Solution of Webroot Error that shows flagging Windows files as malicious

Webroot Inc., is a provider of internet security solutions that offers security products for corporate networks. It provides solutions that offer protection against threats like viruses, spyware, phishing attacks, identity theft, social network threats, and unsafe Websites. The company provides services to network security providers, enterprise customers, and mobile providers. The main highlights of the company includes products such as the Webroot Internet of Things (IoT) Security Toolkit that integrates cloud-based threat intelligence services and intelligent cybersecurity device agents for defending critical systems against malware; and the BrightCloud Threat Investigator which is a tool for threat investigation that provides enterprises, managed service providers (MSPs), and managed security service providers (MSSPs) with instant access to actionable threat intelligence on individual internet protocols (IPs) and Uniform Resource Locators (URLs).

Despite success of the company across the information technology industry, users of its antivirus security product, consumers and businesses faced troubles when the program started flagging Windows files as malicious. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems. The problem was identified as false positive wherein a clean file is flagged as malicious and is blocked or deleted. False positive incidents also affect the operating systems. Webroot finally provided a solution on its community forum that involves logging into the Webroot online console and manually creating override rules for all of the erroneously blocked files. Users are then have to wait for the endpoint client to poll the server and restore the files as per the new rules, which may take up to 24 hours, or manually trigger a forced polling for each client from the command line. However, the solution seems to create problems for large environments which include managed services providers (MSPs).

The Webroot incident affected legitimate Windows files and sent them to quarantine. This is somewhat unusual because antivirus firms typically build whitelists of operating system (OS) files specifically to prevent false positive detections.

To clarify the doubt, Webroot said that its software had not been breached instead it is incorrectly identifying a folder found on all Windows machines as malware. The error was causing the software to incorrectly quarantine certain files. It posted a fix for its small-business customers on its community message board.

Several users reported complaints stating that they resorted to recovering the affected files using Windows’ Shadow Copy feature as they were not able to use recovery because most of the backup server cores were also affected. An MSP company also considered legal action because it might have to compensate its own customers for the downtime.

Troubleshooting Steps:

According to representatives of Webroot, the company is working on a universal solution that will also be suitable for MSPs. Webroot recommended the following steps for home users whose SecureAnywhere antivirus and security software has mistakenly quarantined files:

Step 1: Open Webroot by double-clicking the W icon at the bottom of your screen
Step 2: Select “Scan My Computer”
Step 3: After the scan is completed, click the cog icon on the Webroot home screen (next to PC Security)
Step 4: Click the “Quarantine” tab. Find every file from April 24, 2017 with the time stamp between 12 p.m. to 3 p.m. MT
Step 5: Click the check box on the left of each file you identified in the earlier step
Step 6: Click “Restore”
Step 7: When prompted, “If you’re sure you want to roll back the selected entries…” click on “Yes”
Step 8: This could take several minutes. When completed, rescan to make sure the issue is resolved.

If issue still persist after following these steps, you may please contact 24/7 Webroot Support for further assistance.

Leave a Reply