm curious if anyone else is experiencing this issue. Has anyone figured out what's triggering this file? It doesn't seem to be appearing on all devices. I'm surprised I can't find more information about this - is this something specific to our setup? VirusTotal frequently updates, so I'm wondering why others aren't reporting it yet.
6 Answers
I’ve been getting alerts since around 13:30 too. It's definitely affecting multiple machines.
Is this detection even real? Seems suspicious to me.
We’re experiencing these alerts as well this morning. Seems to be widespread across different devices.
I found some useful info in the community panel on VirusTotal related to that hash. It had a pretty detailed analysis: [Link to Joe Sandbox](https://www.joesandbox.com/analysis/1898459/0/html). Might be helpful!
This whole thing feels more like a transient issue or a false alarm rather than an actual outbreak. A lot of us started noticing it at the same time, which is sketchy. I’d check the defender logs and see if there’s a common path causing this detection, like browser caches or specific add-ins.
I’m seeing the same thing! VirusTotal also only shows Microsoft detecting it as malware. Interestingly, it seems that detection has decreased recently; I haven’t had alerts for about 20 minutes now. Could be a temporary glitch?
Yeah, it seems like it’s clearing up now. I think we might have just been hit by a bad signature that confused Defender.