Ransomeware Protection Needs To Tell The Location Of The File Creating The Problem

Hi,

The other day I got an alert that Runtimebroker is trying to access my pictures folder. I have a windows 10 x64 pro edition.

Now I know that runtimebroker.exe is a genuine windows file. What i didn't know, is to allow or disallow the access.

Why?

1) because, being a windows file, BD should have whitelisted it.

2) I didn't know the location from which runtimebroker was running. So that I can determine if its a genuine windows file or not.

The request is that Ransomware protection should show the full file path of the application trying to access the protected folders.

Eventually, I didn't make a choice and just rebooted the system and the question was not asked again. So should i assume runtimebroker was blocked or allowed by default?

Find more posts tagged with

windows 10

bitdefender 2016

ransomware

Comments

mirage22

This morning i received another alert from Ransomware protection. It apparently blocked explorer.exe from accessing thumbs.db in my graphics folder.

The first question should be, why? it's explorer.exe.

The second point is, is explorer.exe being launched from it's default windows folder?

or is this some other program masqurading as explorer.exe and launching from some other folder?

Hence I am unsure if i should allow it to run or not.

Ransomware should give more details like the location of the file and perhaps it's trust rating as well.

Ganesh K

Hi , I am also facing the same issue. Can anyone here please explain, why the runtimebroker.exe is being asked for ACCESS by BD Ransomeware Protection-Blocked Applicaions ?

IMERSiS

Hi , I am also facing the same issue. Can anyone here please explain

Sorin G.

Hello,

Please upgrade to the latest version of Bitdefender, the issue should not persist afterwards.

http://www.bitdefender.com/support/upgrading-to-bitdefender-2017-on-my-computer-1711.html

vknowles

On 12/21/2016 at 6:39 AM, Sorin G. said:

Hello,

Please upgrade to the latest version of Bitdefender, the issue should not persist afterwards.

http://www.bitdefender.com/support/upgrading-to-bitdefender-2017-on-my-computer-1711.html

I have run into this problem. The message is that Safe Files blocked runtimebroker.exe attempting to change a file in the pictures folder. I am running BD AV Plus 2018 (v22.0.13.169) on Win10 Home 64bit. As the others have noted, it seems like it should not be necessary to specially permit a Windows system process to access files.

So do I need to whitelist this program, or is there a fix?

Thanks!

[Deleted User]

1 hour ago, vknowles said:

I have run into this problem. The message is that Safe Files blocked runtimebroker.exe attempting to change a file in the pictures folder. I am running BD AV Plus 2018 (v22.0.13.169) on Win10 Home 64bit. As the others have noted, it seems like it should not be necessary to specially permit a Windows system process to access files.

So do I need to whitelist this program, or is there a fix?

Thanks!

Hey vknowles,

So first of all let's get an insight on what runtimebroker.exe is:

Quote

The Runtime Broker is responsible for checking if a Metro app is declaring all of its permissions (like accessing your Photos) and informing the user whether or not its being allowed. In particular it is interesting to see how it functions when paired with access to hardware, such as an app’s ability to take webcam snapshots. It's serves as a middleman between your apps and your privacy/security.

The easiest way to get rid of this situation is to:

Open Bitdefender and click on "View Features"
Under Safe Files click on Protected Folders
Remove the folder /Pictures from this list.

vknowles

23 hours ago, Alex D. said:

The easiest way to get rid of this situation is to:

Open Bitdefender and click on "View Features"

Under Safe Files click on Protected Folders

Remove the folder /Pictures from this list.

But doesn't that eliminate the protection from the Pictures folder against all other programs (including malware)?

[Deleted User]

22 hours ago, vknowles said:

But doesn't that eliminate the protection from the Pictures folder against all other programs (including malware)?

Following the steps I have provided will indeed remove the ransomware protection for that folder, still those files will not be critically endangered, the Safe Files can be seen as an extra layer of protection.

Normally the Runtimebroker.exe should be allowed by default, one thing that you could try is to manually :

Open Bitdefender and click on "View Features"
Under Safe Files click on Application Access
In here add the Runtimebroker.exe by browsing to [C:\Windows\System32]. It is there.
I cannot check if the exception can be made at the current moment, however it is worth a try. If this does not work then yeah, the only option would be to take out the /Pictures folder from the Protected folders. (And that does not mean your files will be completely unprotected)