The Windows Defender reporting PHP Backdoor

windows-10 php

I recently got a message from Windows Defender about a high risk level threat found on my system: Backdoor:PHP/Dirtelti.MTE. What's most strange is that the file to which the message applies is php-7.4.8.tar.gz.

Is it a real threat that I have to worry about? It refers to the file which I've downloaded from the official site for PHP server. If it is valid, would it be sufficient to just remove the php-7.4.8.tar.gz file from my system or have I to reinstall it to be sure I'm safe?


Solution 1:

That happens from time to time, and for all Anti Virus suites, Defender included.

Open Windows Defender, go to Virus and Threat Protections, and then in the right hand screen, Allowed Threats and whitelist the app causing the issue.

As I note, somewhat normal to have to do this. You said you downloaded the file from an official source.

Related

What kind of fiber is used in Intercontinental connections? Are repeaters used?
Apache: Reverse proxy the whole domain
Estimate IOPS for an Amazon EBS volume using Windows PerfMon
How to determine what's causing my server's load average to jump to 90
Is there a decent GUI for Amazon Route 53?
PostgreSQL won't start because it "Cannot allocate memory"
How to "Open a new window in GNU/Screen" by running a command?
Is rsync a good candidate for failover implementation (very large dataset)?
Netcat - Listen for Multiple UDP Connections
Active Directory New User Workflow
Duplicate and forward udp traffic
NAT Reflection, or Split DNS?