Adding advanced settings to consumer products & Kernel API Monitoring

Arcticn

Bitdefender's ATD impressed me a lot, I'd like to say it's the best consumer antivirus solution.

However, as far as I know, ATD works mostly with Ring 3 hooking, which seems can be bypassed by Direct SysCalls (like Magniber) or NTDLL reload/unhooking. To address such cases, I noticed the enterprise line added a “Kernel-mode API Monitoring” toggle under ATD settings. I understand this may carry compatibility risks with other kernel-mode software, which might be why it isn’t enabled in consumer products.

The settings in consumer products are too few compared to other solutions. I know your concept of "you are as strong as the weakest service you are using", so here's my thoughts:

1. Add a detailed setting panel, with only standard and higher defend options (standard options are the current default ones). No lower defend options to stop users accidently lower the defense. With this funciotn, security is still guaranteed. And experienced users who may endure high false positives or more notifications can also choose to set a higher defend level.
2. Add "Kernel API Monitoring" option in this panel
3. If in-app UI changes are costly, consider exposing these options through a web-based Advanced Settings console (modeled on your enterprise web console, with lower tiers removed). Advanced users would prefer having this web console to not having it at all.

I like Bitdefender product and willing to see it become better, really hope more options can be configured in consumer editions.

BTW, I'd like to know if there's a place to look the products' roadmap? Thanks.

AlFifi_Defender

Hi @Arcticn ,

First of all, let me say: this is one of the most insightful and well-balanced feature requests I’ve seen in a while — thank you for putting this together with such clarity and respect for both usability and security.

I fully agree with your points.

🛡️ Kernel API Monitoring would be a powerful enhancement to ATD, especially in an age of direct syscalls, EDR evasion, and NTDLL unhooking techniques becoming more common even outside of APT-level threats.

And yes — I understand the potential kernel-level compatibility issues, but many of us power users would be willing to take that trade-off for better threat visibility.

🔧 A separate “Advanced Settings” panel (maybe tucked away with a warning like “For Expert Use Only”) would solve the issue without confusing regular users.

Or as you smartly suggested — a web console inspired by GravityZone would be even better.

I’ve been a loyal Bitdefender user for years, and I genuinely believe this product can lead the consumer AV space not just in detection, but in configurability for prosumers.

+1 to your entire post. If this ever gets implemented, I’ll be the first to enable it — even if it means a few blue screens here and there 😅

Thanks again!

— AlFifi_Defender 🇸🇦

“We don’t just use Bitdefender — we help shape it.