Webroot Antivirus Program Mistakenly IDs Windows as Threat, Creating Chaos

Popular Antivirus Program Mistakenly IDs Windows as Threat, Creating Chaos
by ALEX JOHNSON TECH  APR 25 2017, 7:53 AM ET
     
An antivirus service used by tens of thousands of businesses and millions of home users shut down an untold number of computers around the world Monday after it mistakenly identified core parts of Microsoft Windows as threats, the company confirmed.

Webroot Inc. of Broomfield, Colorado, didn't immediately respond to a request for comment. But it confirmed on its support forum for customers that it issued an updated detection rule that "identified false positives" for critical Windows operating files Monday afternoon, resulting in those files' being "quarantined" and inaccessible to Windows.

@SwiftOnSecurity, an anonymous but well-respected tech security Twitter account, reported that it appeared that the rule somehow allowed genuine "signed Microsoft files to be removed."

The rule was distributed and applied by Webroot systems around the globe for about 13 minutes, the company said — long enough for businesses, users and administrators to find their files unavailable. Webroot reported serving about 30 million customers last year.

"The rule was removed and we are in the process of rolling back all of the false positives that reside in the Webroot Threat Intelligence platform," the company said.

To make matters worse, Webroot's own systems became "overloaded" by a mammoth backlog of customers' requests to restore affected files from its cloud servers, it said.

 Follow
 Webroot @Webroot
@DueMarauder We're working on a universal fix now. Follow our Community thread to stay up-to-date: http://wbrt.io/lj2x .
3:35 PM - 24 Apr 2017
  6 6 Retweets   2 2 likes

The glitch first manifested itself as customers complained that Webroot was mistakenly flagging Facebook.com as a dangerous identity-fishing site.

Follow
 Billy Rountree @TreeBilliam
I think Webroot is on to something @Snowden
4:59 PM - 24 Apr 2017
  4 4 Retweets   4 4 likes

 Follow
 Sean Porcher @SeanPorcher
@Webroot I'd love to connect with you on facebook (actually no I wouldn't) but it won't let me - sorry. LOL LOL
4:50 PM - 24 Apr 2017
  2 2 Retweets   likes

The company said Monday night that it had resolved that problem. But at 10:40 p.m. ET, Webroot said it was still working to resolve the larger issue "and will keep you updated as soon as more information becomes available."

15h
 Keith Sieman @KeithSieman
> Tfw @Webroot gives you a link to their @facebook page on the very same screen that's blocking access to Facebook... 🙃 pic.twitter.com/6tued4BKu1
 Follow
 Webroot @Webroot

@KeithSieman @facebook A live fix has been released for the Facebook issue and is propagating through to customers now. Learn more here: http://wbrt.io/lj2x .
6:45 PM - 24 Apr 2017
W32.Trojan.Gen. False Positive Fix - April 24

Webroot has recently identified false positives for multiple programs as W32.Trojan.Gen. If you have an endpoint with a file that was quarantined or
community.webroot.com
  2 2 Retweets   1 1 like

It said it had ruled out that it had been the target of hackers.

Webroot's customers — including numerous so-called managed service providers, or MSPs, which use Webroot to manage security for multiple clients of their own — flooded social media to complain.

 Follow
 Torbjørn Remmen @torbjornremmen
#Webroot is setting a new record in false positives.. Apparently flagging business applications and OS files in bulk. No QA on signatures?
4:42 PM - 24 Apr 2017
  3 3 Retweets   2 2 likes
18h
 Webroot @Webroot
@DueMarauder We're working on a universal fix now. Follow our Community thread to stay up-to-date: http://wbrt.io/lj2x .
 Follow
 Pat Moore @DueMarauder
@Webroot Any update on a fix for MSP's? I've got well over 1,000 devices affected by this.
4:41 PM - 24 Apr 2017
  Retweets   likes
19h
 Webroot @Webroot
@jerrichculli Hi - how can I help you? ~LV
 Follow
 Josh Cullitan @jerrichculli
@Webroot i work for a small software company,webroot has targeted our exe and is removing it from pcs
is there anyway to do like a blanket exclusion
2:17 PM - 24 Apr 2017
  1 1 Retweet   2 2 likes
 Follow
 Jordan Hall @DivineOmega
.@Webroot has gone bonkers, flagging signed system executables as malicious, and marking legitimate sites as phishing. 😬 #security #netsec
4:25 PM - 24 Apr 2017
  2 2 Retweets   likes
At least none of my customers use Webroot (oh please don't let Bitdefender have dependencies...) https://t.co/Wk95OwJrEo
— Ben Weston (@psiphyr)

FIRST PUBLISHED APR 25 2017, 12:06 AM ET


Comments

  1. It's good to see your valuable blog regarding Webroot antivirus and you have written well, keep updating with new webroot blog here...Thank you.....Webroot Phone Number

    ReplyDelete
  2. Nice to read you blog post for the Webroot antivirus information and you have done pretty impressive work which is nice....webroot customer care | webroot customer care phone number

    ReplyDelete
  3. I have found your blog on the google while searching about the webroot antivirus program with complete information as i was looking for, you have done pretty work on this blog, thank youWebroot Helpline Number | Webroot Toll Free Number

    ReplyDelete
  4. With McAfee antivirus software user can protect his computer world from all kinds of internet based threats. your blog have helpful information about the McAfee antivirus which is really impressive to read it.....Keep doing well...Webroot Contact Number | Webroot Technical Support

    ReplyDelete

Post a Comment

Popular posts from this blog

The Silicon Valley Backlash is Heating Up

High-speed Hyperloop track ready for first trial run in Nevada

British supermarket offers 'finger vein' payment in worldwide first