BUG - Constant disk read/write while Bitdefender is installed

1246

Comments

  • SageWolf
    SageWolf
    edited October 2018


    I just received an update to BDTS from 23.0.11.48 to 23.0.14.61 and it has done absolutely nothing to remedy the Constant Disk Read/Write issue.  The PC boot_s up and then all USB connected drives start Blinking like crazy.


    What was this update supposed to fix?


    This is getting ridiculous...I have 1251 days left on my subscription.  Please fix this issue.


  • Interesting email from BD support claiming 23.0.14.61 is The Big Fix we've been awaiting. SageWolf (above) says "No." What say you other experts on this board?




    The issue you reported has been fixed in the latest version. Please follow these steps:

     


    1.     Click the Start button in the lower left corner of your desktop.



    2.     Type directly in the Search box appwiz.cpl and hit Enter



    3.     This will bring up the list of installed programs. Locate Bitdefender in the list, right click on it and choose Uninstall.



    4.     A wizard will appear. Choose Reinstall by clicking on the button.



    5.     Reboot your PC when asked, then follow the on-screen steps to reinstall Bitdefender and check if the situation you have encountered is resolved.

     


    Please make sure you have the latest build of Bitdefender installed, 23.0.14.61. To verify the build that you are running, please right click on the Bitdefender icon in the System Tray and press on About. The build is displayed below the Product information.



  • Ok, I'll throw in my 2 cents here.  I maintain & monitor about 26 computers, all running Windows7 Pro and BD Antivirus+., most of which have received & installed the 23.0.14.61 build in the last 36 hours. Since Sergiu posted about 12 hours ago (as I write this) that they are still working on it, I think it's safe to say that this build is NOT intended to fix this problem. I have physically verified on several of them (don't have time to check all of them) that the problem still exists.


  • I can confirm this new version doesn't fix the constant read issue. After uninstall/reinstall then a reboot to be sure (with the script disabled) both SSD and HDD were reading at a 24,5KB/s speed. Running the script still fixes the issue until next reboot.



  • 11 hours ago, Doug said:



    Interesting email from BD support claiming 23.0.14.61 is The Big Fix we've been awaiting. SageWolf (above) says "No." What say you other experts on this board?




    The issue you reported has been fixed in the latest version. Please follow these steps:

     


    1.     Click the Start button in the lower left corner of your desktop.



    2.     Type directly in the Search box appwiz.cpl and hit Enter



    3.     This will bring up the list of installed programs. Locate Bitdefender in the list, right click on it and choose Uninstall.



    4.     A wizard will appear. Choose Reinstall by clicking on the button.



    5.     Reboot your PC when asked, then follow the on-screen steps to reinstall Bitdefender and check if the situation you have encountered is resolved.

     


    Please make sure you have the latest build of Bitdefender installed, 23.0.14.61. To verify the build that you are running, please right click on the Bitdefender icon in the System Tray and press on About. The build is displayed below the Product information.





    My apologies, this was sent in error. 



    9 hours ago, chrisj said:



    Ok, I'll throw in my 2 cents here.  I maintain & monitor about 26 computers, all running Windows7 Pro and BD Antivirus+., most of which have received & installed the 23.0.14.61 build in the last 36 hours. Since Sergiu posted about 12 hours ago (as I write this) that they are still working on it, I think it's safe to say that this build is NOT intended to fix this problem. I have physically verified on several of them (don't have time to check all of them) that the problem still exists.



    This is correct. The latest build mostly contains fixes related to Encrypted Web Scan feature, and also addressed some minor translation issues. 

  • BDAlexS
    BDAlexS
    edited October 2018


    The feedback I'm getting is that the issue is BD with bitlocker enabled if people can confirm.


  • I don't have Bitlocker enabled on both PCs


  •  



    18 hours ago, Doug said:



    Interesting email from BD support claiming 23.0.14.61 is The Big Fix we've been awaiting. SageWolf (above) says "No." What say you other experts on this board?




    The issue you reported has been fixed in the latest version. Please follow these steps:

     


    1.     Click the Start button in the lower left corner of your desktop.



    2.     Type directly in the Search box appwiz.cpl and hit Enter



    3.     This will bring up the list of installed programs. Locate Bitdefender in the list, right click on it and choose Uninstall.



