Webroot has detailed steps for affected users to take, but says the process could take up to 24 hours to work
Webroot has detailed steps for affected users to take, but says the process could take up to 24 hours to work

Windows users mystified as antivirus accidentally cripples computers

The issue appears to affect both businesses and consumers running all versions of the operating system

Aatif Sulleyman
Tuesday 25 April 2017 16:52
comments

A major gaffe has crippled Windows computers running antivirus program Webroot.

The security provider issued a seriously flawed signature update on Monday, which mistakenly identified hundreds of crucial Windows files and legitimate apps as malware.

It proceeded to shut them down, completely crippling users’ computers in the process.

Webroot customers were also unable to access Facebook, which the update had marked as a phishing site.

The issue appears to affect both businesses and consumers running all versions of Windows.

“A folder that is a known target for malware was incorrectly classified as bad, and Facebook was classified as a phishing site,” Webroot told PCWorld.

“The Facebook issue was corrected, and the Webroot team is in the process of creating a comprehensive fix for the false positive issue.”

The files were being flagged as W32.Trojan.Gen, a type of malicious program named after the mythical Trojan Horse that helped the Greeks sack Troy, designed to infect a computer by deceiving its operator.

“Endpoints that were not affected will not be affected,” wrote Mike Malloy, Webroot’s executive vice president of products and strategy, on the company’s community forum.

“The files that were mistakenly marked bad have been re-marked good.”

The company has also detailed steps for affected users to take on its forum, but says the process could take up to 24 hours to work.

While this fix helps individual customers and businesses with a small number of computers, it comes as little comfort to large customers with lots of affected machines.

“Webroot will run the automated agent command approach,” wrote Mr Malloy in a more recent update.

“But as I said it will take time to reach all endpoints. If you have critical business apps that need immediate attention, then using a local approach will be best. To the extent you can, ensure your endpoints are online so commands can be received.”

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments