Unscheduled scan runs 1Hr after system start-up (every time)

2»

Comments

  • Ironbuket
    Ironbuket ✭✭✭

    I uninstalled my other AV and installed BD from scratch.

    For the first run, I left all the settings at default and didn’t setup any exclusions so I can see the baseline behavior of the client. The only thing I did change was, to move the update period to 3hrs so it doesn’t confuse observations at the 1Hr after restart point.

    Build = 26.0.16.69

    I observed resource monitor at the 1hr after system start point and not only did I see no sign of any scans on my mechanical drives, BD didn’t seem to do anything at all and didn’t even check its own files or check the boot drive OS files which were also part of the previous forced scans.

    It could be the scan has been moved to a different time period or is triggered by something other than just 1hr after system up. Ill keep an eye on it over the weekend and update here if I work out where it has gone to, as by the way it was described this is a scan BD wanted to run to protect us from log4j vulnerabilities.

    There is nothing new in my Task Scheduler that I can see. BD support said they were planning to move the forced scan to the task scheduler so customers could alter the frequency if they wishes to.

    Maybe BD just decided to ditch the entire forced scan completely? But my guess is it will crop up again somewhere at some point.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • Ironbuket
    Ironbuket ✭✭✭

    What did I say...

    1 hour and 40 mins after system up a BD scan began. 100% usage on my drives for over 10mins. Forced scan behavior just as I have been reporting since March 2022. Ill now add on drive exclusions and look for any other settings in the client that may turn this off. BD must really think that customers enjoy the hunt the settings game.

    At least I know what time to look out for this occurring now

    Dont know what is wrong with BD staff, if you want to push a forced scan at least advertise how to turn it off or control it. Pathetic really. Im suspecting I will be switching back to my alterative AV by the end of this weekend.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • lechiffre
    lechiffre ✭✭✭

    Thanks for trying Ironbuket.

    So basically the "fix" is to make it a bit more random as to when it happens, but all the negative effects are still present?

    What alternative AV product did you go to, and is it any good? I'm in the market.

  • Hi,

    Just following up on this thread.

    Some quick optimizations have been made, but the developers are working on a more extensive way to reduce the load on the system.

    They will analyze and decide internally which is the complete option that can be pushed forward.

    Thanks

    Premium Security & Bitdefender Endpoint Security Tools user

  • lechiffre
    lechiffre ✭✭✭

    You could let us choose.

  • Ironbuket
    Ironbuket ✭✭✭

    PART 1 (was too long for a single post)

    Hi, sorry for not posting here for a while. I wanted to give it more time before giving an opinion on if the changes had really made an improvement or not. The quick summary is that it appears the issue has been fixed, but more detail below for those interested in more detail.

    As I already posted, after a fresh install of the client the forced scan still exists (or did at the time BD pushed the new patch which ‘fixed’ it), but now runs 1Hr 40m after the first restart of the system instead of 1Hr as it was previously. I kept a close eye on it for a few days and only saw one more occurrence around the same time mark which seemed like it may have been a scan, but it only lasted a couple of mins and was low drive usage. In all honesty it could have been something else, as I wasn’t recording the resource monitor at the time.

    I slowly turned my protections settings back on bit by bit. I’ve now had all of the Vulnerability section turned on and all my exclusions deleted for the past week or so and haven’t seen (or rather heard) any forced scans being run on my mechanical drives.

    The forced scan no longer runs every start up or even every day as far as I can tell. Or maybe they just optimised it so that that it is not so heavy on resources anymore. My mechanical archive drives are not being woken up anyway, which was my main annoyance with this.

    Just this morning, Ive turned the Advanced Threat Defense on, which was the last thing I had still turned off. If this does trigger anything I’ll post here again.

    Overall, I would say it is once again safe for customers to use the BD client. For anyone skipping to the end of this thread, I will just post a quick summary of the history of this issue. Personally, I don’t think this reflects well on BD, but I’ll let you decide.

    March 04 2022: I report an issue to r/BitDefender where I have in the last few weeks noticed that BD client is waking up my multiple mechanical drives and appears to be scanning them

    March 04 2022: BD agent asked me to directly email technical team for support – which I then did

    BD support played the (not completely unexpected) probably it is something wrong with the customers computer game. This was quite a frustrating period, as I had specific evidence that it was the BD client doing this but yet support wanted to run me through hoops to avoid actually looking at the problem.

