If a piece of malware modifies certain files, Webroot tracks those modifications so that it can roll them back later when that malware is detected. They make a huge deal about this in their youtube video. However, it does a pretty poor job of this and in the process corrupts files. Here is the scenario: Original file contains: abcd Malware adds a string in the middle: abXYZcd Legitimate applications adds a string at the end: abXYZcdefg Malware is detected through cloud analysis or through the addition of a definition. As part of its much publicized cleanup, Webroot will attempt to rollback changes. It modifies the file to the state it was BEFORE the malicious modification is made. In the above example, it changes the file to contain "abcd". In the process it lost the other changes "defg" and corrupted the file.