BDU alternate data stream with downloads
Hello,
Why does Bitdefender add an alternate data stream name BDU with a size of 0 to files downloaded with a web browser (Chrome, Edge, but not Waterfox)?
I noticed this behaviour in the 2017 and 2016 version.
The way I confirmed this to be Bitdefender is with a clean Windows 7 Pro 64Bit VM, I firstly install Chrome, then update PowerShell to version 3 and restart the VM, then I download Virtualbox for windows and run using Powershell:
get-item "C:\Users\JamWIn7\Downloads\VirtualBox-5.1.14-112924-Win.exe" -stream *
which outputs:
Stream Length
------ ------
:$DATA 123323224
Zone.Identifier 26
I then install Bitdefender 2017, update Bitdefender and restart the VM with the button Bitdefender displays. Then I delete the downloaded Virtualbox file and redownload with chrome, then run the same PowerShell command which gives:
Stream Length
------ ------
:$DATA 123323224
BDU 0
Zone.Identifier 26
This isn't just limited to the Virtualbox download file, the BDU ADS also appears if you say download PuTTY.
Not saying that this is a problem, just curious since I remember years ago on another forum, they said I might have malware because of the BDU ADS's.
Thanks,
Jamestec.
