There are a causes for this issue ranging from actual compromise to software security suite false positives. The following operations will help narrow down the root cause:
Validate the Binary
Use a third party technology to validate the binary as potentially compromised as well as to verify its hash value against the original binary available from Esri's website. This can be done at a number of sites such as www.virustotal.com.
1. Upload & scan the suspected binary to a site such as www.virustotal.com. We did this with the clean source file hosted by esri, the results can be viewed here: https://www.virustotal.com/#/file/a3f758644774f36dca0b05fa87781b90b2e5caf3d0942b162b2a9a5815ed2c85/d...
If the file you upload presents a different profile than seen above (eg. reports any infections at all,) immediately alert your organizations IT/Software security team if available. The binary should be destroyed, and any systems the binary was processed through should be thoroughly scanned for signs of further infection.
2. Compare the SHA256 signature of the suspected file against the actual SHA256 signature of the file hosted by Esri. The SHA256 signature of the current release (4.1) of the ArcGIS Maps for Office 64-bit installer is:
SHA-256 | a3f758644774f36dca0b05fa87781b90b2e5caf3d0942b162b2a9a5815ed2c85 |
---|
Again, the www.virustotal.com site will report the SHA256 hash of the file you upload for comparison. Also/Instead, you may also execute the PowerShell command: "Get-FileHash ArcGISMapsForOffice_x64_4.1_en.exe" to process and display the SHA256 hash of the ArcGIS Maps for Office installation binary for comparison.
If the SHA256 file hashes do not match, the file may be corrupt or similarly compromised. Destroy the file and download a new copy of the binary here, and proceed with installation: ArcGIS Maps for Office.
False Positive: Whitelist Binary
If the above tests confirm the SHA256 hashes match the original file hosted by Esri, and the file reports to be uncompromised then we can reasonably conclude the file is not infected and that the security software on the system is reporting a false positive *or* the security software expressly requires installation binaries be whitelisted (allowed to install.)
In this case, submit the binary to your IT/Software Security team for whitelisting action.