The Channel logo

News

By | John Leyden 20th December 2007 17:00

Kaspersky false alarm quarantines Windows Explorer

Accidents will happen

A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse.

Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from quarantine (the default setting) within two hours. But that's not much consolation for users that had set their software to auto-delete infected files, who found themselves with hosed systems.

Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It would have only caused problems for companies performing their network scan during the hours that the dodgy update was present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I finally finished sorting it all at 5am.".

Postings to Kaspersky's forum reveal Carl was far from alone in experiencing problems as a result of the issue. The false alert flap follows just days after earlier problems in updating Kaspersky Lab anti-virus software led to some machines locking up. The close proximity of the two events has raised questions about the reliability of the Russian anti-virus firm's testing regime.

Faulty anti-virus signature updates are not uncommon across the industry. However, the latest Kaspersky SNAFU affects a core Windows component.

David Emm, senior technology consultant at Kaspersky Lab UK, said one UK enterprise customer and three end-users had reported problems with the false alert. "False alarms occasionally happen, and we take the issue seriously when it does," he told El Reg. "We have test systems in place to minimise the risk of this happening, but this seemed to have slipped through the net."

He added that Kaspersky would review the false alert, alongside last week's glitch, to see what improvements might be made to its internal testing system in order to minimise the risk of any similar errors in future. ®

comment icon Read 56 comments on this article alert Send corrections

Opinion

Lightning

Jack Clark

Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Microsoft CEO Satya Nadella
ARA_LIbertad

Chris Mellor

Elliott Management sinks its teeth into retiring godhead

Features

Sinofsky's hybrid strategy looks dafter than ever
Failure to crack next-gen semiconductors threatens to set back humanity
SMEs get lip service - what they need is dinner at the Club
SAP Match Insights
Vorsprung durch grossendatatechnik, as we like to say in Germany