I'm downloading from the Piriform website, of course.

https://www.piriform.com/ccleaner/download >

Download button under CCleaner Free which is a link to >

http://download.cnet.com/CCleaner/3000-18512_4-10315544.html?part=dl-&subj=dl&tag=button >

Download Now button which attempts to download ccsetup526.exe from >

http://files.download​now-1.com/s/software​/15/68/79/90/ccsetup​526.exe?token=1486...

at which point McAfee SiteAdvisor says "Whoa! This site may be risky to visit ..." The site report is at >

https://www.mcafee.com/threat-intelligence/site/default.aspx?url=http://files.downloadnow-1.com/s/software/15/68/79/90/ccsetup526.exe?token=1486082677_e8076e667c0a9d1553ae632a35ad50dc&fileName=ccsetup526.exe

The report gives this a risk level of "High" (their highest level). If I proceed to Save the file anyway, I get a further warning "Woah[sic], that download is dangerous! We found there might be viruses, spyware or other potentially unwanted programs in the file you are trying to download. Filename: ccsetup526.exe. Domain: files.downloadnow-1.com.

If I click on "Accept the Risk" and continue, it proceeds to download ccsetup526.exe (8,813,488 bytes) digitally signed by Piriform Ltd. on 21 Dec 2016 (SHA1 and SHA256). A separate scan using McAfee Viruscan of the downloaded file itself did not result in any further warnings, so it's apparently the downloadnow-1.com site that's triggering the warning, and not a detected virus in the file itself.

So while it seems like a false positive, I thought I'd post this nonetheless since it's strange to see (I almost never get false positives by McAfee WebAdvisor on downloading executables). Any comments?

Best to download from here

https://www.piriform.com/ccleaner/builds

some anti viruses will just warn you when you download an executable file, its normal and they will also scan the downloaded file and check in compressed archives as well. Its just a way of telling you to becareful what you download.

Hi Tango, and welcome to the forum.

I don't get the sequence of events you outline above. If I press the first link in your post it takes me to the Piriform download page, where after pressing the download button under CCleaner free takes me here ...

https://www.piriform.com/ccleaner/download/standard

... where after about 4 seconds the CCleaner download dialogue box appears. There isn't any being passed from one site to another.

Please don't construe that as meaning I don't believe that's what happened to you, but there must be some reason why.

Have any of you other guys experienced what Tango experienced? I've repeated the process half a dozen times and I can't reproduce it. Something amiss here methinks which maybe should be put right.

If other members wouldn't mind trying it to see if they go on that jolly but unwanted jaunt.

tango's provided first link takes me to the download page.

I click the green download button in the Free column which goes the the "thank you for downloading CC" page.

about 3 seconds later Firefox pops up the "your file is downloading... Save File or Cancel" box.

@tango, your AV could just be picking up the free Chrome offers (PUP's?) embedded into CC.

From that Intel McAfee analysis it shows the download site as (purposely put into a codebox to make it non-clickable):

download​now-1.com

It has nothing to do with the official downloads from Piriform. As always download from official software website's when possible to avoid tampering, and illegal re-packaging which could contain malware.

Edit:

This is what McAfee SiteAdvisor states about Piriform.com (this website), it's all green and good:

https://www.siteadvisor.com/sites/piriform.com

Or to see a site using muliple scanners use urlvoid.

Here is Piriform.com (scroll down slightly)

http://www.urlvoid.com/scan/piriform.com/

At the risk of my missing something here (highly likely, even probable), I still don't see why pressing the download button here ...

https://www.piriform.com/ccleaner/download

... would take Tango to the CNET download page for CCleaner. Which it did, and just for info that link on CNET for CCleaner is blocked by my browser.

That's what I'm asking. Regardless of what McAfee says about the link on the CNET page, why was he taken to CNET in the first place?

i think this is default view for every visitor to download page

Thank you for that, I think we're getting somewhere, as this is what I see ...

... which activates the download dialogue box after a few seconds pause. One button, no choices.

What do others see?

Edit: I'm thinking this could be a location thing.

Country specific software/download agreements maybe.

Same experience here as in post #4. Tango's first link goes to the real download site.

In fact Firefox won't even let me go to the download 1 site, and ublock origin blocks CNET.

Could it be that tango's browser is being redirected?

Wonder why tango hasn't been back?

Thank you for that, I think we're getting somewhere, as this is what I see ...

... which activates the download dialogue box after a few seconds pause. One button, no choices.

What do others see?

Edit: I'm thinking this could be a location thing.

Country specific software/download agreements maybe.

i get the same one Download button when opening download page using kproxy

so i think you're right about the location

Mystery solved I think so thanks for your input.

I'm almost sure I've come across this country specific thing before but it must've slipped into the farther reaches of the old memory banks.