Short bio

This is a generic detection for programs that set a debugger for other executables by using the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{name of the intercepted executable} registry key. Some legitimate programs that use this method have been white-listed.



You can read more about the use of these registry keys in our blogpost An Introduction to Image File Execution Options.


Malwarebytes can remove the registry key without problems. If you get this detection without any accompanying file, there is a chance that you are dealing with a false positive. If you suspect this is the case, feel free to reach out to us and report them on our dedicated forum for possible false positives.

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language