Security

Win32 is malware? Webroot mistakenly labels Windows as cybersecurity threat

Antivirus provider Webroot recently pushed an updated causing it to read Windows system files as malware and label Facebook a phishing site.

keyboardfire.jpg
Image: iStockphoto/Laspi

An update pushed by antivirus provider Webroot had a painful unintended consequence for customers, as it began reading Windows system files as malicious and taking steps to secure the system against what it thought was malware. Companies running the antivirus were unable to access their systems, as Webroot had quarantined some of the files necessary for their operation.

The antivirus software, upon reading the Windows system files, seems to have mistakenly labeled them as W32.Trojan.Gen files. This is a generic form of malware and, as such, Webroot began quarantining the files to prevent further issues.

SEE: Guidelines for building security policies (Tech Pro Research)

Another issue caused by the error was that popular sites like Facebook and Bloomberg were flagged as phishing sites, and were blocked. This means that many companies weren't able to access social media tools through Facebook or the Bloomberg terminal for the duration of the issue.

As noted by ZDNet's Zack Whittaker, security commentator SwiftOnSecurity issued a tweet claiming that the Webroot problem was live for only 13 minutes. However, the tweet said, the high volume of customers requiring assistance had slowed efforts to fix the issue.

In a user forum on Webroot's website, an administrator posted that the company is aware of the issue, and is currently working on a universal fix. As of the time of this writing, the company said that it is still working to resolve the issue.

"Webroot has not been breached and customers are not at risk," the post said. "Legitimate malicious files are being identified and blocked as normal. We continue to work on a comprehensive resolution, but a live fix has been released for the Facebook issue and is propagating through to customers now."

According to Webroot, the company currently has 30 million customers. If you believe your business may have been affected by the issue, try one of the two workarounds listed in the forum, and follow the thread for the latest updates.

Update: Mike Malloy, executive vice president of products and strategy for Webroot, issued the following statement: "Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued Monday, April 24. For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue. The instructions we shared with our consumer customers yesterday are still the best solution for these users."

The 3 big takeaways for TechRepublic readers

  1. An issue with a Webroot update caused the system to unintentionally read Windows system files as malware, knocking out business systems.
  2. The issue also cause popular sites like Bloomberg and Facebook to be read as phishing sites, denying users access.
  3. Webroot is working on resolving the issue, and has provided two workarounds, available in its user forum post on the issue.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox