The Channel logo

News

By | John Leyden 20th December 2007 17:00

Kaspersky false alarm quarantines Windows Explorer

Accidents will happen

A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse.

Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from quarantine (the default setting) within two hours. But that's not much consolation for users that had set their software to auto-delete infected files, who found themselves with hosed systems.

Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It would have only caused problems for companies performing their network scan during the hours that the dodgy update was present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I finally finished sorting it all at 5am.".

Postings to Kaspersky's forum reveal Carl was far from alone in experiencing problems as a result of the issue. The false alert flap follows just days after earlier problems in updating Kaspersky Lab anti-virus software led to some machines locking up. The close proximity of the two events has raised questions about the reliability of the Russian anti-virus firm's testing regime.

Faulty anti-virus signature updates are not uncommon across the industry. However, the latest Kaspersky SNAFU affects a core Windows component.

David Emm, senior technology consultant at Kaspersky Lab UK, said one UK enterprise customer and three end-users had reported problems with the false alert. "False alarms occasionally happen, and we take the issue seriously when it does," he told El Reg. "We have test systems in place to minimise the risk of this happening, but this seemed to have slipped through the net."

He added that Kaspersky would review the false alert, alongside last week's glitch, to see what improvements might be made to its internal testing system in order to minimise the risk of any similar errors in future. ®

comment icon Read 56 comments on this article alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust