Huge Mistake: Kaspersky Quarantines Windows Explorer

Antivirus : Huge Mistake: Kaspersky Quarantines Windows Explorer

Posted by Max on 2007/12/23 0:55:32 (1385 reads)

Windows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.Users of Kaspersky Lab's antivirus products noticed the issue, which Kaspersky claimed lasted two hours, on Wednesday night.

The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net."

"This is classic false-alarm territory," Emm said. "We will check through our systems and see if we can tighten them up so we don't run into this problem in the future. No antivirus company, including ourselves, can say they have never had a false alarm, (but) on all fronts, we do what we can to minimize any potential risk for our customers."

Emm pointed out that Kaspersky adds about 3,000 records per week to its database, demonstrating the "scale of the issue, in terms of testing procedures."

The "offending signature" went out at around 7 p.m. on Wednesday, according to Emm, who claimed that it was pulled two hours later in a "makeshift" attempt to limit the damage while Kaspersky examined the signature.

"We proactively went out to our enterprise customers to make them aware there was this potential issue," Emm said. "Only one corporate customer (in the U.K.) encountered this problem, as well as a handful of home users." He added that users who have not changed their default settings would have found explorer.exe to be only quarantined, rather than deleted.

In March of this year, Kaspersky criticized Microsoft's consumer antivirus product, OneCare, for incorrectly quarantining and, in some cases, deleting Microsoft Outlook files.

Previous article - Next article

Other articles
2009/11/3 14:55:39 - BitDefender Top Ten Malware Threats for October 09
2009/11/3 14:29:38 - Nov. 09 Microsoft Security Intelligence Report
2009/10/7 15:19:17 - StopSign AntiVirus and Anti-Malware is Windows 7 Compatible
2009/10/7 15:11:26 - New Outlook Backup and Migration Software By Disk Doctors
2009/9/30 4:20:57 - Microsoft Security Essentials, FREE Security Tool Just Released
2009/9/28 14:31:52 - New Rogue Antispyware Cloaked To Infects Computers
2009/9/9 4:31:49 - Trend Micro Proves Leadership in URL Filtering and Web Security
2009/9/9 4:16:20 - New Free Tool to Clean Conficker Once and For All
2009/9/1 8:37:11 - Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 Out Now
2009/9/1 7:54:50 - NEW P2P Advertising Network Protects Users Against Lawsuits And Identity Theft

The comments are owned by the poster. We aren't responsible for their content.