by Max Metzger  |  Thursday 27 April 2017  | Comment Now
Webroot security tools started throwing up false positives this week and quarantining critical Windows files.

Webroot antivirus recently went off the reservation and started labelling friends as enemies.  On 24 April, Webroot security tools were spotted red flagging Windows files. Webroot antivirus started seeing system data as Trojan infected files and moving it into quarantine, a common step for an antivirus to take when it discovers a files in labels as infected.

The act of taking key data to quarantine would then cause the affected computers to become unstable. Though the mistake supposedly only lasted for 13 minutes, unhappy users quickly took to social media to complain of downed servers, business apps and computers.

One unidentified user told Ars Technica that the false positive had isolated several hundred files from Windows Insider Preview and hundreds of “line of business” apps.

The AV also turned against Facebook and Bloomberg, labelling the popular social media platform and the financial news outlet as phishing sites and blocked them.

A kill switch within Webroot stopped any further harm being done. While it is not known how many were affected, Webroot claims to have 30 million users

Webroot issued a statement confirming that on 24 April, “A folder that is a known target for malware was incorrectly classified as bad, and Facebook was classified as a phishing site.”

Webroot is actively fixing the problems, according to the statement: The Facebook issue has been corrected and “the Webroot team is in the process of creating a comprehensive fix for the false positive issue.” The statement added that Webroot itself was not breached and customers are not at risk.

This article originally appeared at scmagazineuk.com

Source: Copyright © SC Magazine, UK edition

See more about:  false positive  |  webroot av
 
 

