Bitdefender Blocks Mcupdate.exe
Comments
-
win7 64-bit,
BD has determined that windows media centre update(mcupdate.exe) is malware.
This is a FP
What I don't get is why I have no decision in this. It has deleted a system file.
Can I reverse this appalling error of BitDefender?
IDS should still give me a warning or at least the option to allow/block actions by default.
WHAT A STUFF UP " />
If BD starts deleting system files, and I have no input, that makes BitDefender almost as dangerous as malware.
Unfortunately I will be uninstalling BD untill IDS works in such a way, that I can have a say in what is deleted.0 -
You can upload the file to the VirusTotal website where it will run it through many a/v scan engines, including BD.
Post back with the results of any scan that comes back positive.
Regards,0 -
You can upload the file to the VirusTotal website where it will run it through many a/v scan engines, including BD.
Post back with the results of any scan that comes back positive.
Regards,
LOL... Upload what? mcupdate.exe is a windows file, it was deleted by the IDS. It was NOT quarantined? How would you go about uploading it?
I had a fresh install of windows on my PC 1 day old.
IT WAS A FALSE POSITIVE, AND THERE IS NOTHING LEFT TO UPLOAD TO VIRUS TOTAL.
This it what upsets me, it didn't even quarantine the file so that I can restore it!
Now every time windows media centre checks for an update, I am presented with an error message " />0 -
You can change the default action BD takes when it detects an infectected file.
Antivirus-->Shield-->Custom Level button and change the default actions to Move file to quarantine as I have done in this screen shot:
You should also change the corresponding settingis in the Antivirus-->Virus Scan-->Properties (right-click)-->Custom button for the Deep System Scan, Full System Scan, My Documents Scan, Contextual Scan and Device Scanning.
EDIT: if you look at the time stamps of your post #2 and my reply #3, they are 1 minute apart. I was typing my response having only read your original post. I didn't see your 2nd post until after I had submitted mine. It was a typing/click the Submit button timing issue - sorry.
Regards,
EDIT2: You may also be interested in the discussion in this topic regarding a file-by-file option for action.0 -
You can change the default action BD takes when it detects an infectected file.
Antivirus-->Shield-->Custom Level button and change the default actions to Move file to quarantine as I have done in this screen shot:
You should also change the corresponding settingis in the Antivirus-->Virus Scan-->Properties (right-click)-->Custom button for the Deep System Scan, Full System Scan, My Documents Scan, Contextual Scan and Device Scanning.
EDIT: if you look at the time stamps of your post #2 and my reply #3, they are 1 minute apart. I was typing my response having only read your original post. I didn't see your 2nd post until after I had submitted mine. It was a typing/click the Submit button timing issue - sorry.
Regards,
EDIT2: You may also be interested in the discussion in this topic regarding a file-by-file option for action.
Thank you for the reply nikki605,
no nead to apollogize. Thanks for pointing out where to make this change.
But honestly, do you think that any removed files, that is those removed by default should be quarantined. What set of rules does IDS work by if it deletes signed Microsoft system files.
This behaviour must be addressed by the developers. A file should never be deleted by default without user permission!0 -
Hello,
Allow me to answer to some of your queries, as follows:What set of rules does IDS work by if it deletes signed Microsoft system files.
- the IDS will never delete files from your PC, nor AVC. This function is only available to the Real Time Protection / Scanning feature of BitDefender.It is a false positive but nothing left to upload to VirusTotal;
- how can you be that certain that the file is 100% safe and genuine? I can't confirm you that. It's a known fact that most of the malware released in the void are masked as "genuine" Microsoft files such as (iexplore.exe, explorer.exe, lsass.exe etc). I truly doubt the files was a FP but can't confirm nor deny it with no sample attached.Now every time windows media centre checks for an update, I am presented with an error message
- can I please see a screenshot of that message ?
Last but not least please provide me with the following information:
- what BitDefender product are you using;
- what build you currently have installed >> right click on the BitDefender icon in the system tray and select 'About';
- language of the BitDefender product; (in what language you are using the software - English, German, Dutch, French, Spanish etc);
- the engine version and the virus signatures number from the Update Module having BitDefender in Expert View;
From what I know the file in question can also be part of the McAfee update module.Mcupdate.exe, also known as McAfee Updater, is a program operated by McAfee Internet Security Suite. It automatically launches at start-up and installs new virus definition updates by automatically connecting to the McAfee server on the Internet. It generally uses a lot of memory and system resources, and can be removed without damaging your McAfee program.
- please keep in mind that McAfee can also come embedded with a driver software when you install your Operating System.
Follow the steps explained in THIS article then send me a PM with the generated log file along with a detailed description of the issue you encounter and the link to this topic.
NOTE: I have tested the file mcupdate.exe from the location: C:\Windows\ehome and there are no pop-ups nor any notification to let me know the file was harmful. That gets me to the idea that the file deleted from your PC was most likely a possible threat.
The file details:
OS: Windows 7 x64;
File version: 6.1.7601.17514
Size: 194 KB;
I have attached the scan log for the file in question below. Please do NOT use caps lock and colors, as it is considered offensive. Take a moment and read our forums rules to learn how to post a request for Support; you can find a link in my signature.
Looking forward to your answer!
Kind regards,0