Active Virus Control On Flash Memory Toolkit

mkettler

When I try to run the registered version of Flash Memory Toolkit (2.01 professional), if I enable the write test in the low-level benchmark (not available in the free version) the application is immediately terminated.

A Bitdefender popup appears declaring it was terminated because it was "deemed harmful by active virus control".

The tool is attempting to perform low-level block writes to a flash card as a part of a benchmark suite. Yes, a dangerous operation in the general sense. However, as a benchmark to profile device performance without filesystem overhead, it perfectly reasonable.

Is there a way to bypass, or get the false positive fixed?

I've tried temporarily disabling every aspect of Bitdefender that is available in expert mode, but there seems to be no way to disable this particular aspect of Bitdefender, short of uninstalling the product. I guess that's reasonable if the feature is trying to cover more sophisticated malware, but it makes the FPs considerably more annoying.

What I find highly disconcerting is that no logs were made about the issue anywhere I can find. When this problem first happened, I'd fired off a read followed by write benchmark, and found the app had stopped running mysteriously when I came back an hour later. I only found the problem after trying it again in write-only mode. This caused me to check the Bitdefender logs, but no mention of any problem was present in them.

This is troubling to me because if there was some form of genuine malware on my machine being terminated by AVC, I'd never know it unless I happened to be there watching. Clearly in a normal context, anything triggering the AVC should be considered one of the most grave dangers to the system. As a user, I'd really like to know if such a threat was found so I can perform a rescue-disc level scan. But strangely, bitdefender hides these issues, logging them seemingly nowhere.. or at least nowhere visible in the "view logs" section of the app.

Come on guys, Bitdefender makes really good products, I'd expect you to have enough common sense to use your logs to bring the most serious threats to the user's attention. That's just a bare minimum standard of AV behavior, and you really should be ashamed for not integrating this properly.

nikki605

Is there a way to bypass, or get the false positive fixed?

Welcome to the forum. Yes, there are 2 ways to set the program as Excluded from AVC.

Taken from the BD User's Guide:

9.2. Active Virus Control Alerts

Active Virus Control can be configured to alert you and prompt you for action

whenever an application tries to perform a possible malicious action.

If you are using the Basic View or Intermediate View interface, a pop-up will inform

you whenever Active Virus Control blocks a potentially harmful application. If you

are using Expert View, you will be prompted for action, through an alert window

when an application exhibits malicious behavior.

If you know and trust the detected application, click

Allow

.

If you want to immediately close the application, click

OK

.

Select the

Remember this action for this application

check box before making

your choice and BitDefender will take the same action for the detected application

in the future. The rule that is thus created will be listed in the Active Virus Control

configuration window.

Or, you can also manually create a rule to Exclude the program's executable file. Make sure you set BD to Expert view. Then navigate to Antivirus-->Shield and click on the Advanced Settings button. Click on the Exclusions tab. Next, click on the + button. Finally, navigate to the location of the program's executable file, click on it once to select it, then click on the Open button which will bring you back to the AVC Exclusions window. Click on OK to add it to the Exclusions list.

Hope this helps.

Regards,

mkettler

Well, only one of these suggestions is effective.

I am always in expert mode, and for this issue, it just terminates the application. It does not give any opportunity to allow/deny it, just a pop up saying it was killed that shows up a second or two after the app has already been terminated. You might want to update your product to match the manual, or vice versa.

However, now that I know the AVC settings are in the "advanced settings" area, the exclusion placed there works. (note: I also tried setting AVC to low, it did not prevent the false positive..). I also now know where to disable AVC when I want to. (I foolishly thought that "disable" disabled all things configured within that section, thus did not check the "asvanced" section...apparently not.. there are 2 modules hidden under "advanced" with separate disables.)

I would also still strongly suggest adding logging of the AVC events. It's borderline gross negligence, and seriously undermines my trust in the product.

Next time I'm up for renewal, I'm going to test a trial version for this. If it fails, I'm going to have to move on to a vendor with better logging. Sorry, but if a threat is detected when I'm not at the PC, I absolutely must have a record so I can find out about it later. Failure to log is totally unacceptable.

nikki605

The 2012 versions of all 3 BD products were recently released. This version is a major re-design of the product line. You may want to read about it on the main BitDefender website and also read some of the topics in the 2012 product forum to get an idea what has changed.

Regards,