Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled

Webroot antivirus update problems are mounting with many thousands of the company’s customers experiencing severe issues after installing an April 24 update. Customers who had their computers running between 7PM and 9PM UTC on April 24 and had their AV set to update automatically had the update applied.

While the update should have simply loaded the latest malware signatures, hundreds of critical files were accidentally marked as malicious. The AV solution then started moving those files to the quarantine folder, causing servers and PCs to become unstable and crash.

The reason for the crashes and system instability was due to Windows system files being mistakenly marked as infected with W32.Trojan.Gen. However, the Webroot antivirus update problems didn’t end there. In addition to system files being marked as infected with a Trojan, the Webroot update also saw swathes of legitimate, signed executable files marked as malicious. Business apps running on Windows were prevented from running and the update even saw a number of legitimate websites misclassified as phishing sites, including Facebook and Bloomberg.

As soon as the update was applied, users started to receive error messages and experience system crashes. Webroot identified the issue promptly and took the update offline within fifteen minutes. However, for many of the company’s clients, the damage had already been done.

Webroot antivirus update problems continue to be reported by users and while the company has published a fix, it has yet to roll out a universal solution for all of its users. Home edition users have been given instructions to restore their files from the quarantine folder and prevent the AV system from reclassifying them as malicious, although many business users are still affected. The business edition is a more complicated fix. Webroot is trying to resolve the issue as quickly as possible.

Webroot Antivirus Update Problems Flood Twitter and Support Forums

The misclassification of legitimate files as malicious may not necessarily cause problems, but the types of files deemed to be infected made this a major issue and has caused considerable headaches for IT admins.

MSPs in particular have been badly hit and have had huge numbers of their clients affected. Many IT solutions have been taken out of action as a result of the update. Not only has that caused all sorts of support nightmares, for many MSPs and businesses, the Webroot update failure is affecting revenues. “This is taking out all of the MSPs. Specifically we are losing almost all .EXE files across all of our clients,” tweeted Splumlee.

Webroot customers were trying to get answers from Webroot support, but due to the sheer number of people affected, it took some time for their tier 1 support staff to provide answers.

With customers failing to get fast answers from support staff, many took to Twitter to express their concern and frustration. Facebook would also have been awash with criticisms and comments had it not been blocked.

One Twitter user – iSupportU – said “@Webroot everything is breaking, money is flying out the window… where are you? I have been on hold 20+min.”

Davedevery tweeted “I work for a small software company, Webroot has targeted our EXE and is removing it from pcs. Is there any way to do like a blanket exclusion.”

The issue with Facebook and other misclassified websites has now been resolved, although many IT admins are still dealing with the problems caused by the update. The company has confirmed that it is working to resolve the problem for all of its users as quickly as possible and said the update involved an error. The company has not been attacked and has not experienced a data breach.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news