[solved] Question About Intrusion Detection

Viscon

Situation: Intrusion Detection alerts about possible threat and asks whether to allow or block some process execution.

Now if I choose to allow and tell IDS to remember that, IDS adds a process to trusted list.

On a contrary, if I tell IDS to block the process and check to remember that, IDS adds process to untrusted list.

In both cases IDS will never ask about that process again.

What if I make a mistake?

How can I remove a process from one or another list mistakenly put on?

Appreciate any help...

Find more posts tagged with

Comments

Alex Stanciu

Hello Viscon,

You cannot tell IDS what process to allow or block. It will check the Firewall white list for the processes that belongs to trusted application, or it will check if the processes are digitally signed and it will automatically allow the corespondent application to connect to the Internet . It is a feature that have common components with BitDefender Active Control and it will add extra protection against any attempts to access your network, attempts to stop the BitDefender processes and any attempts from a malware application to inject into processes.

Thank you .

Viscon

Hmm... sorry but I don't quite get it then.

Let's see an example.

I start Sandboxie, and the process SbieSvc.exe is automatically caught by IDS

I scanned the whole Sandboxie folder before and BDIS didn't detect anything suspicious.

But what do those Allow and Block buttons mean?

If I click Allow, Sandboxie starts.

And every next time IDS alerts me with the same pop-up, unless I check Remember this action... box.

However, what if I check Remember this action... box, and click OK?

Will IDS stop this service from running for good?

If yes, how can I unblock it?

TIA

Alex Stanciu

Hello Viscon,

Usually, if BitDefender detects a program through the Intrusion Detection System and you choose to block the program, a new rule will be created in the Active Virus Control Exclusion list and it will have the action Blocked. From that moment you will not be able to execute this program. If you change its action to Allow, you should be able to work with that program without any problems.

Unfortuantely, it seems that there is an incompatibility between the Sandboxie program and the BitDefender Intrusion Detection System. If you choose to block the program, you will not be able to use it after that, even if you change its action to Allow. We are currently investigating this issue and a fix should be released soon .

Thank you .

Viscon

Thnx Alex,

I'll keep this in mind.

coolcool1227

I am also facing this issue and put forward this issue against "Ticket ID:200911241004892", but get no response yet.

And now the issue becomes more "Severe" and Bitdefender detects legitimate applications which are even listed in its "Whitelist".

Regards

alexcrist

Futher questions about AVC and IDS should be psoted here: http://forum.bitdefender.com/index.php?showtopic=16865

This topic will be closed, since the original question (from the first oost) has been answered.

Cris.

== CLOSED ==

== Solved issue ==