False Positive for Light Image Editor

FabriceMeuwissen · 2025-01-15T14:18:15+00:00

There was an error rendering this rich post.

Hello

I just installed BitDefender and it's not that easy to understand how it works and the notification on threats aren't so clear.
I m using daily a program from Obviousidea and one of the part of the software "Light Image Editor" has been flagged but I don't know why as I m using it since weeks now. ( for the screenshot feature )

I can't even see the full thread name ? Gen:Variant.Tedy ? so …. what's the threat exactly ?

Find more posts tagged with

Comments

Alexandru_BD

Hello @FabriceMeuwissen,

If you trust the app and suspect an incorrect detection, you can report it to the to Bitdefender Labs using the form available at the link below:

https://www.bitdefender.com/consumer/support/answer/29358/

Once confirmed, false alarms are corrected within hours.

In the meantime, if you are absolutely sure there's no threat there, you can add the app .exe as an exception for the ATD security module by following the instructions from this article:

https://www.bitdefender.com/consumer/support/answer/2393/

Bitdefender's Advanced Threat Defense continuously monitors the applications and processes running on your computer. It monitors suspicious activities such as copying files to important Windows operating system folders, executing or injecting code into other processes, multiplying them, changing the Windows registry, or installing drivers. Each action is scored, and every process receives a danger score. If the overall score for a process reaches a certain threshold, Bitdefender makes the decision to block that application that 99% of the time turns out to be malware. Thanks to the score-based rating system, the number of false positive detections is very low and the detection of threats, even if they are very new, is extremely effective.

So, if the app you are using exhibits a malware-like behavior, ATD will kick in.

I hope this helps.

Regards,

Alex

FabriceMeuwissen

Hi Alex,

but it is supposed to be at each release / minor update of the software ? and if writing something in the registry in each own local key is a malware for sure the 99% rate is maybe not realistic.

Also, as seen in the screenshot, the full threat description isn't visible ( and the windows doesn't seem to be resizeable ) can you confirm ?

thanks,

Fabrice

Alexandru_BD

Indeed, you can't resize that window to see the full path and this is something that has been brought up before on the forum. I'm not sure in this case how the path would actually help, because the file name is already displayed and also the detection type, and there are only two actions to take there anyway, restore or delete. You don't really have a hyperlink to the location.

You could navigate to Notifications in the Bitdefender UI and look for the detection log. This often contains the full path of the detected items.
However, if you suspect that Bitdefender mistakenly flagged a legitimate file as a threat, you can report the detection to the Bitdefender Labs as recommended above, and you can also restore a file from quarantine if you think it’s legitimate and not a real infection. To do this, you can follow the steps from the article below:

https://www.bitdefender.com/consumer/support/answer/2092/

Just make sure to sign in to Windows with an administrator account to restore quarantined files back to folders, because administrator-level access is required for this action.
Furthermore, you can adjust the quarantine settings according to your preferences, and create an exception for already restored files, if this helps you.

Regards

FabriceMeuwissen

the hint can give the full detail of the field of the table. But… we still don't know what kind of threat ? in what it's dangerous ? it sounds like a random warning but where to find more information ?

Alexandru_BD

I will provide more context on this detection type.

The detection name is used to identify a specific type of malware. It's a naming convention that indicates that Bitdefender has identified a potential threat that is a variant of a known malware family. 'Generic' suggests that the detection is based on a general signature or behavior pattern rather than a specific known malware instance. Malware authors often create new variants of their software to evade detection, so the 'variant' component indicates to what malware family it belongs. 'Tedy' is the name assigned by Bitdefender to this particular type of malware. The digits at the end of the string represent the unique identifier assigned to this specific variant of the malware.

In a nutshell, generic detections are used to identify new variants of known malware by looking for patterns or behaviors that are common among these variants. This allows the software to catch new threats that have not yet been individually identified.

Being flagged as 'Gen:Variant.Tedy'suggests that the file exhibits characteristics commonly associated with malware, though it might not be a known malware sample. It could be a new or modified version of an existing threat.

FabriceMeuwissen

and again…. weeks after, the same teddy false detection in our software Photolikr

https://www.virustotal.com/gui/file/3380b43ddee68bd9e394cffc411d198585873071c6c553d1290247d83be9e514?nocache=1

Flexx

https://community.bitdefender.com/en/discussion/comment/353660#Comment_353660

If you believe a website or file has been incorrectly blocked by Bitdefender, you can submit the details to Bitdefender malware researchers by filling out the form at the link below:

https://www.bitdefender.com/consumer/support/answer/29358/

If the website or file is found to be incorrectly blocked, the detection will be removed within a maximum of 72 hours. However, if the detection persists after 72 hours, the website or file will be considered malicious, as determined by our malware researchers, and the detection will remain.

Regards

FabriceMeuwissen

already did, but as a software publisher, we are not supposed to have ourself all the antivirus installed. the form requires a lot of details than we don't have because bitdefender interface doesn't help to sort out what to send.

https://www.virustotal.com/gui/file/3380b43ddee68bd9e394cffc411d198585873071c6c553d1290247d83be9e514

is there a direct access, like we can find with some antivirus manufacturor ?

Flexx

https://community.bitdefender.com/en/discussion/comment/353682#Comment_353682

There is no direct way to contact a Bitdefender malware research team member.

Regards

Alexandru_BD

Hi,

There is a direct way to get in touch with Support as well, maybe this helps speed up things. Nevertheless, the detection will have to be investigated by Bitdefender Labs and they are the ones who can remove it, in the event of a false positive.