AskBillFirst – Non-Tech Speak Technology Blog

UPDATE, 10:00 AM PDT: Microsoft has identified the problem as being caused by a faulty definition file. This text has been added to the relevant page at the company’s Malware Protection Center:

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update.

PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain Web sites. It allows limited backdoor access and control and may terminate certain security-related processes.

UPDATE 2, 11:15 AM PDT: A Microsoft spokesperson provides the following response via e-mail:

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue – we released an updated signature (1.113.672.0) at 9:57 am PDT – but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.

The response does not provide any guidance for Forefront customers who have been affected by this issue. I’ve also asked for clarification on the “approximately 3,000 customers” figure. If a Forefront installation covering hundreds or thousands of users is counted as a single customer, the actual number of affected PCs could be considerably higher.