An update pushed by antivirus provider Webroot had a painful unintended consequence for customers, as it began reading Windows system files as malicious and taking steps to secure the system against what it thought was malware. Companies running the antivirus were unable to access their systems, as Webroot had quarantined some of the files necessary for their operation.
The antivirus software, upon reading the Windows system files, seems to have mistakenly labeled them as W32.Trojan.Gen files. This is a generic form of malware and, as such, Webroot began quarantining the files to prevent further issues.
SEE: Guidelines for building security policies (Tech Pro Research)
Another issue caused by the error was that popular sites like Facebook and Bloomberg were flagged as phishing sites, and were blocked. This means that many companies weren't able to access social media tools through Facebook or the Bloomberg terminal for the duration of the issue.
As noted by ZDNet's Zack Whittaker, security commentator SwiftOnSecurity issued a tweet claiming that the Webroot problem was live for only 13 minutes. However, the tweet said, the high volume of customers requiring assistance had slowed efforts to fix the issue.
In a user forum on Webroot's website, an administrator posted that the company is aware of the issue, and is currently working on a universal fix. As of the time of this writing, the company said that it is still working to resolve the issue.
"Webroot has not been breached and customers are not at risk," the post said. "Legitimate malicious files are being identified and blocked as normal. We continue to work on a comprehensive resolution, but a live fix has been released for the Facebook issue and is propagating through to customers now."
According to Webroot, the company currently has 30 million customers. If you believe your business may have been affected by the issue, try one of the two workarounds listed in the forum, and follow the thread for the latest updates.
Update: Mike Malloy, executive vice president of products and strategy for Webroot, issued the following statement: "Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued Monday, April 24. For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue. The instructions we shared with our consumer customers yesterday are still the best solution for these users."
The 3 big takeaways for TechRepublic readers
- An issue with a Webroot update caused the system to unintentionally read Windows system files as malware, knocking out business systems.
- The issue also cause popular sites like Bloomberg and Facebook to be read as phishing sites, denying users access.
- Webroot is working on resolving the issue, and has provided two workarounds, available in its user forum post on the issue.
- Windows 10: Here's why it beats Windows 7 on security, says Microsoft (TechRepublic)
- Webroot antivirus mistakenly flags Windows as malware (ZDNet)
- If Windows 7's security is so outdated, why doesn't Microsoft make it as good as Windows 10's? (TechRepublic)
- Homeland Security warns of 'BrickerBot' malware that destroys unsecured internet-connected devices (ZDNet)
- How to remove pesky malware from your PC with Windows Defender Offline (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.