Legitimate Applications And Ids

There are some legitimate applications and some drivers that load on startup e.g JetAudio, KMPlayer, Chrome Plus Browser etc which are detected as possible malicious by Bitdefender Intrusion Detection System. Is there any "Whitelist" of softwares/drivers for IDS and AVC rather than to add them manually or upon execution? How can I differentiate "Exclusions" of AVC and IDS?

Also how can I read logs of AVC and IDS?

Some snapshots are attached for reference.

Find more posts tagged with

Comments

unknown

Hi,

What is the level of both IDS and AVC ? The exclusions list under Antivirus -> Advanced Settings -> Exclusions is for both AVC and IDS.

Exclusions can be set; two types of lists have been included:

- The White-list includes applications that are excluded from monitoring by default or if the user specifically requested that specific process not to be monitored

- The blacklist includes applications that are automatically cataloged as harmful processes based on the user request (this option is available only for Advanced users)

All related settings are stored in C:\Program Files\BitDefender\BitDefender 2011\settings\mdsettings.xml.

IMPORTANT: please provide me with a complete version (i.e.: 1.x.x.x) for each of the software blocked by IDS / AVC and a download link if you are not using the latest version of the software.

A request to our developers to add a log for both AVC and IDS was already escalated so I do believe we will have it shortly

Regards,

coolcool1227

AVC------Default Level (High)

IDS------Medium

Bitdefender Interface Mode: Expert

@Exclusions can be set; two types of lists have been included:

@mdsettings.xml

How can I see the pre-defined White and Black list by your Labs as the said xml file contains only the list of applications that I add manually upon their execution?

Softwares and their versions list is attached.Change its extension fron .txt to .xls. Kindly note that I download these softwares from their parent website e.g Jetaudio from "www.jetaudio.com" etc.

Is Advanced Users meant Bitdefender use in Expert Mode?

/applications/core/interface/file/attachment.php?id=6915" data-fileid="6915" rel="">AVC_IDS.txt

AVC_IDS.txt

unknown

Thanks for the info. Try to set:

1. - AVC to Low

- IDS disabled

- test to see if the applications are still blocked (pop-up still appears)

To be honest I believe you have the settings too strict. I would personally keep IDS off and have the AVC on low or medium. Should be enough for a medium-high security level of your PC.

Let me know the results of the test explained at step 1.

coolcool1227

With the settings you suggested, there appear no such pop-ups and none of the listed applications prompted for action.

@........ you have the settings too strict.

However I suppose that these are at moderate level. And I'm confused that to avoid pop-ups rather than having pre-defined white-list of applications, I've to disable IDS.

I also suggest to

1) Scan "Add/Remove Programs" for installed applications to be added in white-list during installation or separate option in BD AVC settings.

2) "Send" option in BD AVC settings Module to send the executables of the applications added manually.

3) Separate Trusted Application Zone option for legitimate applications updated by your esteemed Labs.

I'm not irritated with the frequency of pop-ups but in a nutshell I request for above options.

coolcool1227

@1. - AVC to Low

- IDS disabled

There appear no such pop-ups and none of the listed applications prompted for action.

Any further suggestions.???