A Webroot antivirus signature update, which was supposedly live for only 13 minutes yesterday afternoon, flagged crucial Windows system files as malicious, causing chaos and 15 pages of customer complaints so far.The havoc began after Webroot flagged some Windows system files as the malware Win32.Trojan.Gen and moved key system files to quarantine. As legit files were shuffled around, thousands upon thousands of Webroot customers experienced OS errors or crashed Windows systems.Individuals with home editions, as well as managed service providers (MSP) running business editions, took to Twitter and Webroot forums to express their displeasure. Tier one customer support personnel probably wanted to tear their hair out.At the same time that Windows was flagged as malicious, Webroot started blocking access to valid websites such as Facebook and\u00a0Bloomberg.Proper respect to @Webroot for calling it like it is. pic.twitter.com\/kQJrQBDzKW\u2014 \ufdfa HavenLabs \ufdfa (@HavenLabs) April 25, 2017After the bad detection rule was live for 13 minutes, anonymous security tweeter SwiftOnSecurity said a Webroot system kill switch kicked in to stop the anomalous detections. Even though files signed by Microsoft had been moved, there were enough Windows files left to allow systems to boot and to restore quarantined files.Webroot, which has previously claimed that it has about 3 million customers, proposed a false positive fix for small business customers, but many MSPs left unhappy replies. For example, one MSP commenter asked, \u201cHow am I supposed to do this across 3 GSM\u2019s with over 3 thousand client sites?\u201dAnother claimed, \u201cAs a MSP with over 5600 active licenses, your proposed resolution of manually releasing files from quarantine is a no go.\u201dAt one point yesterday, Webroot started replying to Twitter users with the promise of an upcoming fix, as well as a link to a ransomware presentation. Whether or not that inspired Twitter user Bob Ripley, he tweeted:@Webroot I seem to have installed a nasty Ransomware app. It's called Webroot. They already have my money, should I contact the FBI?\u2014 Bob Ripley (@M5_Driver) April 24, 2017This morning, Webroot issued the following statement:On April 24, Webroot experienced a technical issue affecting some business and consumer customers. A folder that is a known target for malware was incorrectly classified as bad, and Facebook was classified as a phishing site. The Facebook issue was corrected, and the Webroot team is in the process of creating a comprehensive fix for the false positive issue. In the meantime, small business customers and consumers can follow instructions posted in the Webroot Community to address the issue.Webroot was not breached, and customers are not at risk. Legitimate malicious files are being identified and blocked as normal. We are dedicated to resolving the issue and will provide updates as they are available in the Community.For some, a "we\u2019re sorry" won't cut it. One commenter in the Webroot thread claimed, \u201cMy technicians, project managers, and developers have been up all night on this and they still have not slept.\u201dThis is not the first time this year that a Webroot update caused systems to crash. In February, a faulty update caused the dreaded Blue Screen of Death for some customers. After the latest fiasco that is currently still not fully resolved for all MSPs, some customers are claiming on Twitter that they\u2019ve had enough and are kicking Webroot to the curb. Depending upon how much money they have wrapped up in Webroot as a \u201csmarter cybersecurity\u201d solution, and how many are actual customers instead of trolls, the growls may just be a result of frustration and aggravation..@WebrootSupport @Webroot If ya don't fix deez issues you've created for MSPs, I'ma use my 3000 monitored workstations to DDOS your shit.\u2014 Subtle Steve (@subtlesteve1) April 24, 2017If you know anyone adversely affected by Webroot\u2019s temporarily-issued bad rule, then it might be a good time to steer clear of them or to buy them a drink after their present nightmare ends.