    4.     A wizard will appear. Choose Reinstall by clicking on the button.



    5.     Reboot your PC when asked, then follow the on-screen steps to reinstall Bitdefender and check if the situation you have encountered is resolved.

     


    Please make sure you have the latest build of Bitdefender installed, 23.0.14.61. To verify the build that you are running, please right click on the Bitdefender icon in the System Tray and press on About. The build is displayed below the Product information.





    I have now uninstalled Bitdefender choosing "Reinstall" in the wizard. After some time it wanted to reboot, and it has now. But it is NOT beginning to reinstall BitDefender ??!!?? There is NO on-screen steps to reinstall Bitdefender. This is going south quite quickly!


    So I guess that I will have to go to BitDefender Central and see if I can reinstall BitDefender this way.


    But ...  why the f.... should we UNINSTALL and REINSTALL BitDefender just to get a product update?? Something is really not allright with BitDefender as it is now.

  • chrisj
    chrisj ✭✭
    edited October 2018


    12 minutes ago, svenohrberg said:



     


    I have now uninstalled Bitdefender choosing "Reinstall" in the wizard. After some time it wanted to reboot, and it has now. But it is NOT beginning to reinstall BitDefender ??!!?? There is NO on-screen steps to reinstall Bitdefender. This is going south quite quickly!


    So I guess that I will have to go to BitDefender Central and see if I can reinstall BitDefender this way.


    But ...  why the f.... should we UNINSTALL and REINSTALL BitDefender just to get a product update?? Something is really not allright with BitDefender as it is now. 



    I could be wrong, but I believe the uninstall/reinstall is just to get the latest build without having to wait for the update through the normal process, since it doesn't go out to all users at once. Of the 26 machines that I monitor, they trickled in over a 48 hour period; still waiting for one or 2 more. You may have to wait a day or 2 or 3.


  • Well, it's getting more and more weird. BitDefender did install via BitDefender Central, and it did keep my former settings, but now my PC is NOT showing up in BD Central? I have a 3 PC licens, and my laptop and my wife's laptop is there, but my gamerrig is gone. When looking at my account in my gamerrig, I can see that I'm using 3 products, but only 2 of them can now be seen in BD Central !?!

  • Sergiu C.
    Sergiu C.
    edited October 2018


    36 minutes ago, svenohrberg said:



    Well, it's getting more and more weird. BitDefender did install via BitDefender Central, and it did keep my former settings, but now my PC is NOT showing up in BD Central? I have a 3 PC licens, and my laptop and my wife's laptop is there, but my gamerrig is gone. When looking at my account in my gamerrig, I can see that I'm using 3 products, but only 2 of them can now be seen in BD Central !?!



    Hi, 



    Please try again to login to the product on your PC:


    - open Bitdefender > click on My Account > click Switch Account and enter the credentials for your Bitdefender Central account. 



    As mentioned above by /index.php?/profile/7193-chrisj/&do=hovercard" data-mentionid="7193" href="<___base_url___>/index.php?/profile/7193-chrisj/" id="ips_uid_7346_12" rel="">@chrisj , the update is being released through regular update channels as well, the reinstallation is only used to force the app to update to the latest version sooner.


    This particular issue is not solved in this build (23.0.14.61) however. 


  • That did not help. "My subscriptions" shows 3/3 licens used, but only 2 computers shows up in "My devices".


    BTW why is my subscription showing "ACTIVE"? I don't have automatic renewal to my license??

    bitd1.png

    bitd2.png


  • Here is a pic of the 2 computernames on bitdefender-central and my computername, along with the facts, that I have used 3 licenses.


    If I want to clean install my gamerrig, when the new 1809 image is comming out, how do I disable the installation on the PC that is NOT showing in BitDefender central? If this is not disabled, I don't have any licence for the newinstalled windows allthough it is the same PC.


     

    bitd3.jpg

  • ricky1973
    edited November 2018


    Hi everybody; I just updated BD2019 to the build 23.0.14.61; it looks like the problem of the topic' subject has not been solved yet; just for your knowledge... I hope this trouble will be solved soon.


