Kaspersky quarantines Windows Explorer

Kaspersky quarantines Windows Explorer

Summary: A false positive in Kaspersky Lab's antivirus products led to the quarantine or deletion of some Windows users' copies of explorer.exe

SHARE:
TOPICS: Security
0

Windows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.

Users of Kaspersky Lab's antivirus products noticed the issue, which Kaspersky claimed lasted two hours, on Wednesday night. The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet.co.uk on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net".

"This is classic false-alarm territory," said Emm. "We will check through our systems and see if we can tighten them up so we don't run into this problem in the future. No antivirus company, including ourselves, can say they have never had a false alarm [but], on all fronts, we do what we can to minimise any potential risk for our customers."

Emm pointed out that Kaspersky adds around 3,000 records per week to its database, demonstrating the "scale of the issue in terms of testing procedures".

The "offending signature" went out at around 7pm on Wednesday, according to Emm, who claimed that it was pulled two hours later in a "makeshift" attempt to limit the damage while Kaspersky examined the signature.

Read this

Feature

Feature: Cracking open the cybercrime economy

Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software

Read more

"We proactively went out to our enterprise customers to make them aware there was this potential issue," said Emm. "Only one corporate customer [in the UK] encountered this problem, as well as a handful of home users." He added that users who have not changed their default settings would have found explorer.exe to be only quarantined, rather than deleted.

In March of this year Kaspersky criticised Microsoft's consumer antivirus product, OneCare, for incorrectly quarantining and, in some cases, deleting Microsoft Outlook files.

Topic: Security

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion