Originally Posted by
instrumentally
What we are seeing in the LOGs could be a combination of both failed user attempts and anti-virus scanners that are trying to analyze whether the EXE and associated files are trustworthy or not. As I mentioned towards the beginning of this thread, the EXE cannot be accessed through a web page linked to our home page. The EXE link was either in an email that we sent out, or in a HTML file on the server that has no links to any other page. So it cannot be that a standard search engine spider is behind the downloads. Would a search engine spider try to run a Web Deploy stub? That doesn't make sense. I can, however, see virus checkers performing sandbox tests. I can also see Google analyzing any links found in emails to EXEs that arrive in GMail inboxes.