Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

/_serverstatus /config/server

Options
dummzeuch
dummzeuch
in Antivirus

I found that from many of our computers there are frequent requests to


http://<some ip address>/_ServerStatus


and afterwards usually one request to


http://<one of the ip addresses above>/config/server


the request to /config/server returns a text file with the following content:


eu01.nimbus.bitdefender.net


eu02.nimbus.bitdefender.net


east01.us.nimbus.bitdefender.net


b01.hq.nimbus.bitdefender.net


b02.hq.nimbus.bitdefender.net


ep1.west-us.nimbus.bitdefender.net


tokyolb01-1969621043.ap-northeast-1.elb.amazonaws.com


which corresponds to the IP addresses that were originally accessed:


184.173.143.53 east01.us.nimbus.bitdefender.net


195.210.4.16 b02.hq.nimbus.bitdefender.net


195.210.4.200 b01.hq.nimbus.bitdefender.net


50.23.91.250 ep1.west-us.nimbus.bitdefender.net


54.249.8.176 tokyolb01-1969621043.ap-northeast-1.elb.amazonaws.com


87.98.141.228 eu01.nimbus.bitdefender.net


87.98.182.19 eu02.nimbus.bitdefender.net


So, this seems to be the doing of BitDefender rather than that of some malicious piece of software.


Is this documented somewhere? Should I have been able to find it easily rather than wasting 3 hours trying to find some malware that does it?


And why is BitDefender accessing IP addresses directly rather than names? And what is the purpose of these requests?

Comments

  • rootkit
    rootkit ✭✭✭
    Options

    Hello :)


    Welcome to the forums!


    Those servers are used for the update process and cloud detection.


    They are all valid and they are used by all our products.


    We use IP addresses because is a lot easier to manage all the servers and mirrors.


    Let me know if you have other questions.


    Take care.

  • dummzeuch
    dummzeuch
    Options
    Those servers are used for the update process and cloud detection.


    They are all valid and they are used by all our products.


    We use IP addresses because is a lot easier to manage all the servers and mirrors.


    Let me know if you have other questions.


    Is there any documentation on this? It would have been really helpful yesterday and had probably prevented me from wasting >3 hours trying to find out whether this was a serious malware infection (on most of our computers) or something harmless.

  • rootkit
    rootkit ✭✭✭
    edited June 2012
    Options

    Hello :)


    There is no documentation because the information is not useful for most of the users. Actually you are the first one that ever requested this information. :D


    You can consult the user guide or post here before trying to troubleshoot the situation and we will guide you.


    Take care.

This discussion has been closed.

All Time Leaders

Categories

Defenders of the month