Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world.

The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn't stopped some PCs from receiving it, causing serious issues for not just individuals, but also companies and organizations relying on the software.

Webroot even Blocked Facebook

According to the reports by many customers on social media and Webroot's forum, hundreds and even thousands of systems were broken down after antivirus software flagged hundreds of benign files needed to run Windows and apps that run on top of the operating system.

The faulty update even caused the antivirus to incorrectly block access to Facebook after flagging the social network service as a phishing website, preventing users from accessing the social network.
"Webroot has not been breached and customers are not at risk," the company said on its online forum. "Legitimate malicious files are being identified and blocked as normal."

What all went Wrong?

The buggy update caused Webroot anti-virus service to detect legitimate Windows files, including those signed by Microsoft, as W32.Trojan.Gen files – generic malware, in other words.

This behavior, eventually, moved critical Windows system files essential to the operating system's effective functioning into quarantine, making them unavailable to Windows and rendering hundreds of thousands of computers unstable.

Even files associated with some of the applications had also been flagged as malicious and quarantined.

Webroot is Working on a Universal Fix

Webroot, which claims to have over 30 million customers last year, has suggested fixes for those using the Home edition and Business edition of its anti-virus software.

The company's technical team also moved quickly and pushed a fix for the Facebook issue last night, according to the post on the company's forum.

However, the company has yet to provide a definitive fix for its entire affected user base. The company confirms that it's "currently working on this universal solution now," but did not say when it would arrive.

What Affected Users should do

Meanwhile, the company has provided workarounds to restore files and prevent its antivirus from re-detecting the same Windows files as W32.Trojan.Gen, though it is only useful for home edition users and not for managed services providers (MSPs).

However, one user on Webroot's forum is reporting that uninstalling Webroot, then restoring quarantined files from a backup drive, and then re-installing Webroot believes in fixing the issue.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.