    This back and forth went on for about 3 weeks and I got quite frustrated along the way as BD support tries to make out you are alone and it is you rather than them at fault. I knew that was not true as my Reddit post attracted another customer with the same problem immediately. I knew there were at least 2 of us and so I pressed on where others may have given up and jumped ship to competitor.

    I decided to have a look through the BD forums, looking for anyone reporting something similar. There wasn’t anything exactly the same, but there were a lot of people reporting issues which could have been the same thing. Unless you actually record your resource monitor and play it back frame by frame it is difficult to understand what is actually happening when you notice your system performance take a hit.

    On a system with only mechanical drives, your whole system could potentially grind to a halt due to the 100% drive usage for 10mins. If you only have SSDs, you may not notice the scan all. Although I noticed the forced scans managed to even hit 100% usage on a fast SSD occasionally (great optimisation).

    I wasn’t sure if it was the same issue, but I noticed customers reporting performance hit problems going back to Dec 2021 and many customers giving up on BD support and saying they were going to an alternative client. I’m surprised that someone at BD didn’t investigate this further and make a link that there was potentially a wider problem occurring.

    I’ve seen this kind of thing occur in IT support before and it is usually when you have management which focuses too much on ticket quotas where staff are pressured to respond and close tickets rather than giving them the time to focus on quality and preventive actions. Apparently, nobody in support had a meeting to discuss the issues related to customers telling support they were quitting and going to another client and if there may have been any link between them all?

    Anyway, back to the story. By this time, I realised that talking to BD support was going nowhere. They had me install and run system monitoring software whilst the force scan occurred. I was NOT happy about this as I knew it could potentially be handing over personal info to them. I took the hit for the team as I was sure at least then they would see what was wrong with their client and could fix it.

    BD support contacted me to tell me there was nothing unusual shown in those logs/scans. At the time this was a major setback as from my perspective the BD support staff seemed like ******, and almost implying that what I was seeing was not happening. Later this made more sense, as it actually was normal behaviour (they put the forced scan in there on purpose).

    I started to even doubt myself at this point and BD support almost won. But I decided to try BD on an older system I had and to monitor it the same as I had on my main system. Exactly at the same point after start up I saw the same scan occur.

    This was the point I started this thread on the official forums. I hoped that if I posted the issue here it would attract other people to report they were also seeing it. And if they did, it would no longer be me fighting a lone battle against the BD support firewall that, from my perspective, seemed to only exist to prevent any problems with their client getting resolved.

    Eventually this drew the attention of a developer, who confirmed the scan existed and was there on purpose. Finally, someone inside BD acknowledged it was a BD issue. At this point they weren’t seeing it as a problem, but not seeing it as an issue that needed fixing.

    This was a period of mixed feelings. It was great that someone acknowledged I wasn’t going mad and seeing things or that my system was broken. But at the same time, why (WHY???) didn’t BD support know about this forced scan that ran 1hr after every system start up?

    Weeks of wasted time on my behalf could have been saved as I was very specific from the beginning that this always occurred at the same time.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • Ironbuket
    Ironbuket ✭✭✭

    PART 2 (was too long for a single post)

    (Not word for word)

    BD Support: No there is no forced hidden scan that runs 1hr after start up

    BD Developer: Yes, the client contains a forced hidden scan that runs 1hr after start up to scan for log4j vulnerabilities

    This is unconfirmed, but it has been suggested that the forced scans only existed in the paid version of the client and not in the free version. If true that means that the only users likely to get frustrated with this issue and quit are the ones that were actually paying. (slow hand clap?)

    I wish that highlighting this to a developer was the end of this story, but it wasn’t. It wasn’t until I sent the developer a video of my resource monitor during one of these forced scans that they finally seemed to realise the serious impact this scan was inflicting on systems.

    (100% usage on multiple drives and about 15% CPU on a 5600x – for up to 10mins solid)

    I was told by the developer that the forced scan could not be removed completely because it was needed for the log4j vulnerability, but in the next client patch they would change it so that it only ran once a day instead of every time the system is restarted. They also implied they would add a way to turn if off completely, by putting something in the resource scheduler that users could control.

