Webroot Tags Windows Files, Facebook as Malicious

An update released by Webroot has caused the company’s home and business products to flag legitimate files and websites as malicious.

While the faulty update was only available for less than 15 minutes on Monday, many customers took to social media and Webroot’s forum to complain that it had caused serious problems for their organization. Users reported that hundreds and even thousands of their endpoints were affected.

The update caused Webroot to detect legitimate Windows files, including files signed by Microsoft, as W32.Trojan.Gen. Users also reported that files associated with some of their applications had been flagged as malicious and quarantined.

@Webroot @WebrootSupport This false positive issue is driving me insane. As an MSP, a true nightmare. No quarantine restores work. HELP!

— Limbaughnomicon (@Limbaughnomicon) April 25, 2017

The update also caused the antivirus to block access to Facebook after flagging the service as a phishing website.

“Webroot has not been breached and customers are not at risk.  Legitimate malicious files are being identified and blocked as normal,” Webroot said on its forum.

The company has provided a workaround for small business customers, but there is still no solution for managed services providers (MSPs). A fix has also been pushed out for the Facebook issue.

“We understand that MSPs will require a different solution,” Webroot said. “We are currently working on this universal solution now.” 

This is the second buggy update released by Webroot this year. An update rolled out in February caused many systems to crash.

Webroot is not the only security firm whose products have caused problems for users. Buggy updates were also released in the past by ESET, Panda Security, Norton and other antivirus vendors.

UPDATE. Mike Malloy, EVP of Products & Strategy at Webroot, has provided the following statement to SecurityWeek:

“Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued Monday, April 24.

For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue.

The instructions we shared with our consumer customers yesterday are still the best solution for these users.

Our entire Webroot team has been working around-the-clock on this repair and is implementing additional safeguards to prevent this from happening in the future. We apologize to our customers affected and appreciate their patience during this challenging issue.”

Related: Microsoft Reissues Security Update Due to Outlook Crash

Related: Apple Reissues Security Update After Blocking Ethernet on Mac OS X