Is there any way to disable remote monitoring / remote wipe in the client?

mojimba · 2022-05-26T18:40:21+00:00

There was an error rendering this rich post.

I do not need this functionality, IMHO it is downright dangerous to have enabled by default. Even with my bitdefender account secured by 2FA, who's to say some malicious actor within Bitdefender doesn't wake up on the wrong side of bed one day and sends a wipe command to every connected PC?

I've looked through various configuration settings but it is not obvious how to disable this, or if it's even possible?

Thanks!

Find more posts tagged with

windows 10

anti-theft

Comments

Scott

Hi @mojimba

I don't ever see anyone from Bitdefender waking up on the wrong side of the bed and doing something like that. But it leads to another thought, what if our phone memory or PC SSD or HD fails? That's why regular backups would give us peace of mind and help us through any of those senerios.

Our accounts are secured by our central password, even from BD employees. Maybe even encrypted? @Alexandru_BD would know more about that. What they can see on their end if needed, is support tickets associated with our email accounts as well as product purchases.

I'm not sure about a setting on the BD app side.

Gjoksi

@Scott

You are right, only @Alexandru_BD and @Mike_BD can answer this question about the privileges and restrictions Bitdefender employees have on our Bitdefender Central accounts.

@mojimba

Hello.

Some of my files on my laptop, which contain sensitive data, are encrypted with Glary Utilities Pro.

Also, ALL my files, including the encrypted files, are backed up on my Google Drive account and my Google account has 2FA enabled, so only i can have access to the contest of my Google Drive account.

That is why i don't care if someone wipes/deletes all data from my laptop.

Finally, it is not possible to disable or configure the remote actions.

Regards.

mojimba

@Scott / @Gjoksi

Thanks for the responses. It goes without saying I have full backups of everything important to me (3-2-1). But my time is also important.

Perhaps I'll use a different example to the "bad employee" one... this one I know has happened to a former colleague of mine (a few years after he left and went to another company): due to a server-side bug (I believe it was Exchange Server), remote wipe commands were issued to a number of their user mobile devices, unbeknownst to the sysadmins... a few "fun" days followed!

So although we here may have all our files backed up, but our time isn't free, and if a device is unexpectedly wiped, that time will be needed to restore and reconfigure everything.

Perhaps I'm being overly paranoid, but I would like to have the option to decide for myself what I consider important in PC/Laptop security and what not.

(BTW I only use Bitdefender on 1 laptop - all other devices are or will be desktops and Windows 10 VMs, which are a bit harder to lose or steal!).

Thanks again.

Scott

mojimba, you were ahead of us in protecting yourself regarding backups. We just like to make sure of these things by covering those bases.

To a lesser extent than what you're talking about, I went through the headache of a disgruntled phone company employee slamming a lot of peoples phone numbers, including mine. So I know sometimes things like what you mentioned and what I went through happen. But I'm sure Alexandru or Mike can help clarify things from Bitdefender's end.

Alexandru_BD

Hello,

I will shed some light on this topic.

To begin with, no Bitdefender employee has access to your passwords. This includes all of them and Central is no exception. To use the Anti-Theft features, including the erase function, the following prerequisites must be met:

Bitdefender Total Security must be installed on the stolen laptop and activated with a Central account.
The commands can only be sent from the Bitdefender Central account you linked your laptop to.
The laptop you are trying to locate must be connected to the Internet to receive the commands from Central

Point no. 2 assumes that only the account holder can perform this task using the 3 methods described in the below article:

https://www.bitdefender.com/consumer/support/answer/32561/

In terms of visibility and what a Bitdefender authorized employee can do, in the event the user reports a compromised account/password, we can restrict login completely and the account can only be unlocked by a request made by the account holder to our Support Teams. Subscription management is achieved using an unique internally developed tool and does not require Central login from our part. We only require the e-mail address associated with the Central account to be able to view the subscription details. Adjustments that can be made from our part include validity extensions, subscription upgrade/downgrade, device variation upgrade/downgrade, refunds/cancellations to name a few and each modification, even a simple check of an account leaves an automated timestamp/note, displaying the username and reason of access. This way, a change log is visible for all employees with permissions to view or edit subscription details. Furthermore, all access to the respective tools is achieved in an enclosed, encrypted environment. All subscription changes performed on our end are shortly visible to the user once they are logged in the Central account, so if something does not look right, we strongly recommend the user to contact our Support Teams directly, as soon as possible.

The support tools do not include a wipe function, nor a way to send an install link to another device, for example. Access is limited only to the relevant support actions that cannot be performed by the user. Basically, the tool is not mirroring all the options available in Central, from the user's perspective.

Of course, a security solution can only protect you to some extent. It's a watchdog, with many layers of defense, so that if one fails, the next one takes over and so on. But keeping your passwords private and secure and backing up your data is a must at all times. Common sense is precious, if an out of the blue message/link/pop-up/notification shows up, don't open it and walk away. And remember: if something sounds too good to be true, it usually is.

I hope the information is helpful and reassuring 🙂

Best regards

mojimba

@Alexandru_BD ,

Thanks for the detailed response!

I just want to clarify/reiterate something - I'm guessing we're all professionals here! I'm not saying you don't have appropriate policies and systems in place to prevent anti-theft controls from being unexpectedly triggered or maliciously used by staff, but I come from a software development and systems engineering background - it's what I do daily. And I know systems (and people) can go wrong. And sooner or later do go wrong!

We're at 99% level now... what would be 100% reassuring to me, is allowing users to decide for themselves if anti-theft functionality should be enabled or not (it's ok to have it on by default; just give us the option of disabling it) 🙂

I'm new to Bitdefender, and I really like what I see so far, these are just relatively minor points which if taken on board I think would make for an even better product.

Thanks again.

Alexandru_BD

@mojimba you are most welcome.

If the feature would be disabled, this means that it can also be re-enabled anytime by someone that has access to the Central account credentials. So it all comes down to the level of account security.

For 100% peace of mind I would recommend the 2-Factor Authentication security layer:

With 2-Factor Authentication, your Central account can only be accessed on devices you trust. Each time you sign in to your Central from a new device, your password and a verification code will be required. This way you will prevent account takeover and keep away types of cyberattacks, such as keyloggers, brute-force, or dictionary attacks.

This is as safe as it gets 🙂

You can enable this additional security measure by following the steps described below:Click the icon in the upper right hand corner of the page, and select Bitdefender Account. The option will open in a new tab.

Select the Password and security tab.

Click 2-Factor Authentication.

Furthermore, all Bitdefender information security policies are ISO 27001 and SOC2 Type2 certified, the level of security around here is out of this world.

Regards

PleaseImproveBD

Hello,

Just bought Bitdefender TS to get rid of my Kaspersky (was a customer for 15y I think) and I'm a bit flabbergasted to say the least.

Presentation/Feature: I did not expect the overall tools Kaspersky provided and accepted the dumbed down/streamlined presentation. Took me some time to get rid of the pop-ups & built-in ads/nags to buy additional products I don't need or the sollicitation to use product automatically
AV features/Performance Impacts/Memory footprint, configuration I needed: OK acceptable and close to KS, would be a keeper.
Cloud management/fleet of devices management: for a software product that is presented like the security solution you need there's unacceptable limitations. This product is sold as the solution to secure a fleet of devices and falls short of that promise. Let me explain below my findings in 2 days of usage.

I can't deactivate functionalities I don't want. Anti-Theft on desktop computers/workstations is unwanted in my book. I don't want to have the feature enable on those devices and wish to be able to disable it at the local level; I don't want to risk any kind of bug activating - from the cloud - a command to remote wipe these devices. Period.
Even if as part of the "Bitdefender" strategy/marketing the feature has to remain always on, Anti-Theft and particularly remote wiping should be handled with a stringent additional security layer, such as a separate password set locally on devices and used centrally to authorize the activation of the access activation of the Anti-Theft features. If your fear is account/license sharing, a single password is acceptable, just check the hash using a separate hash algorithm from the one used to issue commands... I did not try wiping a device so maybe I missed something, but with the Bitdefender answers to this concern I've read so far, I doubt it.
It seems that Bitdefender Central, understood as the cornerstone of Bitdefender security, lacks simple security features revolving around timed access. If I don't disconnect voluntarily from the website or the IOS app, It seems that I'm staying connected indefinitely... with immediate access to the Anti-Theft features...IOS no simple app numeric protection or Face ID and if you disconnect and reconnect the "Product Reports..." is automatically reactivated.
When I've set up Parental Control I was disappointed to see that if a single device is used by more than one child with different Windows account/profile you can't have different Bitdefender profile applied to it. Moreover, considering this limitation and creating single profile for my children, I could not select more than 1 Windows account to which the single Bitdefender Parental Control should be applied. It's either 1 Windows account or all of them... thus also applying Parental Control to parents account when they use the device...or now forcing my children to use the same Windows account/profile.
Last ... even if it is the least of the concern: I installed Bitdefender Central on my iPhone to monitor my devices, and I have not intent to install Bitdefender "the anti-virus" on this device. But I'm now nagged with a "Device At-Risk". Please Bitdefender marketing team, understand that if you do not have a product that can secure all my devices, so again let me choose what is actually a risk and ignore/excludes.

