Wednesday, August 16, 2017

How did Webroot's antivirus signature update create false positives?

Webroot Inc.'s issue happened on Apr. 24 between 1800 and 2100 Coordinated Universal Time, and it tagged particular Windows OS system files as part of the W32.Trojan.Gen. Once these files were tagged as malicious, they went into quarantine, and the systems were left inoperative.

An antivirus signature update was pushed down from the Webroot cloud service, updating the agents with the false positive and triggering a chain reaction for all the systems receiving the update to cause the Windows systems to quarantine the files. It was reported that the antivirus signature update was only active for 13 minutes, but that many managed service providers were utilizing the service and pushing updates to their clients that it propagated the issue to additional endpoints.

Shortly after the issue, Webroot started working on ways to remediate the problem, and social media started lighting up with comments and potential workarounds in an attempt to get the files back -- including removing Webroot, restoring the needed files from backup and rebooting. Read the rest of my article at the link below:

No comments:

Post a Comment