Webroot causes massive headaches after falsely flagging Windows files as malicious – A N I T H
post-template-default,single,single-post,postid-701,single-format-standard,eltd-core-1.1.1,flow child-child-ver-1.0.0,flow-ver-1.3.6,eltd-smooth-scroll,eltd-smooth-page-transitions,ajax,eltd-blog-installed,page-template-blog-standard,eltd-header-standard,eltd-fixed-on-scroll,eltd-default-mobile-header,eltd-sticky-up-mobile-header,eltd-dropdown-default,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Webroot causes massive headaches after falsely flagging Windows files as malicious

Webroot causes massive headaches after falsely flagging Windows files as malicious

Webroot upset many of its customers when one of its signature updates caused its anti-virus solution to flag critical Windows files as malicious.

The endpoint security provider’s anti-virus platform melted down between 13:00 and 15:00 MST on 24 April. In that time span, Webroot began detecting legitimate Windows files, some of which are essential for Microsoft’s operating system to function, as W32.Trojan.Gen, its generic name for a Windows trojan. The anti-virus platform responded by moving all these falsely flagged files into quarantine, rendering an untold number of computers inoperable.

Not too long after the update took effect, customers took to social media to voice their disbelief and share their stories.

Information security observer @SwiftonSecurity told Ars Technica that Webroot had falsely flagged “several hundred” files used by Windows Insider Preview at their place of work. Hundreds of “line of business” apps also went down as a result of the issue.

Strangely enough, Webroot even prevented users from accessing Facebook after it flagged the social network as a phishing site.

Webroot blocks facebook

The flawed update was in place for 13 minutes before Webroot pulled it. Subsequently, the security firm released a workaround that users can implement to recover their files. This solution works for home users who have one or two affected PCs. But it doesn’t do much good for managed services providers (MSPs) that cater to hundreds or thousands of clients. For those clients, Webroot said in an update posted to its forums that it’s “still working to resolve this issue through the night and will keep you updated as soon as more information becomes available.”

That’s a small comfort to those affected by this incident. Still, it’s better than receiving a link to a slideshare about ransomware, something which Webroot sent to some of its users who complained.


All home users affected by Webroot’s snafu can reportedly fix the issue by uninstalling Webroot, restoring the quarantined files from a backup drive, and reinstalling the anti-virus platform. Let’s hope it doesn’t take long for the firm to release a solution for its business clients.

For more discussion around the issue, be sure to check out this edition of the “Smashing Security” podcast:

Audio podcast: iTunes | Google Play | Overcast | Stitcher | RSS for you nerds.

Update: Mike Malloy of Webroot has offered the following statement:

Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued Monday, April 24.

For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue.

The instructions we shared with our consumer customers yesterday are still the best solution for these users.

Our entire Webroot team has been working around-the-clock on this repair and is implementing additional safeguards to prevent this from happening in the future. We apologize to our customers affected and appreciate their patience during this challenging issue.

About the author, David Bisson

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News, Associate Editor for Tripwire’s “The State of Security” blog, and Contributing Author to Carbonite.

Follow @DMBisson

Interested in being a guest contributor to this site like David Bisson? Check out our contributor guidelines.

Source link

Anith Gopal
No Comments

Post a Comment