-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Win11 reports debugbreak.exe as a worm in 1.23.0 #132
Comments
As @nyagizyildirim noted, just a false positive. This particular EXE has
less than 90 x64 instructions, and with a bit of assembly knowledge could
be independently manually-verified in a few minutes of effort.
This program is unchanged from previous releases, but it's hit pretty bad
this time around, especially the false positive from Windows' built-in
scanner (versus the usual snake oil fraudsters). Perhaps some incidental
way GCC 14 generates the code. I'd suspect being a tiny program (2KiB)
doing suspicious things (enumerating and opening processes) makes it stand
out, but the 32-bit build makes it through VirusTotal totally clean this
time around.
This program is not in any way essential, just a debugging tool, so having
it quarantined won't affect you unless you actually want to use it. (I use
it often myself, but I'm probably its only regular user.)
|
Thanks for the explanations! I'll close this issue accordingly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After extracting v1.23.0 I received a severe warning from windows defender and it quarantined debugbreak.exe and reported it as Worm:Win32/Sfone a dangerous and self-propagating worm.
??
The text was updated successfully, but these errors were encountered: