The Windows Defender reporting PHP Backdoor

I recently got a message from Windows Defender about a high risk level threat found on my system: Backdoor:PHP/Dirtelti.MTE. What's most strange is that the file to which the message applies is php-7.4.8.tar.gz.

Is it a real threat that I have to worry about? It refers to the file which I've downloaded from the official site for PHP server. If it is valid, would it be sufficient to just remove the php-7.4.8.tar.gz file from my system or have I to reinstall it to be sure I'm safe?


Solution 1:

That happens from time to time, and for all Anti Virus suites, Defender included.

Open Windows Defender, go to Virus and Threat Protections, and then in the right hand screen, Allowed Threats and whitelist the app causing the issue.

As I note, somewhat normal to have to do this. You said you downloaded the file from an official source.