Win11 reports debugbreak.exe as a worm in 1.23.0

[shakfu]

After extracting v1.23.0 I received a severe warning from windows defender and it quarantined debugbreak.exe and reported it as Worm:Win32/Sfone a dangerous and self-propagating worm.

??

[nyagizyildirim]

85

[skeeto]

As @nyagizyildirim noted, just a false positive. This particular EXE has less than 90 x64 instructions, and with a bit of assembly knowledge could be independently manually-verified in a few minutes of effort.

This program is unchanged from previous releases, but it's hit pretty bad this time around, especially the false positive from Windows' built-in scanner (versus the usual snake oil fraudsters). Perhaps some incidental way GCC 14 generates the code. I'd suspect being a tiny program (2KiB) doing suspicious things (enumerating and opening processes) makes it stand out, but the 32-bit build makes it through VirusTotal totally clean this time around.

This program is not in any way essential, just a debugging tool, so having it quarantined won't affect you unless you actually want to use it. (I use it often myself, but I'm probably its only regular user.)

[shakfu]

@nyagizyildirim @skeeto

Thanks for the explanations! I'll close this issue accordingly.