Blocking Winzip Download

Discussion in 'ESET Endpoint Products' started by BeanCounter, Feb 7, 2013.

Thread Status:
Not open for further replies.
  1. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    Attempts to download the latest update to Winzip get blocked. I seem to recall that this has happened before with previous Winzip versions.

    Before I ignore the warning, is there anything I should worry about?
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    It sounds like it is a PUP bundled in the package that ESET is blocking.

    What's the detection name?
     
  3. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    Yes. It says a variant of Win32/OpenInstall a potentially unwanted application
     
  4. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    since nobody from ESET has commented on this I have submitted the file for analysis
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The detection is correct.

    If you wish to download this software, you can disable detection of Potentially Unwanted Applications in your ESET Endpoint software.

    Regards,

    Aryeh Goretsky
     
  6. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    I am aware of this. I was really asking if there is any real danger in downloading and installing the latest version of Wnzip
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No there's no danger WinZip itself is fine :)
     
  8. betona

    betona Registered Member

    Joined:
    Dec 8, 2007
    Posts:
    2
    Location:
    ohio
    Aryeh, you're a little cryptic - is Winzip genuinely distributing something bad in their payload? Or is NOD32 alerting to a potential issue based on what it looks like?

    Here's a link to the culpret:
    http://www.winzip.com/win/en/tmm-eval.htm
     
  9. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The page appears to provide a link to a file named WinZip170.exe. Given the size of the file (~360KiB), I would suspect it is some kind of software wrapper or download stub, as opposed to a full application.

    This particular kind of program is classified by ESET as a potentially unwanted application (PUA), and if a customer toggles detection of PUAs on in their copy of ESET's software, objects which meet that criteria for that classification will be detected by the software.

    For more information about PUAs, please see the following blog post: Potentially Unwanted Applications White Paper Updated on ESET's WeLiveSecurity portal.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.