Users of Webroot’s endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.
The reports quickly popped up on Twitter and continued on the Webroot community forum. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.
The problem is what’s known in the antivirus industry as a “false positive” — a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying.
The Webroot incident falls somewhere in the middle because it affected legitimate Windows files and sent them to quarantine. This is somewhat unusual because antivirus firms typically build whitelists of OS files specifically to prevent false positive detections.
For now, Webroot has provided a solution on its community forum that involves logging into the Webroot online console and manually creating override rules for all of the erroneously blocked files.
