Online Threat Prevention notification issue

user98753

I am using bitdefender internet security 2019

I keep getting this notification of online threat prevention :

 

“An attempt to send your private data unencrypted was about to occur on event.daydayup.today. We blocked the connection to stop your sensitive data from being exposed and used for illicit purposes”

.

It keeps appearing after every half hour or sometimes 15 minutes.

 

joyrider3774

the notification means a request is being made to a site with the domain event.daydayup.today and it tried to send your data unencrypted meaning if there was a man in the middle attack they can either see your data or modify it. Usually this happens if some application or browser connects to a site using http instead of https for example while posting data

In your case this connection is being made on regular intervals like every 15 minutes. If you know some app or some browser extension that uses that site or is related to it and you know it's safe you can add it the exceptions and the message will not come however your data will be send unencrypted.

it's not a bug just a notifcation to inform you. Also if it is some spyware or addware or pup program that does it and you add it to exceptions you basically allow it to send data. You should try to investigate what process is doing this and if it's ok add it to exceptions or if not remove the app in question making the connections.

 

There exist tools for showing which proces makes the connections. It would be nice if (at all possible) bitdefender would mention the process making the connection

here's a really helpfull tool (if you know how to use it) https://docs.microsoft.com/en-us/sysinternals/downloads/procmon created by sysinternals owned by microsoft now.

You basically have to set up a filter saying path contains "event.daydayup.today" or it could also need ipv4 or ipv6 address to find it  and let it run if some process (read program) tries to access event.daydayup.today it will show up an entry in the filtered data and you know which process it is and then decide if it's unwanted (-> uinstall it) or if its wanted (-> add exception)

 

or might be easier use https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview shows active connections and if you turn it on to only show ip addresses and you know ip of the domain (usually can be obtained using dns check or ping command)  you can view the process also (if the connection is still active)

for example screenshot below shows some active connections (with hostnames not ip addresses clicking A button will show ip only) of some connections bitdefender and my chrome has open