At work, our help desk is trying to download the latest WinZip. We have purchased licenses for it and everything. The URL that was being blocked by our McAfee Web Gateway is: http://install.winzip.com/cd27303c54042ace9e6dd2f812b2def7/qNAiI0iw/WinZip180.exe
The MWGs said it was McAfeeGW: Artemis!031B27C29993 which is my experience is probably a false positive.
I ran that through Virus Total and while the URL was fine the executable turned up these:
Antivirus Result Update
Agnitum Riskware.OpenInstall! 20140204
DrWeb Adware.Downware.1923 20140205
ESET-NOD32 a variant of Win32/OpenInstall 20140206
Rising PE:Malware.XPACK/RDM!5.1 20140205
Sophos Open Install 20140205
So maybe it is infected with some sort of potentially unwanted software?
I bypassed the malware block and tried it again. I was able to download the installer but when I ran it, it tried to download stuff from sites that were classified as Malicious Sites by our MWGs: http://c12081072.r72.cf2.rackcdn.com/main.min.js?lang=en
I ran that URL through Virus Total and it's clean but then Virus Total isn't a very reliable way to determine if a URL is malicious.
Blue Coat (using http://sitereview.bluecoat.com/sitereview.jsp) says it is just a Content Server.
So who is correct? This wouldn't be the first time we've gotten false positives from the MWG.
I reported this (twice) when one of our users encountered it. Avert whitelisted the binary as the heuristic turned out to be a false positive.
Virus_research_gateway@avertlabs.com is where I reported it.
If that's the first time you've gotten a false from MWG, ... I consider you lucky enough that I'd like to ask you some lottery numbers, jdepriest!
That said, however, I immediately asked the user "why exactly aren't you using free 7-zip.org ? "on 2/27/14 9:06:18 AM CST