View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001719 | Xdebug | Installation | public | 2019-11-26 16:58 | 2019-11-29 13:25 |
| Reporter | daryn | Assigned To | derick | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | no change required | ||
| Product Version | 2.8.0 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0001719: Windows DLL flagged as containing trojan | ||||
| Description | I downloaded php XDebug DLL from https://xdebug.org/download direct link: https://xdebug.org/files/php_xdebug-2.8.0-7.1-vc14-nts-x86_64.dll The SHA 256 of the downloaded file matches the SHA on the download page (8ee9bc4cd08907fd016edf291d143399c8f1fe99d1885bd624a5cb1adca18808) Windows Defender (Security intelligence version: 1.305.2850.0, updated 2019-11-26 6:50 AM) flags it as "severe" threat. This might be a false positive, but if it's *not* a false positive, a trojan in the XDebug download DLLs would be very serious. So I wanted to inform you FYI. Details: Thread detected: Trojan:Win32/Spursint.F!cl Alert level: Severe Category: Trojan Details: This program is dangerous and executes commands from an attacker. Link for more info: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Spursint.F!cl&threatId=-2147250015 | ||||
| Steps To Reproduce | 1. Run Windows 10, with Windows Defender updated on 26 Nov, 2019 (Security intelligence version: 1.305.2850.0, updated 2019-11-26 6:50 AM) 2. Download https://xdebug.org/files/php_xdebug-2.8.0-7.1-vc14-nts-x86_64.dll 3. Windows defender quarantines it being a severe threat | ||||
| Tags | No tags attached. | ||||
| Operating System | Windows 10 1909 | ||||
| PHP Version | 7.1.30-7.1.34 | ||||
