Connect with us

Hi, what are you looking for?


Endpoint Security

Webroot Tags Windows Files, Facebook as Malicious

An update released by Webroot has caused the company’s home and business products to flag legitimate files and websites as malicious.

An update released by Webroot has caused the company’s home and business products to flag legitimate files and websites as malicious.

While the faulty update was only available for less than 15 minutes on Monday, many customers took to social media and Webroot’s forum to complain that it had caused serious problems for their organization. Users reported that hundreds and even thousands of their endpoints were affected.

The update caused Webroot to detect legitimate Windows files, including files signed by Microsoft, as W32.Trojan.Gen. Users also reported that files associated with some of their applications had been flagged as malicious and quarantined.

The update also caused the antivirus to block access to Facebook after flagging the service as a phishing website.

“Webroot has not been breached and customers are not at risk.  Legitimate malicious files are being identified and blocked as normal,” Webroot said on its forum.

Advertisement. Scroll to continue reading.

The company has provided a workaround for small business customers, but there is still no solution for managed services providers (MSPs). A fix has also been pushed out for the Facebook issue.

“We understand that MSPs will require a different solution,” Webroot said. “We are currently working on this universal solution now.” 

This is the second buggy update released by Webroot this year. An update rolled out in February caused many systems to crash.

Webroot is not the only security firm whose products have caused problems for users. Buggy updates were also released in the past by ESET, Panda Security, Norton and other antivirus vendors.

UPDATE. Mike Malloy, EVP of Products & Strategy at Webroot, has provided the following statement to SecurityWeek:

“Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued Monday, April 24.

For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue.

The instructions we shared with our consumer customers yesterday are still the best solution for these users.

Our entire Webroot team has been working around-the-clock on this repair and is implementing additional safeguards to prevent this from happening in the future. We apologize to our customers affected and appreciate their patience during this challenging issue.”

Related: Microsoft Reissues Security Update Due to Outlook Crash

Related: Apple Reissues Security Update After Blocking Ethernet on Mac OS X

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.