What Does "watch And Monitor" Do ?
If an item/file pops up as "suspicious' during a scan...BitDefender 2013 gives you the option to (I think) "watch and monitor" ? What does this actually do and is there an xml file somewhere that lists the "watch and monitor" items and what...if any...logs are created on the specific file being 'watched and monitor' ?
Thanks...TiminAz
Comments
-
Hello TiminAz
The only think (I believe) I know is that the .xml file is in :
" C:\Program Files\Bitdefender\Bitdefender 2013\settings\LGKC\avc3.xml ".
You'll find "watched, monitored" items at the bottom lines of .xml.
If you want to remove a "watched, monitored" item you can modify "avc3.xml" in "Safe mode".
I've not found another way to do it.
Regards!0 -
Hello
You are right, that is the file with keeps track of the monitored applications.
Also, in that file are the general setting and the thresholds for the default levels.
All those applications are also listed in the Events, if you still have them in the main interface.
Thank you!0 -
Hello,
Ιt should be an easier way for users to control "Watched and Monitored" items, shouldn't it?
Perhaps via "Events", with a button. Although this way is not the proper, like the other cases with buttons on "Events", because if you clear "Events" you lose control.
Regards!0 -
Does modifying the xml file also update/affect the logging in the Events?
0 -
Hi,
Not at all.0 -
Hi,
...Actually I also do not understand how "Watch and Monitor" feature works.
It happened only once for me, like this: A pop up asked for "Watch and Monitor" for a component of an application, I checked OK and then I removed it from .xml file. After that there was no any prompt for this again, so I'm a little bit confused...but it's not the only one with BD .
Regards!0 -
Hello
When you press that button, the Active Virus Control(AVC) will lower the threshold for that application and it will permanently monitor it. If that application will access/create/modify a vital components from Windows (file/registry key) the action will be blocked.
This behavior is normal and AVC can stop new undetected malware in this way.
After the signature is added in the product, the On Access scanner will care of everything.
Note: usually, files that are not digitally signed are flagged by AVC/IDS.
@ werby3
As you know, the installation folder of our product and all the files and registry keys are protected by Self Protect. Modifying some files by turning the modules off or in Safe Mode will affect the product. A malware or a user can not modify that file in normal conditions.
Thank you!0