Win11 reports debugbreak.exe as a worm in 1.23.0 #132
Comments
|
As @nyagizyildirim noted, just a false positive. This particular EXE has
less than 90 x64 instructions, and with a bit of assembly knowledge could
be independently manually-verified in a few minutes of effort.
This program is unchanged from previous releases, but it's hit pretty bad
this time around, especially the false positive from Windows' built-in
scanner (versus the usual snake oil fraudsters). Perhaps some incidental
way GCC 14 generates the code. I'd suspect being a tiny program (2KiB)
doing suspicious things (enumerating and opening processes) makes it stand
out, but the 32-bit build makes it through VirusTotal totally clean this
time around.
This program is not in any way essential, just a debugging tool, so having
it quarantined won't affect you unless you actually want to use it. (I use
it often myself, but I'm probably its only regular user.)
|
|
Thanks for the explanations! I'll close this issue accordingly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After extracting v1.23.0 I received a severe warning from windows defender and it quarantined debugbreak.exe and reported it as Worm:Win32/Sfone a dangerous and self-propagating worm.
??
The text was updated successfully, but these errors were encountered: