I have just tried to download the latest RUT (v6.0.4) and just before completion, Google advises that the download has been blocked because RUT6.zip will "harm my browsing experience". The same thing happened with a separate host download. (My background Virus Checker is Kaspersky, but the report specified a Google blockage.) Any advice?
Edited:Allan Knox - Jun 26, 2015 10:14:50 am EDT (Mistype)
Yes, thank you for reporting this. It's all the more strange to see such a false positive given the fact that we removed the "hide tray icon" feature in the last version just because antivirus programs used to frown upon that.
Anyway, we have just submitted a request to Google to reconsider their "detection".
Just for the record, Kaspersky itself reported the various RUT files during a full scan as "genuine software which could be misused by intruders". However, it did at least give the option of clearing it for use, and clicking a checkbox to apply the same rule to all similar discoveries (as in backups etc.).
Yes, this is a so-called "not-a-virus" category. The file is not necessarily deleted, Kaspersky is only warning the user that the software is "potentially dangerous" meaning that it can be dangerous if misused.
Allan Knox wrote: By way of an update, I have just successfully downloaded the zip file on Internet Explorer and it not only downloaded without a qualm, but also passed an inbound file security scan.
The last time when Google/Chrome detected our zip archive as "malware" , a couple of months ago, they responded to our request very quickly and removed the false positive within hours. So we hope they will be as quick this time.
Strangely enough, they don't detect Viewer and Host as such , although the zip archive is nothing more than just the same Viewer and Host msi files zipped. It seems like they don't even look at the contents, and simply "detect by name".
We received a response from them just now. They say that's it's still "malware". Funny thing is - they call the threat "Undetermined malware" and they don't even give any details as for what type/class of "malware" it is.
I also just tried in Chrome Browser "Version 43.0.2357.130 m" and it resulted in "agent.exe may harm your browsing experience, so Chrome has blocked it." There used to be a drop-down menu choice "Keep" but that's gone now. But you can go into "Show all downloads" and click "Recover malicious file" then you get another popup and have to click "Keep anyway" altho these exact details of what to click and what the exact text says will probably change over time.
Of course this is just to download it in the browser. Then you have to get thru your antivirus perhaps once when downloading and perhaps again when invoking.
Update on this issue. It seems like the root cause for the Chrome issue is Symantec falsely detecting our program as risky/potentially dangerous. Which in itself is very strange given the fact that our digital certificate is issued by VeriSign and there haven't been any false positive issues with Symantec for very long. We assume that Chrome somehow uses the data from Symantec and aggregates them with data from other vendors, but we are not sure. We have already reported this to Symantec and hopefully the issue will be resolved soon.
It should be noted though that Google Chrome is very quick in going from a mere assumption to a final verdict. That is from the subtle "may harm your browsing experience" to calling the file as being outright malicious.
UPD: sorry, just noticed that you have already provided the instruction in your message. So I've deleted mine