The Channel logo

News

By | John Leyden 20th December 2007 17:00

Kaspersky false alarm quarantines Windows Explorer

Accidents will happen

A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse.

Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from quarantine (the default setting) within two hours. But that's not much consolation for users that had set their software to auto-delete infected files, who found themselves with hosed systems.

Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It would have only caused problems for companies performing their network scan during the hours that the dodgy update was present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I finally finished sorting it all at 5am.".

Postings to Kaspersky's forum reveal Carl was far from alone in experiencing problems as a result of the issue. The false alert flap follows just days after earlier problems in updating Kaspersky Lab anti-virus software led to some machines locking up. The close proximity of the two events has raised questions about the reliability of the Russian anti-virus firm's testing regime.

Faulty anti-virus signature updates are not uncommon across the industry. However, the latest Kaspersky SNAFU affects a core Windows component.

David Emm, senior technology consultant at Kaspersky Lab UK, said one UK enterprise customer and three end-users had reported problems with the false alert. "False alarms occasionally happen, and we take the issue seriously when it does," he told El Reg. "We have test systems in place to minimise the risk of this happening, but this seemed to have slipped through the net."

He added that Kaspersky would review the false alert, alongside last week's glitch, to see what improvements might be made to its internal testing system in order to minimise the risk of any similar errors in future. ®

comment icon Read 56 comments on this article alert Send corrections

Opinion

Houses of Parliament in night-time

Andrew Orlowski

Come on everybody, let's upload all our stuff into Government by Cloud
Joe Tucci EMC
frustration_anger_irritation_annoyance pain

Felipe Costa

Pressure to perform for stock market bearing down on disties

Features

Alistair Darling and Alex Salmond debate Scottish independence
You keep the call centres, Hamish, we'll take the banks
Internet of Things
Everyone loves those Things, just not on each others' terms
No email? No CRM? No Daily Mail iPad edition? You need a plan
Sinofsky's hybrid strategy looks dafter than ever