Webroot bricks Windows PCs after flagging system files as malware

Customers of Webroot's antivirus product have been left scrambling to repair their Windows PCs after the software mistakenly flagged legitimate system files as malware.

The issue arose yesterday when a malware signature update issued by Webroot started marking Windows system files as W32.Trojan.Gen malware.

It meant the system files were moved into quarantine and made unavailable for use by the operating system.

It triggered a worldwide meltdown from users who were left with bricked computers.

"Due to a rule error that propagated for 13 minutes yesterday morning at 11:52am MT, good applications were mistakenly categorised as malware," Webroot said.

"This has created many false positives across the affected systems and has resulted in those applications being quarantined and unable to function."

The company has rolled back the false positive and suggested fixes for the home and business versions of its software that involve logging into its online console and manually overriding the quarantine rules for each affected file.

It warned home and business users not to uninstall its product or delete quarantine, as that would make the quarantined files unrecoverable.

However, that solution will not work for large-scale environments run by managed service providers.

"How am I supposed to do this across 3 GSMs [Webroot Global Site Manager instances] with over 3 thousand client sites? Not good enough," one user wrote on the company's forum.

Webroot is yet to offer a fix to MSPs but said it was working on a "universal solution".

It said it recognised that it had not met the expectations of its customers, and was "making progress" on a resolution.

Webroot is conducting a "thorough technical review" of the root cause of the issue and promised to post a summary in its community forum.