FileZilla False Positive? FileZilla_3.11.0.1_win64-setup.exe

[REDACTED]

Is Avast still doing false positives on Filezilla?  Note the version and the location the file is sourced from.

Filezilla web site say they trust sourceforge.net so who do I trust?

I downloaded this from the soundforge.net
http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.11.0.1/FileZilla_3.11.0.1_win64-setup.exe/download?accel_key=57%3A1432465143%3Ahttps%253A//filezilla-project.org/download.php%253Ftype%253Dclient%3Ac37ab1bf%24735becda88582f3f0d5db51cfaebf19f0e436b16&click_id=e3e25412-0203-11e5-9c17-0200ac1d1d8b&source=accel

Avast prompts me that it is a threat - Avast Harden mode prevented a program from starting on your computer.

I am using version 3.5.1 as it doesn't seem to have any problem with that version.  Would love to know if Avast is getting it wrong.

Thanks.

[Eddy]

Report it as a (possible) false positive:
https://blog.avast.com/tag/false-positive/

[Pondus]

seems to containe PUP crap ... not shown on VT but also detected by Norman/BlueCoat as  BundlePack.IC
https://www.virustotal.com/nb/file/17cdbf85c925baba6be58c080484bd5200fcee7c370dc2ffbf04e9f9d45ee75c/analysis/1432478773/

Info here confirms the detection name given by Comodo

  Authenticode signature block
Copyright
Publisher Funnel Delivery (Fried Cookie Ltd.)
Product Web
File version
Description Web Setup
Comments This installation was built with Inno Setup.
Signature verification  Signed file, verified signature
Signers   

• Funnel Delivery (Fried Cookie Ltd.)
• GlobalSign CodeSigning CA - G2
• GlobalSign

[REDACTED]

seems to containe PUP crap ... not shown on VT but also detected by Norman/BlueCoat as  BundlePack.IC
https://www.virustotal.com/nb/file/17cdbf85c925baba6be58c080484bd5200fcee7c370dc2ffbf04e9f9d45ee75c/analysis/1432478773/

Thanks for the heads up.  So it would seem that the program is still getting crap put in it even from a respectable site.

It would be nice if Avast actually identified why it blocks a program. 

The link you gave showed the infection as different possibilities which also doesn't help working out what to expect. 

Looks like I'll stick with the old version of Filezilla 3.5.1

[Gopher John]

I downloaded Filezilla 3.11.0.1 from http://tcpdiag.dl.sourceforge.net/project/filezilla/FileZilla_Client/3.11.0.1/FileZilla_3.11.0.1_win64-setup.exe and Avast didn't alert on it back on May 22nd nor just now.  MalwareBytes scan also had no issues with the download or install.

[Eddy]

Look at the file details, there are major differences:
https://www.virustotal.com/en/file/9de018f50c271f9068ff6e1eedb9eabc51ef2471c90513252bdd7eb7491c5d5d/analysis/1432511090/

https://www.virustotal.com/en/file/17cdbf85c925baba6be58c080484bd5200fcee7c370dc2ffbf04e9f9d45ee75c/analysis/1432478773/

Look also at the publishers and other things.

[Gopher John]

I offered a link to what I consider a clean download.  VirusTotal results verify that the sourceforge link points to a modified file which has, at minimun, a pup added.

[Eddy]

Your link also points to sourceforge 

[Gopher John]

Your link also points to sourceforge 

But the file is clean.

[Pondus]

Both are clean, it is just that the first one is bundled with some extras. Some may want it, others not, thats why it is called PUP / Possible Unwanted Program 
if you compare file size ( 730kb  vs  6,2mb )   it seems the first one is just a downloader for the program, like the one from cnet and similar

[Lisandro]

Thanks Pondus. Seems that FilleZilla is doing something fishy... It's not the first time it is flagged as PUP...

[Eddy]

Strange is that both claim to be the 64 bit version, but if you look at the file details one is saying the original name is 32 bit.
According to the description both are the installers for the exact same application.

Strange thing is the two different original file names, the two different publishers... etc.
You would (could?) expect there is just one person that publish things.

LateralNW,
SourceForge is (at least in theory) a trusted site.
But that doesn't mean all software published there is/can be trusted.

[REDACTED]

If you wish to avoid downloading FileZilla (with included rubbish) then you need to click "download" the option in the menu on the left-hand side.

Then the "Show additional download options" link (located on the main page).

This should take you to the following url

https://filezilla-project.org/download.php?show_all=1

Select the relevant x32 or x64 build.

[REDACTED]

Just an update
I have since downloaded from this link and Avast did not complain.
so I am assuming that this particular downloadable file is free from malware/pup/virus etc.


https://filezilla-project.org/download.php?show_all=1
I selected for x64 bit windows
FileZilla_3.13.1_win64.zip

I noticed that when I attempted to do the same process again (to supply a link to this post) from the renewed link page that the file name was different, giving me the impression that there was a later version based on its file name!
I backed tracked and the link I have supplied is exactly the steps I took.

File details are
version 3.13.1.0
filezilla.exe ‎Monday, ‎24 ‎August ‎2015, ‏‎3:56:48 PM actual size 11.5 MB (12,098,520 bytes)

all the other files appear to be date stamped exactly the same as above.

certificate details


Hope that helps others who may have had this problem.