Bitdefender Blocking The Access To The Software

coolcool1227

Hi

I have installed a software provided by the company to access their equipments for service and configuration etc. through internet explorer, but with this Bitdefender product 2011, I could not access them even with Antivirus/Firewall disabled. I've the same Laptop having same hardware and Windows but with Bitdefender Antivirus 2010 installed, have same Kodak sofware installed, but not facing any problem in accessing the equipments. I also re-installed my Laptop Windows by its original recovery provided by Toshiba and then re-installed Bitdefender, but the issue remains. I also re-install Internet Explorer, but all in vain. Something in Bitdefender even disabling all modules (RTP,AVC,IDS and Firewall) blocking access to the equipment.

The IP address is not the same every time to access the equipment, but the Port No is 443.

I am facing the subject issue since the release of Bitdefender 2011. This was not happened in Bitdefender 2010.

Unknown

Hello,

Please provide me with the following details:

- a screenshot of the message displayed when BitDefender blocks the software;

- the software full name and version installed;

- explain

The IP address is not the same every time to access the equipment, but the Port No is 443.

- what equipment are you referring to ?

Regards,

coolcool1227

Hi

@ a screenshot of the message displayed when BitDefender blocks the software;

@ explain: The IP address is not the same every time to access the equipment, but the Port No is 443.

Unfortunately there is no screenshot available. Also I am facing problem in uploading attachment directly and I posted this issue here

Actually there are two softwares used at a time to access the equipment, in which I enter the IP address of the equipment using port 443 and the other one is based on the Internet Explorer 6. Since IP address depends on the network where it is installed, so it is different.

Since the softwares are confidential, so unfortunately I can't provide more detail of them. However I've sent you the PM about them.

coolcool1227

Is it possible that by renaming the relevant files of AVC,IDS,RTP and Firewall Module in order to verify which Module is the culprit?

Unknown

To do the test and see if the culprit are AVC / IDS all you need to do is locate the file:

C:\Program Files\BitDefender\BitDefender 2011\Settings\mdsettings.xml

You can upload it on sendspace then send it to me to modify it. If you wish to modify it yourself, you need to modify the following in Windows Safe Mode:

<midas>
    <settings>
        <status>1</status>
        <status_ids>0</status_ids>
        <level_ids>3</level_ids>
        <silent>1</silent>
        <prev>1</prev>
        <threshold>80</threshold>
        <timeout>67</timeout>
    </settings>
    <aggressive>
        <status>1</status>
        <threshold>40</threshold>
    </aggressive>
    <default>
        <status>1</status>
        <threshold>50</threshold>
    </default>
    <permissive>
        <status>0</status>
        <threshold>80</threshold>
    </permissive>
    <apps_blacklist />
    <apps_whitelist />
</midas>

TO:

<midas>
    <settings>
        <status>0</status>
        <status_ids>0</status_ids>
        <level_ids>3</level_ids>
        <silent>1</silent>
        <prev>1</prev>
        <threshold>80</threshold>
        <timeout>67</timeout>
    </settings>
    <aggressive>
        <status>0</status>
        <threshold>40</threshold>
    </aggressive>
    <default>
        <status>0</status>
        <threshold>50</threshold>
    </default>
    <permissive>
        <status>0</status>
        <threshold>80</threshold>
    </permissive>
    <apps_blacklist />
    <apps_whitelist />
</midas>

Save the file then restart the PC in normal mode and see if the issue is now resolved.

coolcool1227

I'll try to modify it myself and let you know.

coolcool1227

Hi

I did accordingly and found that after the changes made to mdsettings.xml, I can access the equipments without any delay but with some minor problems which are acceptable, but upon restoring the said file to its original state, I found difficulty to access them. Sometime I was able to access them , sometimes not.

Unknown

Hi,

The purpose of the modifications on the file mdsettings.XML is to see if the issue is resolved. Again, this is normal IDS behaviour.

Applications that do not have a digital signature and try to do any of the monitored actions will be marked as suspicios by the IDS modul and a alert will appear. Actions like opening a browser with command lines from a different process than explorer.exe, trying to acces a system service etc.

To avoid issues like this, we would need a cloud repository and a reputation system for unsigned and popular applications. We do not have this added into the 2011 version, however it will be for 2012 version. All you can do is either disable IDS or make the decision yourself about blocking or allowing the certain software reported as potential harmful by BitDefender.

I have made this recommendation to you already, however I would like to point it out again: If you use AVC and IDS at their MAX level (Critical), then you will continue to get notifications about applications being blocked. You currently have the IDS set to 3 (Critical)

<level_ids>3</level_ids>

My recommendation: Keep IDS disabled and AVC on Permissive.

coolcool1227

Hi

@To avoid issues like this, we would need a cloud repository and a reputation system for unsigned and popular applications.

Just for information.......would you like to elaborate what is cloud respository and reputation system?

Also where do I locate AVC and IDS drivers?

coolcool1227

Any reply?

coolcool1227

Any reply would be appreciated

Unknown

Hi Omer,

The issue is escalated for resolution however, as I said, at least so far, I have no information about a new version of the midas driver so can't tell you when the fix will be available. I will consult with the Dev. department and let you know as soon as possible.

coolcool1227

Hi Omer,

The issue is escalated for resolution however, as I said, at least so far, I have no information about a new version of the midas driver so can't tell you when the fix will be available. I will consult with the Dev. department and let you know as soon as possible.

Never mind

But you didn't answer to what is cloud respository and reputation system? and where do I locate AVC and IDS drivers?

Unknown

Hello again Omer,

With all due respect however, the info you are requesting is not yet public matter. Regarding the driver file for AVC and IDS, already mentioned it: bdfm.sys located in:

C:\Program Files\BitDefender\BitDefender 2011\

and

C:\Windows\System32\drivers\

coolcool1227

Hi,

The purpose of the modifications on the file mdsettings.XML is to see if the issue is resolved. Again, this is normal IDS behaviour.

Applications that do not have a digital signature and try to do any of the monitored actions will be marked as suspicios by the IDS modul and a alert will appear. Actions like opening a browser with command lines from a different process than explorer.exe, trying to acces a system service etc.

To avoid issues like this, we would need a cloud repository and a reputation system for unsigned and popular applications. We do not have this added into the 2011 version, however it will be for 2012 version. All you can do is either disable IDS or make the decision yourself about blocking or allowing the certain software reported as potential harmful by BitDefender.

I have made this recommendation to you already, however I would like to point it out again: If you use AVC and IDS at their MAX level (Critical), then you will continue to get notifications about applications being blocked. You currently have the IDS set to 3 (Critical)

Does the bold text feature is implemented in the Bitdefender 2012 Version?

rootkit

Hi ONT

The cloud system is implemented for now just for websites through TrafficLight(the toolbar from the browser).

We will see if the file repository in cloud will be implemented in the next product.

Thank you.