Biet-o-matic Calls Firewall All The Time...

bitter150

BD firewall runs in 'paranoid mode'.

Biet-o-matic calls the BD firewall serveral times after every start while updating its Ebay informations.

It seems to be dependend on changing the needed command line parameters "--config "x:\web\somewhat.tmp"

Every calling/ changing generates a new entry in firewall application rules...

How to free curl.exe from this behaviour?

curl.exe should be trusted in any way!

Thx...

Find more posts tagged with

Comments

antikythera

have you tried also adding it to antivirus excluded processes list?

bitter150

have you tried also adding it to antivirus excluded processes list?

No I didn't, but there has been no logged AV events. Any relation between AV and firewall/IDS?

But I did switch BD firewall to automatic mode. After that the Biet-o-matic works as expected.

Next attempt:

After deleting the automatic created rules I did add a rule 'by hand', see sceenshot.

It's working now, but every connect is allowed.

Question:

How decides BD firewall in automatic mode, which application is allowed accessing the internet and which application isn't ???

It's really mysterious...

And: Does BD firewall detect changing of .EXE (for example after updating)?

Rampant

I guess the application uses a random port for access to the Internet, so bitdefender responds to the same connection on high alert mode, the firewall does not memorize settings. If the executable file is modified, it will be scanned by all protection technologies

antikythera

Yes it does affect IDS at least.

I had to add false positive identified Windows XP AMD Catalyst driver 10.2 legacy components to stop IDS blocking them from running.

bitter150

Thanks for help.

Question:

How decides BD firewall in automatic mode, which application is allowed accessing the internet and which application isn't ???

It's really mysterious...

Any hint about this question?

Georgia

@ bitter150

The Bitdefender Firewall will not prompt the user when new applications are attempting to connect and will use the following logic when creating rules:

- query cleanset server (based on md5 hash) to determine if file is known as clean

- query Simhash server to determine if the application is a variant of a known application (this uses application geometry similarities)

- verifies digital signature

If any of the above returns a positive response the application will receive a permanent Allow rule.

If the application is unknown a temporary allow rule is created. At the next signature update the rule will be invalidated and the check process will be restarted for the application.

The firewall works in conjunction with AVC as well. If at any time an application passes the AVC threshold Firewall creates a deny rule for that application.

Also, the page you indicate in the first post is written in German, therefore could you please post back the direct download link for this program?

We need to run a few tests.

Thank you.

bitter150

Also, the page you indicate in the first post is written in German, therefore could you please post back the direct download link for this program? We need to run a few tests.

Thanks for reply.

Download page is located here:

http://www.bid-o-matic.org/hp/downloads.php

(All the pages can be translated by Google, pls look at lower left corner of every page :wub: )

Direct Download link for version 2.14.12:

https://sourceforge.net/projects/bom/files/...up.exe/download