View Issue Details

IDProjectCategoryView StatusLast Update
0001719XdebugInstallationpublic2019-11-29 13:25
ReporterdarynAssigned Toderick 
Status resolvedResolutionno change required 
Product Version2.8.0 
Target VersionFixed in Version 
Summary0001719: Windows DLL flagged as containing trojan
DescriptionI downloaded php XDebug DLL from
direct link:

The SHA 256 of the downloaded file matches the SHA on the download page (8ee9bc4cd08907fd016edf291d143399c8f1fe99d1885bd624a5cb1adca18808)

Windows Defender (Security intelligence version: 1.305.2850.0, updated 2019-11-26 6:50 AM) flags it as "severe" threat.
This might be a false positive, but if it's *not* a false positive, a trojan in the XDebug download DLLs would be very serious. So I wanted to inform you FYI.


Thread detected: Trojan:Win32/Spursint.F!cl
Alert level: Severe
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
Link for more info:!cl&threatId=-2147250015
Steps To Reproduce1. Run Windows 10, with Windows Defender updated on 26 Nov, 2019 (Security intelligence version: 1.305.2850.0, updated 2019-11-26 6:50 AM)
2. Download
3. Windows defender quarantines it being a severe threat
TagsNo tags attached.
Operating SystemWindows 10 1909
PHP Version7.1.30-7.1.34



2019-11-29 13:25

administrator   ~0005190

This looks to be a false positive. It's the same SHA256 for the binary that I have produced locally.

Issue History

Date Modified Username Field Change
2019-11-26 16:58 daryn New Issue
2019-11-29 13:25 derick Assigned To => derick
2019-11-29 13:25 derick Status new => resolved
2019-11-29 13:25 derick Resolution open => no change required
2019-11-29 13:25 derick Note Added: 0005190