What Does "watch And Monitor" Do ?

If an item/file pops up as "suspicious' during a scan...BitDefender 2013 gives you the option to (I think) "watch and monitor" ? What does this actually do and is there an xml file somewhere that lists the "watch and monitor" items and what...if any...logs are created on the specific file being 'watched and monitor' ?

Thanks...TiminAz

Find more posts tagged with

Comments

werby3

Hello TiminAz

The only think (I believe) I know is that the .xml file is in :

" C:\Program Files\Bitdefender\Bitdefender 2013\settings\LGKC\avc3.xml ".

You'll find "watched, monitored" items at the bottom lines of .xml.

If you want to remove a "watched, monitored" item you can modify "avc3.xml" in "Safe mode".

I've not found another way to do it.

Regards!

rootkit

Hello

You are right, that is the file with keeps track of the monitored applications.

Also, in that file are the general setting and the thresholds for the default levels.

All those applications are also listed in the Events, if you still have them in the main interface.

Thank you!

werby3

Hello,

Ιt should be an easier way for users to control "Watched and Monitored" items, shouldn't it?

Perhaps via "Events", with a button. Although this way is not the proper, like the other cases with buttons on "Events", because if you clear "Events" you lose control.

Regards!

coolcool1227

Does modifying the xml file also update/affect the logging in the Events?

werby3

Hi,

Not at all.

werby3

Hi,

...Actually I also do not understand how "Watch and Monitor" feature works.

It happened only once for me, like this: A pop up asked for "Watch and Monitor" for a component of an application, I checked OK and then I removed it from .xml file. After that there was no any prompt for this again, so I'm a little bit confused...but it's not the only one with BD .

Regards!

rootkit

Hello

When you press that button, the Active Virus Control(AVC) will lower the threshold for that application and it will permanently monitor it. If that application will access/create/modify a vital components from Windows (file/registry key) the action will be blocked.

This behavior is normal and AVC can stop new undetected malware in this way.

After the signature is added in the product, the On Access scanner will care of everything.

Note: usually, files that are not digitally signed are flagged by AVC/IDS.

@ werby3

As you know, the installation folder of our product and all the files and registry keys are protected by Self Protect. Modifying some files by turning the modules off or in Safe Mode will affect the product. A malware or a user can not modify that file in normal conditions.

Thank you!