  • Latest update just installed 23.0.14.61 has made no difference to this issue and it feels significantly sluggish especially at the boot process.



    On 10/9/2018 at 11:25 AM, CătălinC said:



    We have new build - 23.0.11.48


    Can we see what changes this version have?


    Thank you!



     

  • Green456
    edited November 2018


    On 10/31/2018 at 11:54 AM, BDAlexS said:



    The feedback I'm getting is that the issue is BD with bitlocker enabled if people can confirm.



    Hi Alex,



    You was asking before regarding Process Monitor. Sorry for showing up so late. But anyways the problem is still here.


    Today I took some time to make screen shots and I could not reproduce the stack anymore where I saw the BitDefender module. It has disappeared.


    I did some more research and checked for anything wmiprvse.exe is doing while we have the christmas tree lightning in effect.


    I had the suspicion before that it was related to encrypted drives as it seems WMI is enumerating those drives at this stage and possibly retrieving whatever info it needs.


    I looked for any failed registry or file operation and on close examination it seems that the (Microsoft) executable is querying a for a registry value having the path HKLM\Software\Policies\Microsoft\New Key #1\RDVConfigureBDE, which seems to be located usually in HKLM\Software\Policies\Microsoft\FVE and not New Key #1. After creating the value as a REG_DWORD of 0 it stopped flickering. Here is more explanations about what this registry value does: https://blogs.technet.microsoft.com/askpfeplat/2013/06/09/how-to-enable-user-based-controlenforcement-of-bitlocker-on-removable-data-drives/.


    If one is using bitlocker to encrypt currently it is probably better to be careful and read it. Unfortunately I am relatively clueless about bitlocker.


    I have not yet had time to compare the procmon result to a system without bitdefender installed, when the problem does not show up, to check for example if the registry value reappears at that location after removing bit defender or if possibly wmiprvse.exe's registry path is correct, without going to "New Key #1".


    Maybe this could serve as another workaround that is more persistent. I will try now if it persists and update soon.



    Step 1: Start ProcMon.Exe (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)


    Step 2: Make sure to add wmiprvse.exe:


    bd1.thumb.jpg.794b1f2f37a124a84d87c83a391af785.jpg


    Step 3: Capture events by clicking on File -> Capture Events


    bd2.thumb.jpg.ad1b20bcaad711d35e43fcb214d38fcc.jpg


    bd3.jpg


    Update: After a reboot the workaround is indeed persistent. As said before take some precaution if you should be using Windows bitlocker to encrypt disk volumes, before making this change. For whatever reason the value set before under "New Key #1" is moving to the Policies\Microsoft\FVE key, where it seems it should go to originally. What is funny now is that I can control the lightning via this value, setting it to 0 and the lightning stops, setting it to 1 and it begins again. Now we could create some cool light effects with that method! ;)

  • Green456
    edited November 2018


    Update 2: OK, all that New Key #1 stuff is not really needed. One can directly set HKLM\Software\Microsoft\Policies\Microsoft\FVE\RDVConfigureBDE to (REG_DWORD) 0.




    1. At first there was no FVE key on my system as below:


    reg1.thumb.jpg.ea0dfe24c12ad44269e78d0f79f0c04b.jpg


    2. Found a key not found error with procmon:


    reg2.thumb.jpg.1b6ba540c0486479d270b3b9ffacf326.jpg


    3. Created the FVE key that was not found before: reg3.thumb.jpg.15a7e22920ba0329542d6b9aca117cdb.jpg


    4. Now procmon looked like this, checking for a strange registry path, I think it is a problem with procmon itself! LOL very confusing:

    reg4.thumb.jpg.b7740de8a702203ce8e7fb32681b845c.jpg


    5. I Create the value in the correct FVE key:

    reg6.thumb.jpg.2ae0f19c242bc48065cb2841fcb8a127.jpg



    6. The drive access stops



    So no need to use "New Key #1". We can see in the procmon log that at first it opens the FVE key, then it queries a value (with a wrong path) and then the key is closed. Am not sure if that is procmon or maybe caused by BD. Procmon is resolving the existing registry handle into a path I guess at this stage and then appending a backslash and the value name RDVConfigureBDE.



