AV Provider Webroot Melts down as Update Nukes Hundreds of Legit Files

Posted by Megalith 9:15 AM (CDT)

Tuesday April 25, 2017

Webroot has just reinforced my decision for not using antivirus: you never know when the software is going to go berserk and start quarantining legit files. Yesterday, their AV program mislabeled key Microsoft Windows system files, taking PCs down and creating huge losses for businesses. The cause was "bad definitions" that were allegedly up for only 13 minutes, but it was more than enough time to screw over many users. Files digitally signed by Microsoft were mistakenly identified as W32.Trojan.Gen, reportedly.

A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system. Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined "several hundred" files used by Windows Insider Preview. Hundreds of "line of business" apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site.