Antivirus provider Webroot is causing a world of trouble for customers. A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system.
Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined “several hundred” files used by Windows Insider Preview. Hundreds of “line of business” apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site.
As this post was going live, Webroot’s cloud-based system for issuing commands to clients was unable to revert the quarantined files. Officials have yet to confirm they would be able to revert all the bad determinations.
Webroot officials said the bad definitions were live for only 13 minutes before being taken down. But that was enough time to create mammoth problems. As Webroot officials pledged to provide a fix…
— Webroot (@Webroot) April 24, 2017
… customers continued to heap on reports of chaos:
@Webroot everything is breaking, money is flying out the window… where are you? I have been on hold 20+min
— iSupportU (@isupportu) April 24, 2017
Webroot seem to have angered a lot of their customers…. the system is in utter meltdown after borking legit system and app files. Ooops.
— Neil Jackson (@Jaxxnet) April 24, 2017
Webroot has yet to provide a definitive fix, but so far at least one user is reporting that uninstalling Webroot, restoring quarantined files from a backup drive, and then reinstalling Webroot seems to fix the problem. SwiftOnSecurity told Ars that fix appeared to work.
Hang in there. This may be a long night for some people reading this post.