Active Virus Control Silently Blocks Start Of Legitimate Application
Active Virus Control (AVC) prevents the application "biber.exe" (version 1.8) from starting, which is used to compile bibliographies for LaTeX. The windows error code is "0xc0000142". Putting the file on the exclude list does nothing, neither drawing the slider for AVC to the lowest level; only deactivating of AVC let me run the application. I replaced biber.exe with a more recent version (1.9) which apparently passes AVC, but that is not the problem; the problem is that Bitdefender blocks a legitimate application without the slightest notification (not even in the event log) and does not offer the option to put that application on a whitelist (one that is respected by AVC). This is mildly annoying (to say the least) when an application suddenly stops working. Also, I don't want to disable AVC each time an application does not work (Bitdefenders good results in behaviour detection tests was one of the reasons why I bought it).
Mind you that AVC did not find a false positive in the classical sense (no "Trojan.generic" in the logs), but seemingly silently disabled the execution of code in an application.
In my opinion, AVC should behave in the following way when it detects a supposed threat from an application:
- Terminate the application and mark it as a virus detected by behaviour observation ("Trojan.generic" or whatever Bitdefender's classification is).
- Generate an entry in the event log.
- Show a popup to the user that offers him or her the option to mark the file as a false positive. This does not contradict Bitdefender's laudable policy to be as unobtrusive as possible; after all, the application was started by some process, and that process was most likely spawned by the user.
- Put the file into quarantine where the option from 3 is still available.
Seems like another user had similar wishes about notifications dating back to version 2014 of Bitdefender (link). However, I think this is a bug and not a feature request. It's virus protection 101: False positives happen, so all actions taken should be revertible.
For the sake of completeness: The application in question can be downloaded from Sourceforge.
Comments
-
I have to apologize for wrongly claiming that Bitdefender offers no exclusion for AVC. I was under the impression that I should add the program to the list of excluded files; however, as I learned from the manual, I overlooked the list of excluded processes, which is the correct one.
Still, a notification would be nice to distinguish between truly bugged applications and those that weren't allowed to perform certain operations. Could save a lot of headache for both users and the staff that maintains those apps0