Setting to block untrusted programs from accessing certain folders

MetaLogical139

Untrusted programs should be blocked from accessing certain protected folders. Ransomware is very common and targets your sensitive data like your documents for example, implementing something like this reduces the amount of files impacted in a successful ransomware attack.

The idea is this:

If you execute ransomware and all other protection fails, at least the files in your protected folders will be saved.

More specific information on how I think something like this could work:

A user marks certain folders as protected and if Bitdefender decides that a program is untrustworthy, and that program tries to access one of the folders it gets blocked. Since there would be a lot of issues with legitimate programs attempting to access protected folders, only untrusted programs should be blocked.

How would Bitdefender determine if a software is untrusted? I am not an expert on this so I have no idea, it could be something like checking if it has a valid digital signature or if it is widely used across Bitdefender's users.

Alexandru_BD

Hello and thank you for taking the time to share your thoughts with us here.

So, Bitdefender includes several layered technologies to protect against ransomware, especially in scenarios involving untrusted programs attempting unauthorized changes to files. Among its core ransomware protection mechanisms, the Ransomware Remediation feature blocks ransomware attacks and automatically restores the content of your encrypted files. It does this by monitoring processes for signs of mass file modification or encryption, so if a process matches the behavior of known ransomware, Bitdefender intervenes and rolls back the changes using secure copies. In the event of such an attack, when the Automatic restore option is enabled, Bitdefender will automatically restore files that were encrypted by ransomware. You can read more about this feature and how to make the best of it here:

https://www.bitdefender.com/consumer/support/answer/13349/

Another key defense mechanism agains ransomware is the Advanced Threat Defense module. This is Bitdefender’s behavioral detection engine. It uses heuristic analysis and machine learning to monitor real-time application behavior. You can learn more about it here:

https://www.bitdefender.com/consumer/support/answer/2024/

In the past, Bitdefender did have the Safe Files and File Vault features available for Windows OS, however, these were discontinued back in 2020 if I remember correctly.. Safe Files is still available in Antivirus for Mac only:

https://www.bitdefender.com/consumer/support/answer/2443/

Bitdefender leverages a massive cloud-based database that contains information about millions of files, applications, and URLs, and it evaluates trust based on several criteria, such as digital signatures and certificates, file reputation across the user base, known malware patterns and heuristics, and even past behavior recorded from other incidents worldwide. The general rule is that only applications from verified publishers and with clean reputations are allowed unrestricted access. Apps lacking signatures or behaving unusually, for example modifying file types, injecting code, etc,. are treated cautiously.
The best part about Bitdefender is that it provides layered defense mechanisms. The security modules are designed in a specific way, so that IF a defense fails, another one takes its place.
For example, the firewall prevents the infection from entering the PC from the network. If the firewall fails, Advanced Threat Defense takes over and blocks dubious processes. If this module misses something, then the Antivirus will find any modification of files during scanning and depending on the threat, it will act accordingly.

I hope the information is useful.

Regards,

Alex