Security Alert Webroot antivirus goes bananas, starts trashing Windows system files


Level 19
Jul 28, 2016
Not saying that i was silently removed from the closed Beta-Tester group of Webroot's Forum....just discovered it today. :D

I guess the fanboy in charge of the group doesn't like my opinion. :p

that particular fanboy you are talking about does not like any honoust opinions or open discussions that are negative towards webroot products ;) I am quite sure they are taliking about this particular thread on their forums for sure :D btw mcafee and avast had some problems detecting m$ stuff , as I recall avast did even detect its own program files once as being malicious :p
Last edited:


Level 64
Apr 25, 2013
Critical Service Announcement
On April 24, Webroot experienced a technical issue affecting some business and consumer customers. A folder that is a known target for malware was incorrectly classified as bad. Webroot was not breached. Actual malicious files are being identified and blocked as normal.

We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible.

For Business
Webroot is making progress on a resolution and will update you when it is available. In the meantime:

  • Affected customers should not uninstall the product or delete quarantine, as this will make quarantined files unrecoverable.
  • We have rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
  • Customers should ensure that endpoints are on and connected to the Internet to receive the resolution. Once files have been removed from quarantine, some endpoints may require rebooting.
Those who wish to address the issue manually should follow the instructions posted on Webroot Support.

We are conducting a thorough technical review to ensure we have a complete understanding of the root cause. A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.

For Home
To resolve the issue, customers need to restore the quarantined file(s). Please follow the steps on the Webroot Community and restore the file(s). Webroot offers free 24/7 support for consumers, and can open a ticket for any questions here.

We apologize for the pain this has caused our customers and are taking the actions to earn your trust going forward.

Webroot Service Announcement


Level 85
Mar 15, 2011
A big responsibility for any Antivirus firms to handle carefully the machine learning information and other security techniques that continuously gathering information for detection.

Honestly it is a serious issue that can loss millions of revenues; so any security products are not immune cause which clearly link to human error from maintenance development.


So far that is the advantage of Windows Defender which managed to maintain the whitelist of the OS without hitch.


I think security companies must have proper procedure on how to avoid such rare issues.


Level 12
Aug 31, 2016
As already mentioned this happend to Panda AV. This affected all our PC's and laptops and was a absolute support nightmare! The emegency repair tool Panda provided only fixed some of the files so we had to reinstall Office on about 100 devices.
Needless to say when the AV contract came up for renewal, we dropped Panda like a lead balloon. We replaced it with Sophos, which so far had been exemplary.

Deleted member 178

Please people, stop this Witch Hunt !

none of you understand Webroot and know how it works ! Webroot is 100% helping its customers ! they create major issues to force their customers to choose a better security solution :D


Level 44
Jan 27, 2017
No witch hunt here from me, just honest opinions based on extensive experience.

Webroot is a real pita to run due to the incessant blacklisting/monitoring requiring tickets. Also we greatly dislike the fact over the years it hides it's size and usage in explorer.exe and hides it's size in a hidden folder (WRDATA) which I have found to be 60GB-200GB in size and totally filling SSD drives in some cases. Our lab tested WSA as part of our product testing for deployment and it quite simply scared the hell out of us with what it was doing and how it worked.

That aside, as a major MSP the first thing we do when we take over clients is remove Webroot if they have it deployed. Any time we do time and material work for customers we recommend (strongly) to remove Webroot. The reason is, in a business environment it isn't a good idea to use a whitelisting product as it can break way too many things. Anyone with experience dealing with a lot of clients know this to be true. (we have 35,000+) You need a smooth, vetted, well established and 'conservative' product combined with layered protection. Webroot, in our experience doesn't work well in such situations and this recent even sort of illustrates by we discourage it's use.

One of our MSP competitors with about 30,000+ systems has Webroot deployed on all of them has been in full damage control since this happened. It's so bad they've had to bring in contractors to supplement their workforce. This is going to get VERY expensive and the embarrassment is astounding. I can tell you with 100% certainty that once they recover their customers they are switching to a different product - and the cost to migrate will be extensive. Class action lawsuit talk is spreading around the MSP community right now.

The fallout of this is going to be far bigger than people realize.
Last edited:


Level 22
May 3, 2015
Does the error makes Windows unstable or unable to boot? Because if it's unable to boot I don't see how users could update the software or restore anything from quarantine...


Level 44
Jan 27, 2017
Unstable, but if the user uninstall WSA, the quarantined files are gone for good.

Webroot could actually go out of business over this given the scope of it. I will apologize in advance to moderators for my upcoming Webroot rant...

I remember awhile back some Webroot shill that goes around to all forums told me Webroot was 'Too advanced for me to understand' and was extremely condescending about the whole matter. To the point that Webroot has a negative association to me thanks to him, anytime I hear Webroot I think of that guy and triggers the negative association.

I'm going to be honest here.. I hate the product and people associated with it. I hate the way it operates. I hate the telemetry it gathers. I dislike the fact that former intelligence personnel work there. I dislike the shills they have going to around to forums. I dislike the fact that people at Webroot, from the bottom up summarily discount anything that gets through Webroot as 'harmless' when we know it isn't.

I remember installing Webroot on a relatives computer 'because he insisted'. I came back to his home a year later and had to remove 24 pieces of malware. The forum shill that works for Webroot claimed I was an idiot and that those weren't real threats. I worked with Webroot support on logs and diagnostics. Then had one of the higher up guys publicly tell me those 'weren't real threats, they were riskware that Webroot deems safe' and that I should ignore them and stop being picky.. Yet when I demonstrated that those pieces of riskware were slowing down the system, downloading backend junkware, filling temps and hijacking the browser I was told all of those activities aren't considered malicious. Glad to hear... Emsisoft must be wrong, I put that on the machine and it pulled off 292 threats and traces of crap Webroot says 'are safe and stop being a baby'.

So yeah. I hate Webroot and every single person associated with them and that hate has been cultivated over the years. So this fiasco with them is long overdue if you ask me and couldn't happen to a better bunch of idiots.


Level 26
Content Creator
Feb 10, 2017
Too advanced for me to understand
This has always been their excuse. Anyone who paints them in even a remotely negative light, they just point to how mystical their technology is and declare the person making the negative claim is simply wrong. It's honestly pathetic.

Webroot went to the root of the problem and tried to trash windows :p
"How can we improve the security of our users? Johnson! Why don't you give us your idea on what would help us better protect our users."
"Uh, well, if they're unable to use their PCs then they can't get infected, right?"
"That's genius, Johnson! You deserve a promotion!"
"Oh. Uh, thank you sir."
"I'm officially promoting you from company janitor to head security technician! Congratulations!"

-24 hours later-
Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them – knackering PCs in the process.
Last edited:

Deleted member 178

I remember awhile back some Webroot shill that goes around to all forums told me Webroot was 'Too advanced for me to understand' and was extremely condescending about the whole matter. To the point that Webroot has a negative association to me thanks to him, anytime I hear Webroot I think of that guy and triggers the negative association.
Same feeling here , I know who you are talking about, he is pure fanboy, even banned here. The guy just disregard any critics about his loved product and trolls you if you keep insisting.
I am a closed beta tester for Webroot (even before it was Webroot), so i know the product very well and he hates me because i don't lick Webroot boots and don't follow his rethoric.
Last edited by a moderator: