NodeLink Download Infected?

[socalgene]

Every time I try to download NodeLink, BitDefender gives me a message that the file is infected with Gen:Variant.Razy.450381.   The threat has been successfully blocked, your device is safe.

I cannot download NodeLink due to this.   Is this a false positive or is this an infected file?  How to proceed?

Thanks,  Gene

[Bumbershoot]

I ran a scan of the file here: https://www.virustotal.com/#/home/upload

14 of 68 virus scanners show some sort of file infection (six of those show the same virus signature as BitDefender), 8 show an infection by something else.  54 virus scanners show the file as being clean.

Just guessing, but there's a pretty good chance that these are false positives, given that there isn't much uniformity in the results, but there's certainly a chance.

[KeviNH]

That classification (Gen:Variant.Razy) is a common false positive in Windows, it's wrong as often as it's accurate.   It'd help if the supplier would populate the PE file checksum, as a blank checksum and no signature is a red flag for analysis tools.

Update:

? I ran the file through Palo Alto Networks "Wildfire" executable behavior analysis.   Initial verdict was Malware,  I asked them to do a manual review, and they've updated the classification to Benign, no malware found.

[io_guy]

Not much I can say about this one, false positive.

NodeLink uses a lot of ports, protocols, privileges, etc.  It's bound to be flagged by the odd malware analysis.