Attack timeline involving compattelrunner
Hello,
I am trying to understand this sequence of events from a "threat blocked on your device" due to real time protection:
1) 05:28 Wininit.exe executes services.exe
2) 05:31 services.exe executes svchost.exe
3) 5:40 svchost.exe executes compattelrunner.exe
4) 5:41 (more than a minute later) a FreeFileSync file get detected as infected with Gen:suspicious.Cloud.4.@blah blah. This file gets quarantined
I see no reason why compattelrunner would "do anything" to this FreeFileSync file, which was not even in use at the moment. Suspecting it to be a false positive, I dragged this file back out of quarantine a day later and ran BitDefender directly on this file, and it came out fine. Is Bitdefender accusing compattelrunner of modifying my files, and if so, why isn't that blocked instead? Second, if the "next day version" of BitDefender thinks the FreeFileSync file is OK, it should automatically rescan it and drag it back out of quarantine.
Bitdefender Total Security on Windows 11
