False Positive for Light Image Editor

Hello

I just installed BitDefender and it's not that easy to understand how it works and the notification on threats aren't so clear.
I m using daily a program from Obviousidea and one of the part of the software "Light Image Editor" has been flagged but I don't know why as I m using it since weeks now. ( for the screenshot feature )

I can't even see the full thread name ? Gen:Variant.Tedy ? so …. what's the threat exactly ?

Comments

  • Hello @FabriceMeuwissen,

    If you trust the app and suspect an incorrect detection, you can report it to the to Bitdefender Labs using the form available at the link below:

    https://www.bitdefender.com/consumer/support/answer/29358/

    Once confirmed, false alarms are corrected within hours.

    In the meantime, if you are absolutely sure there's no threat there, you can add the app .exe as an exception for the ATD security module by following the instructions from this article:

    https://www.bitdefender.com/consumer/support/answer/2393/

    Bitdefender's Advanced Threat Defense continuously monitors the applications and processes running on your computer. It monitors suspicious activities such as copying files to important Windows operating system folders, executing or injecting code into other processes, multiplying them, changing the Windows registry, or installing drivers. Each action is scored, and every process receives a danger score. If the overall score for a process reaches a certain threshold, Bitdefender makes the decision to block that application that 99% of the time turns out to be malware. Thanks to the score-based rating system, the number of false positive detections is very low and the detection of threats, even if they are very new, is extremely effective.

    So, if the app you are using exhibits a malware-like behavior, ATD will kick in.

    I hope this helps.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • FabriceMeuwissen
    FabriceMeuwissen ex photographer

    Hi Alex,

    but it is supposed to be at each release / minor update of the software ? and if writing something in the registry in each own local key is a malware for sure the 99% rate is maybe not realistic.

    Also, as seen in the screenshot, the full threat description isn't visible ( and the windows doesn't seem to be resizeable ) can you confirm ?

    thanks,

    Fabrice

  • Indeed, you can't resize that window to see the full path and this is something that has been brought up before on the forum. I'm not sure in this case how the path would actually help, because the file name is already displayed and also the detection type, and there are only two actions to take there anyway, restore or delete. You don't really have a hyperlink to the location.

    You could navigate to Notifications in the Bitdefender UI and look for the detection log. This often contains the full path of the detected items.
    However, if you suspect that Bitdefender mistakenly flagged a legitimate file as a threat, you can report the detection to the Bitdefender Labs as recommended above, and you can also restore a file from quarantine if you think it’s legitimate and not a real infection. To do this, you can follow the steps from the article below:

    https://www.bitdefender.com/consumer/support/answer/2092/

    Just make sure to sign in to Windows with an administrator account to restore quarantined files back to folders, because administrator-level access is required for this action.
    Furthermore, you can adjust the quarantine settings according to your preferences, and create an exception for already restored files, if this helps you.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • FabriceMeuwissen
    FabriceMeuwissen ex photographer

    the hint can give the full detail of the field of the table. But… we still don't know what kind of threat ? in what it's dangerous ? it sounds like a random warning but where to find more information ?

  • I will provide more context on this detection type.

    The detection name is used to identify a specific type of malware. It's a naming convention that indicates that Bitdefender has identified a potential threat that is a variant of a known malware family. 'Generic' suggests that the detection is based on a general signature or behavior pattern rather than a specific known malware instance. Malware authors often create new variants of their software to evade detection, so the 'variant' component indicates to what malware family it belongs. 'Tedy' is the name assigned by Bitdefender to this particular type of malware. The digits at the end of the string represent the unique identifier assigned to this specific variant of the malware.

    In a nutshell, generic detections are used to identify new variants of known malware by looking for patterns or behaviors that are common among these variants. This allows the software to catch new threats that have not yet been individually identified.

    Being flagged as 'Gen:Variant.Tedy'suggests that the file exhibits characteristics commonly associated with malware, though it might not be a known malware sample. It could be a new or modified version of an existing threat.

    Premium Security & Bitdefender Endpoint Security Tools user