Webroot issues an apology after a false positive error bricks PCs
April 24th, 2017 is the date that Webroot will undoubtedly find painful to remember for quite some time. On this day, a false positive error in the software’s signature update has caused the popular virus-fighting utility to falsely identify and put several hundreds of legitimate Windows files to quarantine [1]. During the 13 minute streak while the corrupt definitions were active, the users were unable to access or use the quarantined files [2]. A large portion of these affected files were crucial for the Windows operating system. Naturally, this caused crippling malfunctions and eventual bricking of some of the affected devices. Besides, the affected computer users were also blocked from visiting Facebook due to the “phishing” hazard and encountered trouble accessing some of the legitimate applications installed on their devices [3]. At the moment of writing, a few days have past since the incident and Webroot customers are still not done repairing the affected devices, not to mention estimating the damage made. But there is no doubt that the scale of it is huge and that the security vendor will not get away a mere apology. Webroot team will have to work incredibly hard to regain the trust of their business customers and individual users.
While we cannot underestimate the harm this error has made to the individual users of the software, the companies that incorporate Webroot in their businesses have undeniably suffered the most. Enterprises have lost access to hundreds of business-related resource management applications, including patient appointment tracking software or office equipment managers preventing the businesses from running properly, if not at all [4]. Though no one has filed any reports yet, we can only speculate that such interferences could have easily resulted in the corruption of corporate data and potentially financial losses. Webroot’s Executive VP Product & Strategy Mike Malloy was quick to address the business partners about the temporary manual fix soon after the incident and a couple of days later announced the release of a standalone repair utility. This tool is said to roll back the quarantined data and provide a “streamlined fix” for the GSM & SMB customers. Despite the release of the mentioned utility, it does not seem that Webroot’s work is over yet and there is still a long way ahead.
If you or your company have been affected by this false positive error, you should not uninstall the antivirus or wipe out the quarantine folder because the files stored on it will be permanently destroyed. Instead, you should start a new ticket on the Webroot’s support page and file an inquiry for the repair tool [5]. Summing up, we should say that Webroot is a legitimate security application used by millions, so the errors that have occurred should not be taken as a malicious attempt.
Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.
- ^ Lucian Constantin. Webroot deletes Windows files and causes serious problems for users. PCworld. News, tips and reviews from the experts on PCs, Windows, and more.
- ^ Dan Goodin. AV provider Webroot melts down as update nukes hundreds of legit files. ArsTechnica. Latest technology news.
- ^ Swati Khandelwal. Webroot 'mistakenly' flags Windows as Malware and Facebook as phishing site. TheHackerNews. Security in a serious way.
- ^ Max Metzger. Webroot false positive blocks Windows files. CRN. Connecting the Australian channel.
- ^ Repair tool ticket . WebrootAnywhere. Support Page.
