"Webroot antivirus goes bananas, starts trashing Windows system files..."

Discussion in 'other security issues & news' started by hawki, Apr 25, 2017.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
    "Webroot antivirus goes bananas, starts trashing Windows system files..."

    Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them – knackering PCs in the process.

    Not only were people's individual copies of the antivirus suite going haywire, but also business editions and installations run by managed service providers (MSPs), meaning companies and organizations relying on the software were hit...

    We understand that all versions of Windows were affected by today's gaffe, and that a kill switch within Webroot's systems kicked in to halt the mass quarantining before any major damage was done...

    There are official fixes suggested for those using the Home edition and Business edition.

    https://www.theregister.co.uk/2017/04/25/webroot_windows_wipeout/

    "Webroot antivirus mistakenly flags Windows as malware
    Windows' system files were flagged as malicious, and Facebook was marked as a phishing site...


    A malware signature update issued by the company on Monday triggered the software into mistakenly flagging Windows system files as malware, melting down millions of managed systems around the world...

    Security commentator SwiftOnSecurity tweeted that the Webroot issue was only live for 13 minutes, but the company's efforts to remediate the problem were getting stalled due to the sheer volume of clients requiring a fix.

    The company, which claims to have more than 30 million users, has so far suggested fixes for the Home edition and its Business edition software, but the company has yet to offer anything universal or concrete for its entire affected user base at the time of writing.

    A Webroot spokesperson confirmed the issue and that the company is 'in the process of creating a fix,' but did not say when it would arrive'..."

    http://www.zdnet.com/article/webroot-antivirus-mistakenly-flags-windows-system-files-as-malware/
     
    Last edited: Apr 25, 2017
  2. guest

    guest Guest

    I used and am (still will be?) a closed-beta tester of Prevx/Webroot since 2011 , and honestly, i'm quite disappointed by the way WSA turns over the years...
    Such issues shouldn't be even possible for a company like this, especially when this is not the first time.
    It is not a product made by a lone developer in his basement, but a quite big company...
     
    Last edited by a moderator: Apr 25, 2017
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Man alive that is a massive error to be sure.

    For their sakes as a company let's hope they roll out damage control soon because that is some shocking discovery to say the least.

    I seen the same happen before (targeting microsoft system files as malware but only quarantined (so easily resolved), but with a much smaller vendor some years ago and it was quickly enough turned around to salvage customers trust before too much damage was done.
     
  4. guest

    guest Guest

    Problem with Webroot is their FPs issues, as i said it is not the first time, i can recall 2 events in the past. I remember one locking out the user of his system.
    For a home users it is already quite "annoying" , imagine a company doing stocks trading in real time , with all workstations shutdown, it would be millions dollars loses...webroot will pay the loses, i dont think so...
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I guess those files were signed by MS. Don't they have some kind of additional control implemented that would prevent such incidents?
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    This is the reason why I stopped using real-time AV 10 years ago, this isn't the first time that an AV company messed things up.
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,262
    Location:
    Ontario, Canada
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.