Windows Devender is flagging some .data files as 'Backdoor:PHP/Masqshell.E!dha'

oraoto / pib

PHP in Browser (powered by WebAssembly)

https://oraoto.github.io/pib/

Apache License 2.0

956 stars 113 forks source link

Windows Devender is flagging some .data files as 'Backdoor:PHP/Masqshell.E!dha' #69

Open AScriver opened 4 weeks ago

AScriver commented 4 weeks ago

I don't know enough about these files to determine whether or not this is a false-positive, so wanted to report this just in case.

AScriver commented 4 weeks ago

pib\docs-source\app\assets\php-worker.data and pib\docs-source\app\assets\php-web.data were flagged as well.

seanmorris commented 3 days ago

That's extremely odd. I'll need to spin up a windows VM to test this. Would you be able to provide the OS version as well as the version of Defender you're using?

AScriver commented 3 days ago

That's extremely odd. I'll need to spin up a windows VM to test this. Would you be able to provide the OS version as well as the version of Defender you're using?

Sure thing!

Windows OS:
Edition: Windows 11 Pro
Version: 24H2
OS build: 26120.2415

Windows Defender:
Windows Security Application Version: 1000.26100.0.1
Antimalware Client Version: 4.18.24090.11
Engine Version: 1.1.24090.11
Antivirus Version: 1.421.465.0
Antispyware Version: 1.421.465.0