Webroot AV Update Failure Causes Havoc: Windows System Files and EXE Files Quarantined

A Webroot AV update failure has caused havoc for thousands of customers. An April 24 update saw swathes of critical files miscategorized as malicious. While occasional false positives can be expected on occasion, in this case the error was severe.

The Webroot AV update failure resulted in hundreds of Windows system files being miscategorized, resulting in serious stability issues. Many users’ servers and PCs were crippled after the automatic update occurred. The problem did not only affect Windows files. Scores of signed executables and third-party apps were blocked and prevented from running.

The error affected all Windows versions and saw critical system files categorized as W32.Trojan.Gen. Those files were moved to Webroot’s quarantine folder after the April 24 update. Once the files were moved, users’ computers started to experience severe problems with many displaying errors. In some cases, the moving of system files to the quarantine folder caused computers to crash. In other cases, apps were prevented from running causing major disruption to businesses.

Webroot AV also started miscategorizing websites as malicious, preventing them from being accessed. One notable example was Facebook, which was categorized as a phishing website and was blocked. Bloomberg also had its website miscategorized as a phishing website.

The Webroot AV update failure was quickly identified and corrected. The problem occurred between 7PM and 9PM UTC, with the update live for just 13 minutes according to SwiftonSecurity. While the update was only available for under 15 minutes, many thousands of customers downloaded the update.

The extent of the problem became rapidly apparent. The company’s forum was swamped with complaints from customers and social media was awash with comments from frantic IT admins and MSPs that had started receiving huge numbers of support calls. Webroot worked rapidly to fix the issue and while the Facebook blocking problem has been fixed, many users are still experiencing problems.

Webroot issued a set of instructions that will allow customers to restore the quarantined files and prevent those files from being quarantined again, although the instructions will only help home edition users. Businesses using Webroot AV have yet to be provided with a fix to restore system files. Webroot is currently working to correct the problem on business clients’ systems and develop a universal fix for all of its clients.

Instructions to repair the issue on Webroot home editions was published on the Webroot community forums:

Customers Turn to Twitter to Express Their Frustration About Webroot AV Update Failure

Many users took to Twitter to express their frustration about the Webroot AV update failure. Bob Ripley (@M5_Driver) said “I seem to have installed a nasty Ransomware app. It’s called Webroot. They already have my money, should I contact the FBI?”

While many used humor, the frustration caused by the update was clear. @Limbaughnomicon said “This false positive issue is driving me insane. As an MSP, a true nightmare. No quarantine restores work. HELP!”

While many users were complaining that essential Windows system files had been nuked, that was far from the only problem. Many other files were also miscategorised. The update took many business apps out of action, causing considerable headaches and loss of revenue. @Davedevery said, “I work for a small software company, Webroot has targeted our EXE and is removing it from pcs. Is there anyway to do like a blanket exclusion.”

iSupportU tweeted, “@Webroot everything is breaking, money is flying out the window… where are you? I have been on hold 20+min.”

Splumlee said “This is taking out all of the MSPs. Specifically we are losing almost all .EXE files across all of our clients.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.