Serious Firewall Command Line Program Issue...

Hi,

The issue I have come across is that cmd.exe, the Windows command line program, located at c:\windows\system32\cmd.exe is NOT being seemingly even monitored by Bitdefender. Bitdefender, in PARANOID MODE, normally asks when an unknown program first attempts to access the network, where you can then allow or deny, etc.

What is happening though, is that Bitdefender, again, in paranoid mode, is NOT asking when I issue, for instance, a simple ping (local and external networks) in cmd.exe. On top of that, when I manually create a rule in the firewall to BLOCK ALL protocols for cmd.exe, the pings still get through.

Now, I just got off the chat with support at Bitdefender, and I was told that Bitdefender does NOT block cmd.exe. That seemed somewhat ok, if it was just a standard rule for Bitdefender to always allow cmd.exe, BUT, then I was told that Bitdefener does NOT BLOCK COMMAND LINE PROGRAMS AT ALL.

After hearing that, I asked, is that not a serious security vulnerability in Bitdefender, if a virus, or malware just uses command line programs to do what they intend to do? They would then be able to completely bypass the firewall quite easily!

Does anyone have any insight into this whatsoever? I find it VERY hard to believe what I was also told by support, lol, that:

"September 4, 2016, 9:03 pm - Me : if a malware uses a command line program interface, it could just get past Bitdefender?
September 4, 2016, 9:03 pm - Me : seems like a huge vulnerability
September 4, 2016, 9:04 pm - Support : I don't think a virus can do that ."

So, considering I can not fully trust what support told me, I decided to bring the issue and question to the forums!

Thanks for any input you all provide!

:)

Comments

  • Hello,

    You seem to misunderstand how Command Prompt works.

    I will use your example, the ping, its not CMD.exe that sends out said ping but PING.exe. If you wish to block pings, block ping.exe not cmd.exe.

    Also I have never heard of a infection using CMD, a proper infection not pranks.

    Malware tends to have its own automated tools so it can go unnoticed, a black window from CMD will draw unwanted attention.