We are seeing that the Pycharm gateway plugin - remote-dev-worker-windows-amd64.exe is being flagged as malicious by EDR tools
Path - `PyCharm.app/Contents/plugins/gateway-plugin/lib/remote-dev-workers/remote-dev-worker-windows-amd64.exe`
SentinelOne flagged it due to the following indicators:
- This binary contains abnormal section names which could be an indication that it was created with non-standard development tools
- This binary imports debugger functions
Per the VirusTotal report for the binary https://www.virustotal.com/gui/file/ce84d71b8d0c4d275ab0c1e91a8eb1dd0ff467eb1c441d5d8752e707db9d1484/community it looks like UPX compression is used which is unusual and suspicious.
Also attaching a malware sandbox report - https://www.hybrid-analysis.com/sample/ce84d71b8d0c4d275ab0c1e91a8eb1dd0ff467eb1c441d5d8752e707db9d1484/640a490492a177e74704b8c4 which lists several suspicious behaviours including the use of UPX compression.
Please confirm if this is expected