An antivirus service used by tens of thousands of businesses and millions of home users shut down an untold number of computers around the world after it mistakenly identified core parts of Microsoft Windows as threats, the company confirmed Tuesday.
Webroot Inc. of Broomfield, Colorado, said it issued an updated detection rule that "identified false positives" for critical Windows operating files Monday afternoon, resulting in those files' being "quarantined" and inaccessible to Windows.
Kristin Miller, a spokeswoman for Webroot, said the program incorrectly classified as "bad" a common folder that is often targeted for malware. She said that the false positives were being rolled back and that Webroot users should leave the program on and connected to the internet to get the fix.
"Webroot was not breached," she said. "Actual malicious files are being identified and blocked as normal."
The rule was distributed and applied by Webroot systems around the globe for about 13 minutes, the company said — long enough for businesses, users and administrators to be greeted by a red "blocked" screen and to find their files unavailable. Webroot reported serving about 30 million customers last year.
To make matters worse, Webroot's own systems became "overloaded" by a mammoth backlog of customers' requests to restore affected files from its cloud servers, it said.
The glitch first manifested itself as customers complained that Webroot was mistakenly flagging Facebook.com as a dangerous identity-fishing site.
Webroot's customers — including numerous so-called managed service providers, or MSPs, which use Webroot to manage security for multiple clients of their own — flooded social media to complain.