'Webroot made my PCs s*** the bed' – AV update borks biz machines hard
Workaround is to disable the thing – no fix just yet for unlucky corps hit
Updated Anti-malware firm Webroot has apologized after an update pushed out this week borked computers at unlucky companies, leaving the PCs unbootable.
El Reg learned of the issue through reader Andrew, who reported that the Webroot 126.96.36.199 update for enterprises has "shit the bed," creating all sorts of problems on corporate networks. Windows systems crash with the following memory access error:
"It causes boxes to BSOD [Blue Screen of Death] in an unrecoverable state," Andrew explained. "Webroot have acknowledged the issue and are currently investigating it."
We're told affected machines struggle to boot up properly. There are workarounds described here, which involves disabling antivirus protection. Webroot confirmed to The Reg that there was an issue but said that only a minority of its customers are hit:
Webroot released a routine update on Tuesday 31 January, containing general fixes and minor feature enhancements. For most of our millions of customers, the service has run as normal. However, some customers have experienced a problem with the update, so Webroot's 24-hour support team has been working with them directly to remedy this quickly. If you are one of those customers, we sincerely apologize.
Essentially, the problem isn't fixed.
Another tipster, a sysadmin in the UK, wrote in today to tell us: "I'm currently dealing with some of the fallout from this, and scared about tomorrow as we have 700-plus installs of Webroot – including 130-plus in the US where we don't have any IT staff."
It sounds like a low-level component used by Webroot is touching memory it shouldn't, causing the kernel to stop. Typically, antivirus tools break computers by removing crucial operating system files, believing them to be malicious. This latest screwup is unusual in that not every customer appears to be affected. We're keeping a close eye on it. ®
Updated to add
Webroot has emitted version 188.8.131.52 to apparently fix the cockup:
Following reports of difficulties installing the latest Webroot SecureAnywhere Business (WSAB) update v184.108.40.206, a new agent release titled v220.127.116.11 has been deployed automatically to all of our WSAB customers on Thurs 2nd Feb 2017. This version provides relief to those customers experiencing installation problems.
Webroot apologizes for any inconvenience caused by this updated release. Our 24/7 Support team is briefed and available to customers who may have any questions or concerns about this update.
Sponsored: Becoming a Pragmatic Security Leader