    Another interesting test would be to see how this log looks without BD installed. If this New Key #1 thing exists too in procmon.


     


     

  • Green456
    edited November 2018


    This behavior could be normal due to the way regedit creates keys. At first the key is created as "New Key #1" and then renamed to the desired name. Could be some caching issue in either bd or procmon or maybe procmon is not tracking the API call that renames it, leading to the invalid path in the procmon log.


     


    The default for this value is 1 by the way, if this value is not set. Setting it to 0 aborts whatever WMI is doing at this stage, regarding encrypted drive infos, causing the drive access to stop in turn. Just another workaround.

  • Green456
    edited November 2018


    OK, now I took some more time and tested ProcMon.Exe on a system without BitDefender installed and if creating a new key with regedit the same "New Key #1" thing is shown. So this is a procmon problem with the way it resolves handles into paths and how regedit creates new keys, just wasn't fully aware of it.


  • Awesome research /index.php?/profile/215110-green456/&do=hovercard" data-mentionid="215110" href="<___base_url___>/index.php?/profile/215110-green456/" rel="">@Green456!


    Any comments from BD? 


    (Or will I get another moderator warning for this/post get deleted ?)

  • EJS
    EJS
    edited November 2018


    BD has no idea how to communicate with its customers, I think that is no different now....

  • hpw
    hpw
    edited November 2018


    On 11/3/2018 at 2:09 AM, Green456 said:



    This behavior could be normal due to the way regedit creates keys. At first the key is created as "New Key #1" and then renamed to the desired name. Could be some caching issue in either bd or procmon or maybe procmon is not tracking the API call that renames it, leading to the invalid path in the procmon log.


     


    The default for this value is 1 by the way, if this value is not set. Setting it to 0 aborts whatever WMI is doing at this stage, regarding encrypted drive infos, causing the drive access to stop in turn. Just another workaround.



     


    Well, tested this on my Labtop with HKLM\Software\Microsoft\Policies\Microsoft\FVE\RDVConfigureBDE to (REG_DWORD) 0 ...


    Any plug-in of USB Sticks gets ignored... :wacko:... removed the DWORD key and rebooted and now USB gets recognized again ..


    IMHO opinion, it's may a MS issue where the WMI gets into a loop.. BD should get in touch with MS as soon as possible while worldwide all disk gets :ph34r:


    Hp


     

  • Green456
    edited November 2018


    3 hours ago, hpw said:



     


    Well, tested this on my Labtop with HKLM\Software\Microsoft\Policies\Microsoft\FVE\RDVConfigureBDE to (REG_DWORD) 0 ...


    Any plug-in of USB Sticks gets ignored... :wacko:... removed the DWORD key and rebooted and now USB gets recognized again ..


    IMHO opinion, it's may a MS issue where the WMI gets into a loop.. BD should get in touch with MS as soon as possible while worldwide all disk gets :ph34r:


    Hp


     



    Are you sure? All this does is stop WMI from looking for bitlocker protected devices. The drive should not disappear at all during this process. Was your thumb drive possibly bitlocker encrypted? Mine is still working. You can even change the key at run time without a reboot to turn the lights on and off. The detection of USB devices happens somewhere totally else and below, encryption is much more on top of this.



    Maybe BD has the time to compare both runs to see if there is any difference with wmiprvse.exe's behavior with BD installed and with BD uninstalled.



    Did anyone try a bitlocker encrypted thumb drive on BD?



    And yes, WMIPRVSE.EXE gets into a loop because it looks for encrypted drives (opening the device, sending some IO controls to the driver). It only does that if bitlocker is enabled, therefore no loop if value is set to 0.



  • 4 hours ago, Green456 said:



    Are you sure? All this does is stop WMI from looking for bitlocker protected devices. The drive should not disappear at all during this process. Was your thumb drive possibly bitlocker encrypted? Mine is still working. You can even change the key at run time without a reboot to turn the lights on and off. The detection of USB devices happens somewhere totally else and below, encryption is much more on top of this.



