2 Replies Latest reply on Feb 27, 2014 9:06 AM by Regis

    Unable to download WinZip

    jdepriest

      At work, our help desk is trying to download the latest WinZip. We have purchased licenses for it and everything. The URL that was being blocked by our McAfee Web Gateway is: http://install.winzip.com/cd27303c54042ace9e6dd2f812b2def7/qNAiI0iw/WinZip180.ex e

       

      The MWGs said it was McAfeeGW: Artemis!031B27C29993 which is my experience is probably a false positive.


      I ran that through Virus Total and while the URL was fine the executable turned up these:

      Antivirus     Result     Update

      Agnitum     Riskware.OpenInstall!     20140204

      DrWeb     Adware.Downware.1923     20140205

      ESET-NOD32     a variant of Win32/OpenInstall     20140206

      Rising     PE:Malware.XPACK/RDM!5.1     20140205

      Sophos     Open Install     20140205


      So maybe it is infected with some sort of potentially unwanted software?


      I bypassed the malware block and tried it again. I was able to download the installer but when I ran it, it tried to download stuff from sites that were classified as Malicious Sites by our MWGs: http://c12081072.r72.cf2.rackcdn.com/main.min.js?lang=en


      I ran that URL through Virus Total and it's clean but then Virus Total isn't a very reliable way to determine if a URL is malicious.

      Blue Coat (using http://sitereview.bluecoat.com/sitereview.jsp) says it is just a Content Server.


      So who is correct? This wouldn't be the first time we've gotten false positives from the MWG.