Proactive Technologies
I would like that would be returned to IDS technology in the anti-virus, as it was in version 2011. Thank you.
Comments
-
I agree. AVC, IDS and Heuristics Analysis should be available under the category "Proactive Defense".
0 -
My site has done a lot of tests, and IDS technology performs much better than the AVC, and still would like more options for these modules.
0 -
Hello
An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.
http://en.wikipedia.org/wiki/Intrusion_detection_system
The place for this module is in the firewall module.
Thank you.0 -
And in the 2011 version, the developers did not know it?))
0 -
You can comment on this clarification of this help?
0 -
Hello
Both modules work together in protecting your machines, but as mentioned in that user guide, the exclusion process is common. When you set an exclusion over a process, it will create a rule for AVC and one for IDS. This decision was taken so that the user wouldn't have to do it twice for both modules.
Also, the IDS module is using the firewall drivers, so that's it place, under that module.
Thank you.0 -
In the antivirus is also a driver of the firewall: C:\Program Files\Common Files\BitDefender\BitDefender Firewall
and that's what the manual says:0 -
Yes, I'm talking about the version of BitDefender Antivirus Plus.
0 -
Hi
That driver is common in all products and it is used to intercept the network traffic and after that the packets are send to our engines for scanning.
The firewall driver is not present in Antivirus Plus.
Thank you.0 -
The difference between IDS and AVC is that Active Virus Control lets the program do what they want and for each action it calculates a score. Intrusion Detection System Probably (I'm not sure if I'm right because every company has different understandings for IDS and IPS) enforce some kind of policies. For example deleting C:\Program Files\Bitdefender is malicious if done by non-signed executable and if program attempts to do it, it should be closed. While AVC looks at many actions to block the program, IDS blocks specific actions. It can be under antivirus because it blocks malware and it can be under firewall, because it blocks exploits which are network threats mostly.
0 -
That's right, Boris, so I think that this module should were present in the entire product line, and the firewall driver, needed just to block network activity, blocked viruses.
0 -
Even in the proactive defense module, should have a choice of action: move to quarantine, to send for analysis to the virus laboratory.
0 -
Even in the proactive defense module, should have a choice of action: move to quarantine, to send for analysis to the virus laboratory.
You're absolutely right about that. IDS should be in all the products, but about the quarantine - it produces many false postitives so better not to touch the files. Terminating the process is enough.0 -
Hello
@ Boris.
Actually, AVC doesn't allow the program to run and do damage to the operating system. This module injects in any program and proactively monitors behavior. When forbidden actions are performed, the process is automatically killed or blocked, depending on the routine.
The place for the IDS module is in the firewall module.
Thank you.0 -
And the fact that in the version of 2011, IDS has been in the antivirus tab, it was a mistake to developers? And as I said above, we have a forum to spend a lot of tests, and the IDS module shows the best results of proactive protection than the AVC, but if you think that means nothing to change, thanks for the clarification.
0 -
Hi Rampant
It was not a mistake in Bitdefender 2011. In that version, the module was displayed under the antivirus category but it was running under the firewall module. In Bitdefender Antivirus Pro 2011 the module was active because the firewall driver was present(even if the module was inactive) and this module could run under these conditions.
In Bitdefender 2012 the module was placed where it belongs and from now you can find it there.
Thank you.0 -
Hello
@ Boris.
Actually, AVC doesn't allow the program to run and do damage to the operating system. This module injects in any program and proactively monitors behavior. When forbidden actions are performed, the process is automatically killed or blocked, depending on the routine.
The place for the IDS module is in the firewall module.
Thank you.
This module no longer injects in any program, it monitors it in a different way. In 2010 and 2011 pchooklaunch32.exe was hooking processes, but now that process isn't running, although it's in the program folder and I'm not sure if the hooks (registry.mdx, etc.) are still there. I don't see them injected in running processes nor somewhere in the folders.0 -
Hello
AVC is not using those executables to inject into processes. Those are used now only by the Parental Control module and only in some cases.
The new AVC modules has 2 dynamic libraries(dll files) that do the job way more faster than the older version of this module.
Thank you.0 -
I think IDS is a sort of Self-Defence Mechanism and AVC is Malware Blocking in a continuous way.
0 -
Hello
Yes, IDS is a host self-defence mechanism, but AVC is a behavioral analysis module that monitors all running process.
Take care.0