To me this is under the par for the purported leader of the pack, I would consider keeping Bitdefender if I actually could leave out all the Bitdefender Central nonsense/limitations, but I don't see a way and I never expected to be so disappointed.

I wish a refund and would like to be contacted/will contact customer services.

Will restart my research for a replacement AV.

Best

Gjoksi

@PleaseImproveBD

Hello.

You may obtain a refund by contacting:

refunds@bitdefender.com

within 30 days of your initial purchase or of the automatic renewal date.

Also, you could contact Bitdefender Consumer Support by chat, telephone or e-mail:

https://www.bitdefender.com/consumer/support/help/

https://community.bitdefender.com/en/discussion/91918/bitdefender-websites-and-bitdefender-consumer-support-contacts

NOTE: Bitdefender telephone support is not toll-free!

Regards.

@Alexandru_BD Any explanation to the costumer? Thanks.

Alexandru_BD

Hello @PleaseImproveBD

I would like to thank you for taking the time to share your thoughts. It means a great deal to us, because this is how we can improve our products and services. I will do my best to provide answers to your above questions.

While there are plenty of customization options for notifications, exclusions and product features, some of the essential security functionalities of the antivirus cannot be modified. Our solutions include several layers (prevention, protection, remediation - to name a few) and complex technologies developed precisely to ensure that we can protect everything that is important to you. These layers have been designed for both advanced users and less tech savvy users as well, to meet overall requirements and the product developers and security researchers always take into account all possible vulnerabilities and scenarios of usage. In regards to the Anti-Theft feature, the development teams have received a couple of interesting suggestions from our members and they are currently being analyzed.

When it comes to the wipe function, only the Central account holder should have access to it. For this reason, I recommend that you don't share your account credentials with anyone else and make sure to enable the 2-Factor Authentication security layer for your account.

With 2-Factor Authentication, your Central account can only be accessed on devices you trust. Each time you sign in to your Central from a new device, your password and a verification code will be required. More information regarding this feature is available at the link below:

https://www.bitdefender.com/consumer/support/answer/1581/

This feature ensures that even IF your credentials are known to somebody else, they will not be able to gain access to your Central account, thus no one except you can change the settings. This defense also protects against cyberattacks, such as keyloggers, brute-force, or dictionary attacks. Multiple failed attempts to login will also trigger an account lock, in effect until the identity of the owner can be proven. We are firm believers that one of the most important measures of protection is prevention, thus it is recommended to lock your device at all times, especially if you are not the only user that has access to it. Keep in mind that you can also protect your Bitdefender settings with a password. You can find detailed steps on how to do this in the article below:

https://www.bitdefender.com/consumer/support/answer/2076/

In regards to the Central account and timed access, I have noted your suggestion and I will forward it to our development teams in the next feedback sprint. Surely, they will be able to shed some light on this.

Regarding the Parental Control, there is indeed a technical limitation of one account/ child profile per device and there are no foreseeable changes for this feature.

The "Device At-Risk" status is displayed because you are logged in Central using that mobile device and if you don't wish to see this message, you can access Central in a web browser using https://central.bitdefender.com/ and remove the device from there.

Of course, in the event the product does not meet your expectations, you may may obtain a refund by contacting refunds@bitdefender.com within 30 days of your initial purchase or of the automatic renewal date.

I hope the information is helpful and that you will reconsider the Bitdefender products in the future. Thank you for your comprehensive review and for sharing your honest opinion with us.

Best regards,

Alex

Janeer

I had similar fears but their admin told me in details about the degree of protection and all security checks, thus I calmed down.

Employee tracking program.