Antivirus Reporting Issue

Hi All,

I'm new to this software, and work in the IT department of a University. I'm trying to prep one of our computer labs for a project this week but am having an issue when downloading the most recent version of Arduino (Nightly_Build). Our corporate firewall is returning a report about the software that classifies it as malware.

Has anyone ever had this happen to them?

The report came back with the following information:


WildFire Analysis Report

File Name: arduino.l4j.ini
Uploaded by: PAN01 (S/N 0008C101225) at 2015-03-20 08:29:02 EDT
SHA256: 0424d1b47318f318b1b1083e7f60c939507b861780a49cbccfd6c8931e0c7cee
MD5: 212400f6192722ec44a8cdfbb3c61878
File URL: downloads.arduino.cc/arduino-nightly-windows.zip
User: ffldu\bnw16301
Application: web-browsing
Source IP/Port: 5.254.127.101:80
Destination IP/Port: 10.34.6.99:62395

Verdict: This sample was determined to be malware.

Summary of behaviors observed during analysis:

  • Created or modified a file
  • Started a process
  • Modified the Windows Registry
  • Modified Internet Explorer security settings
  • Used the HTTP POST method
  • Sent an HTTP response before receiving a request
  • Created a file in the Windows folder
  • Listened on a specific port
  • Used SSL
  • Started a process from a user folder
  • Modified proxy settings for Internet Explorer
  • Modified connections settings for Internet Explorer
  • Attempted to sleep for a long period

As I don't have a very good understanding of how this program works, any feedback into why our system would flag it this way would be very helpful.

Thanks,
Jack

arduino.l4j.ini is a text file. I can't harm anything.
However, please remind that nightly builds are not signed, only releases are.