The Webroot antivirus went berserk yesterday late afternoon, as it flagged core Windows system files as malicious, and even started moving some of the affected files into quarantine, trashing customer computers.
Antivirus software programs are designed to ignore Windows system files, as they are crucial to the operation of the Windows OS.
Webroot was flagging these files as a generic W32.Trojan.Gen trojan, but this wasn't the biggest problem. Once the antivirus started moving files around, computers started showing errors, and some crashed.
The company says their antivirus went haywire between 1 PM - 3 PM MST (7 PM - 9 PM UTC), the period when Webroot moved Windows files to quarantine. The issue was eventually fixed, but many customers were left with hundreds or thousands of files moved to quarantine.
About the same time, the Webroot antivirus also started tagging Facebook as a phishing site, blocking access to the social network.
The antivirus should have blocked Twitter because users took to the micro-blogging platform to show their discontent and trash the company.
At the peak of irony, their customer PR started answering customer who had issues with Windows files trapped in Webroot's quarantine with a link to a presentation about ransomware.
Nonetheless, Webroot's technical team moved quickly and pushed a fix for the Facebook issue late last night, according to a post on the company's forum.
The company also provided a set of instructions that customers could follow to restore files and prevent the antivirus from re-detecting the same Windows files as W32.Trojan.Gen.
These instructions are only useful for home edition users. Webroot is still working on a solution for its business clients, where a more complex fix is needed.
Two months ago, a Webroot update caused problems and crashed computers for some of its clients.
UPDATE [April 26, 2017]: In a subsequent announcement, Webroot provided more details and released a repair utility for business clients.
when your AV prog gets some bad setting from the cloud and starts false positive'ing tons of files on my OS :( Looking at you @Webroot— CanadianCoder (@CdnCoder) April 25, 2017
I feel like I'm beating a dead horse, but why is @Webroot saying Facebook is a phishing site?— Nick Herman (@nrherman) April 25, 2017
@Webroot I seem to have installed a nasty Ransomware app. It's called Webroot. They already have my money, should I contact the FBI?— Bob Ripley (@M5_Driver) April 24, 2017
@Webroot everything is breaking, money is flying out the window... where are you? I have been on hold 20+min— iSupportU (@isupportu) April 24, 2017
@Webroot any updates? We have hotel using this antivirus and are at stand still as the application to check in check out - ALL STANDSTILL— Kruanl Patel (@KK_Ignitus) April 24, 2017
@Webroot thank you for ruining multiple gaming sessions for this week even though I have selected no scans during full screen or gaming.— K3WP Gaming (@K3WPGaming) April 24, 2017
@Webroot i work for a small software company,webroot has targeted our exe and is removing it from pcs— Josh Cullitan (@jerrichculli) April 24, 2017
is there anyway to do like a blanket exclusion
And @webroot goes into meltdown. Hoping global restores will work. We have lot's of valid exe's for all types of software being flagged— Dave Devery (@Davedevery) April 24, 2017