Last Updated: 2012-02-15 01:50:21 UTC
by Manuel Humberto Santander Pelaez (Version: 2)
In my company, we began experiencing a problem when the users tried to access http://www.google.com.co though our Forefront TMG proxy. Every corporate user saw the following message:
This really looked strange, specially coming from google. I captured some packets and queried about the http get operations and got the following:
Also tried VirusTotal to scan the URL (http://www.google.com.co) and also got nothing:
I started analysis for http get number three. Wireshark shows some compressed content, so I took it from the capture and decompressed:
This problem has been confirmed in Microsoft website. I will update the diary when I have more information about it.
UPDATE: As of 20:11 GMT-5 Feb 14 2012, we received confirmation from Microsoft stating that this problem is a false positive and will be corrected in the update 1.119.1986.0 or higher for the antivirus.
New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form