The Channel logo

News

By | John Leyden 20th December 2007 17:00

Kaspersky false alarm quarantines Windows Explorer

Accidents will happen

A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse.

Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from quarantine (the default setting) within two hours. But that's not much consolation for users that had set their software to auto-delete infected files, who found themselves with hosed systems.

Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It would have only caused problems for companies performing their network scan during the hours that the dodgy update was present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I finally finished sorting it all at 5am.".

Postings to Kaspersky's forum reveal Carl was far from alone in experiencing problems as a result of the issue. The false alert flap follows just days after earlier problems in updating Kaspersky Lab anti-virus software led to some machines locking up. The close proximity of the two events has raised questions about the reliability of the Russian anti-virus firm's testing regime.

Faulty anti-virus signature updates are not uncommon across the industry. However, the latest Kaspersky SNAFU affects a core Windows component.

David Emm, senior technology consultant at Kaspersky Lab UK, said one UK enterprise customer and three end-users had reported problems with the false alert. "False alarms occasionally happen, and we take the issue seriously when it does," he told El Reg. "We have test systems in place to minimise the risk of this happening, but this seemed to have slipped through the net."

He added that Kaspersky would review the false alert, alongside last week's glitch, to see what improvements might be made to its internal testing system in order to minimise the risk of any similar errors in future. ®

comment icon Read 56 comments on this article alert Send corrections

Opinion

Walking on water, image via Shutterstock

Chris Mellor

IDC stats reveal who's who in the backup appliance bearpit
Carry on Cleo

Gavin Clarke

Infamy, infamy, Amazon and Microsoft have all got it in for me!

Tim Anderson

Also signals stronger cross-platform tools, access to new markets

Features

Nerd fail photo via Shutterstock
Shouting match
Single market vs. rest of the world
hacker
Mostly it's financial crime. Here's what all the cool kids' terms mean in English
Apple logo. Pic: Blake Patterson
Plenty of bumps in the 40-year road for Mac makers