It’s a rare sight to witness antivirus products flagging genuine websites as phishing websites and authentic files as malware, as has been the case with Webroot Antivirus. The program that claims to provide real-time protection for PC’s and Mac’s mistakenly started marking Windows system files as malware, triggering a widespread outrage around the world. Moreover, it flagged Facebook as a Phishing site.
Webroot antivirus flags Windows as malware
The problem first appeared when, malware signature update issued last night, essentially prompted the software into thinking that Windows system files were indeed supporting a malware and then proceeded to delete them or attempt to clean them all. The result, millions of system all over the worlds crashed as system files are required by the system to run the OS harmoniously. The antivirus falsely identified Windows operating system files as W32.Trojan.Gen, a generic form of malware, resulting in instant cleaning up of Windows files and libraries, making them unavailable by the Operating System.
Webroot acknowledged the problem. So far, the company has managed to suggest fixes for the machines running Home and Business edition of the software. They have outlined the following steps to prevent Webroot from re-detecting the file(s).
- Sign into the Webroot console at: https://my.webrootanywhere.com/default.aspx
- Click the “Group Management” tab and then select Agent Commands > Files and Processes > Reverify All Files and Processes.
- Go to “Endpoint protection”, then click the “Status” tab.
- Click the red text “View” under “Blocked Programs”.
- This list will show all files found by Webroot for the endpoint, for any files that have the malware group “Uncategorized File” or “Whitelisted File” click the checkbox next to the file, then click “Create Override” followed by “Restore from quarantine”.
- After creating overrides and restoring the false positive detections, click the “Group Management” tab and then select Agent Commands > Files and Processes > Reverify All Files and Processes, followed by the scan command.
- Click the “Group Management” tab, select all the endpoints with this detection. Click Agent Commands > Agent > Scan.
Depending on your poll interval set for the endpoint, this may take up to 24 hours to take effect, says Webroot.
This is not the first time a problem has been reported with Windows. Earlier too, A similar issue had cropped up with Avast Antivirus when Microsoft released its Anniversary Update. The Antivirus blocked the Windows update from installing thus causing the system to reboot multiple times and cancel the update, altogether.