A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse.
Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from quarantine (the default setting) within two hours. But that's not much consolation for users that had set their software to auto-delete infected files, who found themselves with hosed systems.
Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It would have only caused problems for companies performing their network scan during the hours that the dodgy update was present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I finally finished sorting it all at 5am.".
Postings to Kaspersky's forum reveal Carl was far from alone in experiencing problems as a result of the issue. The false alert flap follows just days after earlier problems in updating Kaspersky Lab anti-virus software led to some machines locking up. The close proximity of the two events has raised questions about the reliability of the Russian anti-virus firm's testing regime.
Faulty anti-virus signature updates are not uncommon across the industry. However, the latest Kaspersky SNAFU affects a core Windows component.
David Emm, senior technology consultant at Kaspersky Lab UK, said one UK enterprise customer and three end-users had reported problems with the false alert. "False alarms occasionally happen, and we take the issue seriously when it does," he told El Reg. "We have test systems in place to minimise the risk of this happening, but this seemed to have slipped through the net."
He added that Kaspersky would review the false alert, alongside last week's glitch, to see what improvements might be made to its internal testing system in order to minimise the risk of any similar errors in future. ®