Active Thread Control Detecte Sublime Text 3 As Malicious
I -have- had Sublime Text 3 installed with many extensions, and another clean portable with few packes. I usually open the first one, and the second to launch it faster and specially to maintain my first one keeping the session of the project that I'm working on, I don't like using another instance of it (ctrl-shift-n) since some times the second one comes in handy due to its faster startup.
I was working fine with the main one (the one with many packages), then I switched to another virtual desktop using Windows 10's x64 built in feature, so I launched it again from its shorcut which result in switching me automatically to the virtual desktop where it was opened sublime, focusing sublime text, but Bitdefender Internet Security 2016 poped up a threat message mentioning sublime text as malicious so I allowed it and let it be monitored, then I launched the another sublime text, and the "malicious" one was blocked and closed.
So I went to the events page of Bitdefender and clicked the button to allow and monitor this application again, because I need to use it daily, but the start menu's shorcut was gone, and also its executable, which now I try to restore, but bitdefender doesn't even offer that option, so I tried to do it manually but bitdefender keeps blocking me to restore that executable in the same directory, whic is now useless to keep blocking it since that file is gone, is'nt it?.
So, how do I recover or at least allow another original sublime text 3 executable be located in that same directory? It is hard to find a way while bitdefender keeps blocking that location to have an executable with the same name of that already deleted binary.
I had many issues like that, resulting directories being blocked by not even allowing me to restore the executable to delete it and use a "clean" one, since clearly sublime text is a false positive here, and if it were some extension of it, clearly your tool is detecting the wrong executable.
So, this is a very buggy feature of Bitdefender Internet Security 2016, not allowing me to recover that executable which I selected to allow and monitor in the first place, at least to deleted manually so that directory wouldn't lock that filename in that directory, and it is not in autopilot mode either, it is annoying.
Now I have to move all my installation files to another directory and restore there the original sublime text 3, which again detects it as malicious. At the end I have two folders blocked.
I hate to update my start menu's shorcut, my third party applications that uses sublimetext as external editor, in their paths. And also to have directories blocked, those where I had sublime_text.
[update] I finally moved my affected sublime text remaining files (almost 240 MB which are bunch of packages) to another directory, deleted the original (now empty) directory, rename the new directory as the original directory and it is working again, but I'm not sure if bitdefender will block it again.
Notice: I have a backup of this sublime text in a zipped archive, I just extracted there, but I also downloaded again from its website, and is the same binary (md5, sha).
Clearly that's a weird bug, because now it is working again, I hope it doesn't pop that message again.
You should definitely fix that annoying feature, if I'm allowing it why does it have to delete it and block that directory's affected executable filename, when clearly it will be blocking to be replaced by a malicious executable if that is the case?, because in this case was not detected as malicious the "new" (bkp) executable.
BTW I write software using Delphi, and many of them which uses Windows APIs to achieve special tasks like hooking mouse's cursor to mimic a hot corner like in OSX bu on Windows, keeps being blocked too. Seriously, I don't know how to deal with an antivirus that instead of protecting me from real threats, looks like it is "protecting" me from myself. It is insane.
You really have to do something with the events feature, sometimes files are gone even though is allowed, not even mentioning is a recognized virus, just a suspicious one.
Comments
-
Hello,
Please report this as a false positive using the Sample or URL Submit form. Bitdefender may miss this post on the forum.
http://www.bitdefender.com/submit/
Ro.0