Blocking Winzip Download

Discussion in 'ESET Endpoint Products' started by BeanCounter, Feb 7, 2013.

Thread Status:
Not open for further replies.
  1. BeanCounter
    Offline

    BeanCounter Registered Member

    Attempts to download the latest update to Winzip get blocked. I seem to recall that this has happened before with previous Winzip versions.

    Before I ignore the warning, is there anything I should worry about?
  2. SweX
    Offline

    SweX Registered Member

    It sounds like it is a PUP bundled in the package that ESET is blocking.

    What's the detection name?
  3. BeanCounter
    Offline

    BeanCounter Registered Member

    Yes. It says a variant of Win32/OpenInstall a potentially unwanted application
  4. BeanCounter
    Offline

    BeanCounter Registered Member

    since nobody from ESET has commented on this I have submitted the file for analysis
  5. agoretsky
    Offline

    agoretsky Eset Staff Account

    Hello,

    The detection is correct.

    If you wish to download this software, you can disable detection of Potentially Unwanted Applications in your ESET Endpoint software.

    Regards,

    Aryeh Goretsky
  6. BeanCounter
    Offline

    BeanCounter Registered Member

    I am aware of this. I was really asking if there is any real danger in downloading and installing the latest version of Wnzip
  7. SweX
    Offline

    SweX Registered Member

    No there's no danger WinZip itself is fine :)
  8. betona
    Offline

    betona Registered Member

    Aryeh, you're a little cryptic - is Winzip genuinely distributing something bad in their payload? Or is NOD32 alerting to a potential issue based on what it looks like?

    Here's a link to the culpret:
    http://www.winzip.com/win/en/tmm-eval.htm
  9. agoretsky
    Offline

    agoretsky Eset Staff Account

    Hello,

    The page appears to provide a link to a file named WinZip170.exe. Given the size of the file (~360KiB), I would suspect it is some kind of software wrapper or download stub, as opposed to a full application.

    This particular kind of program is classified by ESET as a potentially unwanted application (PUA), and if a customer toggles detection of PUAs on in their copy of ESET's software, objects which meet that criteria for that classification will be detected by the software.

    For more information about PUAs, please see the following blog post: Potentially Unwanted Applications White Paper Updated on ESET's WeLiveSecurity portal.

    Regards,

    Aryeh Goretsky
Thread Status:
Not open for further replies.