Webroot False Positive Windows Malware Bug Fix for MSPs?

Credit: Getty Images

A malware signature update issued by Webroot on Monday triggered the software into mistakenly flagging Windows system files as malware, allegedly impacting millions of managed systems around the world, according to ZDNet.

According to a support forum statement from Webroot, the system has not been breached. However, Webroot was still working to rectify the false-positive situation for MSPs as of late Monday, April 24.

According to a Webroot support forum update from 10:00 p.m. MST on Monday:

“We understand that this is a consumer and business issue. For our small business customers, the fix below will work.

We understand that MSPs will require a different solution. We are currently working on this universal solution now.

Please stay here for the latest updates.”

Here’s a complete look at the Webroot support forum statement.

Updated April 25, 9:15 a.m. ET: Webroot provided the following statement to ChannelE2E:

“On April 24, Webroot experienced a technical issue affecting some business and consumer customers.  A folder that is a known target for malware was incorrectly classified as bad, and Facebook was classified as a phishing site. The Facebook issue was corrected, and the Webroot team is in the process of creating a comprehensive fix for the false positive issue.  In the meantime, small business customers and consumers can follow instructions posted in the Webroot Community to address the issue.

Webroot was not breached and customers are not at risk. Legitimate malicious files are being identified and blocked as normal. We are dedicated to resolving the issue, and will provide updates as they are available in the Community.”

Updated April 25, 9:31 p.m. ET: Webroot Executive VP Michael Malloy has sent a memo about the false positive issue to registered MSP admins.

Updated April 26, 8:12 a.m. ET: Webroot began beta testing an automated fix for the problem as of late Tuesday, April 25.

ChannelE2E will continue to provide updates, particularly as they pertain to MSPs and channel partners.


Return Home



    Steven Thom:

    “Legitimate malicious files are being identified and blocked as normal”

    Yep, sounds as though they’re on top of the situation alright…

    Joe Axne:

    Really would like to know if some MSPs didn’t get affected by this and why. Did they use a different profile than the built in stock profiles. We are in process of testing and migrating to Webroot so this has me concerned for sure. We need a statement from Webroot on what went wrong, how they will prevent in future and things we could do as MSP to protect ourselves from issues like this in the future.

    Joe Panettieri:

    Hey Steve, Joe:

    ChannelE2E is in touch with Webroot. We don’t have additional info to share at this time but I’m taking note of your questions and others. We’ll be sure to update our coverage accordingly once more info is available.

    UPDATE 9:50pm ET: Webroot EVP’s memo, apology & update to MSPs
    If anyone has Q’s you can also reach me via email: Joe [at] AfterNines [dot] com.

Leave a Reply

Your email address will not be published.