BDU alternate data stream with downloads

jamestec
edited February 2017 in General


Hello,


Why does Bitdefender add an alternate data stream name BDU with a size of 0 to files downloaded with a web browser (Chrome, Edge, but not Waterfox)?

I noticed this behaviour in the 2017 and 2016 version.


The way I confirmed this to be Bitdefender is with a clean Windows 7 Pro 64Bit VM, I firstly install Chrome, then update PowerShell to version 3 and restart the VM, then I download Virtualbox for windows and run using Powershell:


get-item "C:\Users\JamWIn7\Downloads\VirtualBox-5.1.14-112924-Win.exe" -stream *


which outputs:


Stream Length
------ ------
:$DATA 123323224
Zone.Identifier 26


I then install Bitdefender 2017, update Bitdefender and restart the VM with the button Bitdefender displays. Then I delete the downloaded Virtualbox file and redownload with chrome, then run the same PowerShell command which gives:


Stream Length
------ ------
:$DATA 123323224
BDU 0
Zone.Identifier 26


This isn't just limited to the Virtualbox download file, the BDU ADS also appears if you say download PuTTY.


Not saying that this is a problem, just curious since I remember years ago on another forum, they said I might have malware because of the BDU ADS's.


Thanks,


Jamestec.