I'm guessing this is yet another case of "the engine had 2% confidence that it might possibly be X, so let's call it an X and delete it" antivirus brainfart. I say throw the URL at Sophos' "virus report" thingy, them about the false positive, and wait.

The title in this URL seems a little simplistic, but this is what I hand people on this subject (I'd advise reading at least the first 8-10 PgDns of it): https://www.reddit.com/r/buildapc/comments/3e16h7/what_is_th...

Also while we're on the subject, are there any effective techniques out there (binary fuzzing, injecting nops, or rearranging the code and adding jmps, for example) to mitigate this? I'm guessing categorically not...

It'd be great if you could provide more details...

That's all I get when I press download on the official putty website. I have sophos endpoint security and control, version 10.3 installed.

have you tried it via ssl?