Webroot Antivirus Mistakenly Flags Windows Files As Malicious

Fail 2 - ShutterStock: © kaarsten

False positive hell. Webroot AV mistakenly identifies Windows files as malicious, damages computers

There were red faces at security experts Webroot this week after its antivirus package mistakenly flagged core files of the Windows operating system as malicious.

To make matters worse, the anitvirus package even began transferring these key files into quarantine, which reportedly rubbished customer computers.

The glitch is said to been caused after an update, and users also complained when the problem impacted a number of websites, including Facebook, which was incorrectly labelled by the AV package as a phishing scam site and blocked access.

failFalse Positives

But it was the false positives that caused customers the biggest headache. Although the bad definitions were only live for thirteen minutes before they were removed, it caused no end of problems for Webroot customers.

Social media and community webpages rapidly began to fill with complaints over the problem, after the antivirus package began mistakenly identifying Windows files as a generic W32.Trojan.Gen trojan and moved these file into quarantine on Monday afternoon.

Once these core files were moved, customer computers reportedly began displaying error messages or even crashed.

“Due to a rule error that propagated for 13 minutes yesterday morning at 11:52am MT, good applications were mistakenly categorized as malware,” Webroot said on Tuesday. “This has created many false positives across the affected systems and has resulted in those applications being quarantined and unable to function.”

“We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible,” it added.

Unfortunately, it seems that a large number of customers were forced to manually move hundreds or thousands of files out of quarantine.

Webroot did however then issue instructions for home customers to restore the files and stop the antivirus package from re-detecting the same Windows files as W32.Trojan.Gen.

It later provided instructions and a repair utility for business clients.

The Broomfield, Colorado firm is said to have 30 million customers worldwide.

Quiz: Do you know all about security in 2016?