Ids Detecting Legitimate Applications And Processes

coolcool1227
coolcool1227 ✭✭✭
edited October 2012 in Firewall

Kindly see the attachments that IDS is detecting Windows legitimate processes as malicious due to which the desktop icons are not loading properly during booting.


IDS settings: Normal.

post-31288-1349456621_thumb.jpg

post-31288-1349456641_thumb.jpg

post-31288-1349456653_thumb.jpg

Comments

  • That's interesting. I just can't think of anything as a work around here. This could be considered a bug for sure. Changes in the next version would be important here I think. smile2.png

  • rootkit
    rootkit ✭✭✭

    Hello ONT :)


    Please generate a BDSYS log and send it over via PM. In your case, something is injected in those processes.


    [how to GENERATE A BDSYS LOG]


    . Save and extract the BDSYS tool to a location of your choice:


    http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe


    . Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall alert,select to Allow the application to connect;


    . Click the "Create log" button to start generating the log; A progress bar is indicating that the tool is creating the report;


    . When the small window appears with the message "Log saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;


    . Send me via PM the generated log file.


    . If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.


    http://www.sendspace.com


    http://www.mediafire.com


    IMPORTANT:


    .During this process the Real Time Protection in Bitdefender must be temporarily disabled;


    .If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;


    [how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]


    In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.


    We will get back to you as soon as the analysis is complete.


    Have a nice day.

  • Really no work around for this bug. I also managed to find by chance. Actually the option Pranoid Mode was disabled by-default so IDS takes action for startup processes and applications by its own without pop-up i.e. silently as usual although User Mode was active. For only once the desktop was loaded successfully and I first check the IDS in the Events and found the culprit false detection and then I set them to allow manually.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    So you turned IDS on, Paranoid Mode was disabled, Auto Pilot was disabled and IDS on Normal blocked all your applications that start with Windows?


    Take care.

  • Not all, but only these three.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Please send me the log so I confirm you that the PC is clean.


    Thank you!