Skip to Content

Popular antivirus program mistakenly IDs Windows as a threat, chaos follows

Update: Wednesday, April 26, 2017Webroot provided us with this statement, “Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued earlier in the week. 

“For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue.

“The instructions we shared with our consumer customers yesterday are still the best solution for these users.

“Our entire Webroot team has been working around-the-clock on this repair and is implementing additional safeguards to prevent this from happening in the future. We apologize to our customers affected and appreciate their patience during this challenging issue.”

Here at we’re constantly telling you how important it is to have strong security software on your gadgets. It’s necessary to prevent, detect and remove malicious software. There are just too many digital threats out there not to have it.

The last thing you’d expect to happen is your own anti-virus software crashing your system. That’s exactly what’s happening to millions of customers running this popular anti-virus software.

How Webroot anti-virus software is crashing systems

What we’re talking about is Webroot anti-virus software. An update was issued on Monday, April 24, that caused millions of managed systems around the world to melt-down.

The problem is, the update caused the anti-virus software to falsely flag Windows systems files as malware. Those files are being marked as the generic malware W32 Trojan.Gen. This forced critical system files that are necessary for the Windows’ operating system to function to be moved to quarantine.

The glitch also caused some popular websites like Facebook and Bloomberg to be blocked as if they are phishing websites. Users were unable to access their accounts on the blocked sites, which started a firestorm on social media. Here is an example of an affected customer who posted his frustrations on Twitter:

It appears that the Webroot issue was only live for a total of 13 minutes. However, there are so many clients requiring a fix it’s taking the company a really long time to find a universal solution.

The company has issued suggested fixes to a couple of its products. Click here if you are running the Webroot Home edition to see its suggested fix. Click here if you are running the Webroot Business edition to see its suggested fix.

What you need to do

Webroot is offering suggestions to customers on how to handle this situation. If you are seeing an issue, you should submit a ticket to Webroot support immediately.

Here is the latest update posted on the Webroot community page:

“Due to a rule error that propagated for 13 minutes yesterday morning (Monday, April 24), good applications were mistakenly categorized as malware. This has created many false positives across the affected systems and has resulted in those applications being quarantined and unable to function.

“We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible. Webroot is making progress on a resolution and will update you when that’s available. In the meantime:

  • Affected customers should not uninstall the product or delete quarantine, as this will make quarantined files unrecoverable.
  • Webroot has rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
  • Customers should ensure that endpoints are on and connected to the internet to receive the resolution. Once files have been removed from quarantine, some endpoints may require rebooting.

“Those who need to address the issue immediately manually should follow the instructions posted here on Webroot Support.

“Webroot is conducting a thorough technical review to ensure it has a complete understanding of the root cause. A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.”

That is the latest information from Webroot dealing with this incident. Click here to visit the Webroot Home User Community page for any further updates.

More stories you can’t miss:

7 essential browser tricks every computer user needs to know

How to erase everything you ever searched for on Google

Your online banking password is not as secure as you think!

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.