Atc4.Detection triggers only when application is run programmatically

Hello,

I am working in a software development company and we are faced with an unusual behavior of Bitdefender Internet Security 2018. One of our products contains the executable tool - AblebitsMakediffs.exe. The tool is built in Visual Studio 2015 (C#), the tool is digitally signed, scanning on VirusTotal.com shows "No engines detected this file", manual scanning of this file with Bitdefender (right-click on it in Windows Explorer, choose Bitdefender -> Scan with Bitdefender) says "Your system is clean!". I can even start this tool manually by double clicking it in Windows Explorer with no issues.

But as soon as we try to execute this tool programmatically, Bitdefender detects "Atc4.Detection" and quarantines our executable. We have tried to use the CreateProcess and ShellExecute WinAPI functions, the Process.Start() .NET method, even a simple Office VBA macro - all with the same result.

I suppose this behavior is abnormal and we need to somehow fix this issue because this tool is used for running programmatically. Please let me know if you need any other details or source code for reviewing. Thank you in advance for your assistance.

Find more posts tagged with

Comments

Roxana G

Hello Dmitry,

Advance Threat Defense is a proactive module and generally detects behavior that is outside the norm when compared to regular applications. This raises the chances that “home-made”/custom that are not really widely-used or popular will be detected as malicious.

This module is designed to be hand-tuned locally so as to maintain the proactive detection behavior.

However, we recommend you to send us the detected executable at bitsy@bitdefender.com for further investigation.

Dmitry

Hello Roxana,

Thank you for the additional information. I have sent our executable to the specified email address with my comments. Hopefully your experts will find a solution for this issue. Please let me know if you need something else.

Roxana G

Hello Dmitry,

I have sent you a reply to your personal email.

As mentioned in my email, I recommend you to exclude the executable from being scanned by Advance Threat Defense.

Dmitry

Hello Roxana,

I am afraid I cannot exclude the executable because this Atc4.Detection occurs on our customers’ machines too. As I mentioned in my email, we are a software development company and our customers who have both your BitDefender and our product installed experience this issue. Again, our executable is detected by your “Advanced Threat defense module” only when this executable is run programmatically. VirusTotal shows no detections, your BitDefender does not detect anything in case of manual scanning. Also, our executable can be run manually by double-clicking it in Windows Explorer without any problems.

Also, as I mentioned in my email, none of existing AV software, except your BitDefender, behaves this way. Please provide another solution because this issue is critical to us – our reputation suffers because of this issue. As you understand, we cannot explain and prove to every customer that everything is alright, and the problem is in your software. Thank you.

Dmitry

Hello Roxana,

A week ago I was notified by email that the issue had been passed to your Virus Lab. Do you have any news from your experts? How much time does it usually take to analyze such things and make corrections to your "false positive" database? Please let me know.

Roxana G

Hello Dmitry,

We have completed the analysis and the detection was removed. Thank you for your patience.

Dmitry

Hello Roxana,

We have re-tested the scenario with the latest BitDefender updates and the issue is not reproducible anymore. Thank you!

seran3

Uploaded that particular file and is clean, done with a few others too. Thank you for that link had no idea about VirusTotal till now.

seran3

1 hour ago, seran3 said:

Uploaded that particular file and is clean, done with a few others too. Thank you for that link had no idea about VirusTotal till now. Clean Master Hotstar Mathway