Last Updated: 2012-02-15 01:50:21 UTC
by Manuel Humberto Santander Pelaez (Version: 2)
In my company, we began experiencing a problem when the users tried to access http://www.google.com.co though our Forefront TMG proxy. Every corporate user saw the following message:
This really looked strange, specially coming from google. I captured some packets and queried about the http get operations and got the following:
Also tried VirusTotal to scan the URL (http://www.google.com.co) and also got nothing:
I started analysis for http get number three. Wireshark shows some compressed content, so I took it from the capture and decompressed:
This problem has been confirmed in Microsoft website. I will update the diary when I have more information about it.
UPDATE: As of 20:11 GMT-5 Feb 14 2012, we received confirmation from Microsoft stating that this problem is a false positive and will be corrected in the update 1.119.1986.0 or higher for the antivirus.