    For some unknown reason it appears that BD cant do hot fixes and so this had to wait for the next client update window, which was 3 weeks off at the time as I recall. By this time, I had been dealing with this hammering my system for months and so jumped to another client whilst I waited for the patch.

    I returned to find the patch had been pushed back and so waited some more. Apparently, it was finally pushed out on May 12th.

    On my fresh install of the ‘fixed’ client the scan ran at the 1Hr 40m mark. There was also nothing found in resource scheduler that I would see.

    This is not a boast, but I highly suspect that if I had not stuck at this for over 2 months and refused to give in to the BD ‘support’ system, the client would very likely still be acting as it was and potentially driving paying customers away.

    I sincerely hope that BD has leant from this and puts in place processes to prevent things like this occurring again. Letting your support staff know about forced scans added by developers that have no controls in the client would be a good first step.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • Hello @Ironbuket . This topic has been for quite some time in our focus during the regular updates that we have with the Product/ Dev teams. @Alexandru_BD and myself thank you for taking the time to share your experience and opinions on the matter ; our role was to be the liaison between the Voice of the Customer and our internal teams.

    One of the foundations of this community is sincerity and modesty. We don't seek "fans" , we accept criticism, in a constantly evolving industry and products we constantly aim to do things better. We value your feedback (not declarative, but purposefully) .

    I agree with you: " Overall, I would say it is once again safe for customers to use the BD client. For anyone skipping to the end of this thread, I will just post a quick summary of the history of this issue. Personally, I don’t think this reflects well on BD, but I’ll let you decide."

    cheers,

    Mike

    Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB

  • Update, I've been using the free version waiting to see if the issue got resolved before installing the paid version, it seems that has not, even worst now, when I turn on my PC the freaking scanning starts immediately and slows down everything, who the heck is running this developer team? It seems that they have their head in the sand, now I'm definitely switching to a different client, I'm sick of this horrible software

  • RedsFan
    RedsFan ✭✭✭

    I haven't seen this behaviour....

  • Hi TireofBit,

    This issue was actually fixed in a previous update patch (May 2021)

    The scans you are experiencing now are a new problem. I have created a new thread for this already (address below) and would encourage you to post any comments over there.

    https://community.bitdefender.com/en/discussion/93016

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • Well here it is a year later and mine is still doing the same thing as all of you are having. I have mine set to update every 24 hours, but it updates every 12 hours. Now that I know a lot of people are having the same issue. I will be going to another AV I was with. They ranked a little better than BD. If the problem is fixed soon I will stay. Scans that are forced on is not good.

  • Generate bitdefender BDsysLog: https://www.bitdefender.com/consumer/support/answer/1922/

    Generate bitdefender support tool logs: https://www.bitdefender.com/consumer/support/answer/1733/

    Generate bitdefender connectivity logs: https://www.bitdefender.com/consumer/support/answer/9689/

    Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com

    If the generated logs are larger in size, you can upload the logs to google drive or we.tl (7days link validity for free users) or ask the support team to provide you with the online link & password of bitdefender cloud where you can upload the logs and share the upload link with the support team.

    The support team will reply back to your query within next 24-48 hours excluding weekends.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • @LawnMowerMann

    Hello.

    Open Bitdefender program, go to Utilities -> Profiles -> Settings and see if option "Activate profiles automatically" or any of the profiles (Work, Movie, Game, Public Wi-Fi or Battery Mode) is switched on / enabled.

    When Work profile is enabled, update check interval is automatically set to 8 (eight) hours.

    When Movie profile is enabled, update check interval is automatically set to 8 (eight) hours.

    When Game profile is enabled, update check interval is automatically set to 12 (twelve) hours.

    When Public Wi-Fi profile is enabled, update check interval is automatically set to 1 (one) hour.

    When Battery Mode profile is enabled, update check interval is automatically set to 1 (one) hour.

    So, if you want to set the update check interval in Settings -> Update -> Update check interval by yourself, first you must switch off the option "Activate profiles automatically" and/or any of the profiles (Work, Movie, Game, Public Wi-Fi or Battery Mode).

    Regards.