    Maybe BD has the time to compare both runs to see if there is any difference with wmiprvse.exe's behavior with BD installed and with BD uninstalled.



    Did anyone try a bitlocker encrypted thumb drive on BD?



    And yes, WMIPRVSE.EXE gets into a loop because it looks for encrypted drives (opening the device, sending some IO controls to the driver). It only does that if bitlocker is enabled, therefore no loop if value is set to 0.



    OK,


    New boot new behavior as using 1809 :D


    1. The USB stick is pure NTFS


    2.Applied the DWORD value again and reboot


    3. Did the test again and the USB gets recognized


    4. BUT the DISK READING was still present


    5. applied the WMI pause what helped me on my single SSD Disk


     Cheers


    Hp


     


     

  • Green456
    edited November 2018


    3 hours ago, hpw said:



    OK,


    New boot new behavior as using 1809 :D


    1. The USB stick is pure NTFS


    2.Applied the DWORD value again and reboot


    3. Did the test again and the USB gets recognized


    4. BUT the DISK READING was still present


    5. applied the WMI pause what helped me on my single SSD Disk


     Cheers


    Hp


     



    Can you try to run procmon and upload a screenshot as I did? All file and registry access of WMIPRVSE.EXE. You should see any disk access. Just to make sure it is the same pattern of device IO controls repetitively being sent to the drive. Before the open/device, io control and close you should see that it checks if the mentioned value exists or is set to 1. That should not be OS dependent. Am using a USB thumb drive at this very moment too. Very strange. I used a Windows7 by the way. Can try later what happens on a Windows10.



  • 3 hours ago, hpw said:



    OK,


    New boot new behavior as using 1809 :D


    1. The USB stick is pure NTFS


    2.Applied the DWORD value again and reboot


    3. Did the test again and the USB gets recognized


    4. BUT the DISK READING was still present


    5. applied the WMI pause what helped me on my single SSD Disk


     Cheers


    Hp


     


     



    Hi HP,



    This is my bad. The correct path for the value is here:  HKLM\Software\Policies\Microsoft\FVE\RDVConfigureBDE and not HKLM\Microsoft\.



    I posted it incorrectly one time in one of the postings above.




    I just tried it with 1803 and it had the same problem (on my surface pro). This device has nothing installed except Office and Windows 10 (1803) and BD.



    I think if you try it with that registry path again it should work. Sorry :)



  • 14 hours ago, Green456 said:



    Hi HP,



    This is my bad. The correct path for the value is here:  HKLM\Software\Policies\Microsoft\FVE\RDVConfigureBDE and not HKLM\Microsoft\.



    I posted it incorrectly one time in one of the postings above.




    I just tried it with 1803 and it had the same problem (on my surface pro). This device has nothing installed except Office and Windows 10 (1803) and BD.



    I think if you try it with that registry path again it should work. Sorry :)



     


    Hi again,


    well I had the key already at this position....


    Also, started the latest Procmon even in admin mode and no events given.


    On my system 1809, 0.1% Disk activity seen on Taskmanager on Registry & System process. Added them by PID and showed no traces.


    May somethings is broken ... and behaviors are OS release dependent and may that's why BD has no solution while various issues are on varios OS releases... Just a guess.


    Hp


     


     


  • By 8 November, it will officially have been at least 2 months since the issue was first reported on this forum.


    Still no end in sight. <img class=" data-emoticon="" src="https://us.v-cdn.net/6031943/uploads/ipb_attachments/emoticons/default_angry.png" title=":angry:" />


  • same!


    Windows 10 home 64 Build 18.09, Bitdefender  Total Security 2019 Build 23.0.14.61 Engine 7.78132.

    When switch WLAN, or LAN on, vsserv.exe 30% CPU. When switch Wlan/Lan off, then vsserv.exe  0.13% CPU Last (!)

    restartwmi.bat not work.


    Firefox https to local printer not work. Certificat.  Install fake.cert not work.


    I am very disappointed.

    The fastest scanner in the test is now the slowest. Too bad.


     

This discussion has been closed.