Constant "Suspicious connection blocked" messages

twanv

In the last month or so, Bitdefender has started coming up with a flood of "Suspicious connection blocked" messages (related to untrusted certificates). These keep coming and coming - it seems that half the internet is running on untrusted certificates! Or more likely, Bitdefender is being far too aggressive in its blocking.

This is becoming very annoying to say the least. Any comment from Bitdefender?

Scott

Hi @twanv

That should have been resolved for you with build 26.0.23.80 We've had very few members, if any, posting regarding this issue since then, at least as far as I've seen.

https://community.bitdefender.com/en/discussion/comment/313887#Comment_313887

Please confirm that you have the newest build 26.0.25.86 by right clicking the BD system tray icon/About, or from the main Dashboard clicking the lifepreserver (dougnut) at the top/Product information.

Kind regards,

Scott

Alexandru_BD

Hello @twanv,

In addition to Scott's insightful information above, check the below article as well, for steps on how to stop this notification, in the event you do have the version that contains the fix, but the notifications are still being triggered:

https://www.bitdefender.com/consumer/support/answer/2471/

Regards

twanv

@Scott I am indeed running 26.0.25.86, installed on Sept-5. Those messages have kept coming over the past week though (at the same rate as previous weeks - I can see Critical Notifications back to at least 3 weeks ago). All of them consist of "untrusted certificate" notifications.

Scott

Thank you for posting back and confirming that, @twanv I would then suggest Alexandru's link above and see if that helps. Otherwise, as a last resort, and is not recommended, is to turn off the encrypted web scan from Protection/Online Threat Prevention/Settings, until you can get follow-up help from support as needed.

https://www.bitdefender.com/consumer/support/help/

Scott

Jimmywick

Try to install a work profile

Bitdefender main window -> tool -> profiles -> settings -> automatically activate profiles -> off

activate profiles manually -> work profile -> enabled

in the same place click "settings" -> the pop-up window setting the profile "work"

check the box - "optimize product settings for a work profile"

uncheck - "postpone background programs and maintenance tasks"

uncheck (or at your discretion) - "postpone the automatic update of windows"

Regards,

Jimmy

Alexandru_BD

While enabling profiles and disabling encrypted web scan might help on the short term, this won't solve the situation on the long run and it's still necessary to investigate and see exactly what is causing the notifications to be displayed continuously. We've seen this happen in the past, but the latest versions have improved this throttling mechanism significantly. However, the notifications will still be displayed, as the expired or untrusted certificates may pose a threat, thus it's really important to determine their nature. To solve this, a more detailed investigation will be required and this can only be achieved with the help of our engineers. Therefore, apart from the workaround and instructions presented so far, kindly get in touch with the Support Teams in order to find the root cause and suppress these notifications.

Regards

twanv

Fully agree @Alexandru_BD .

Could someone have a look and see if they get this notification for https://www.cmegroup.com/markets/equities/sp/e-mini-sandp500.quotes.html ? It is always possible that they are not set up properly, but its such a major financial player that I would expect them to be squeaky clean... if this triggers for everyone else too, then at least I know its not fully something on my side. Thanks!

Scott

Hi @twanv your link worked without a hitch on two different PC's, one with Total Security, and one with AV+

With Encrypted web scan ON, both of them. Using totally up-to-date, Chrome browser.

Alexandru_BD

Hello @twanv and thank you for posting the link.

I have also accessed the page and didn't get the 'suspicious connection blocked' pop-up. I have tested this in two environments, while using Endpoint Security Tools and Total Security with Encrypted web scan ON. So, the issue lies somewhere else, if still present.

Cheers

twanv

@Scott @Alexandru_BD Thanks for checking and reporting.

For me, using an up-to-date (vanilla installation) Chrome, I get the message: "chrome.exe attempted to establish a connection relying on an untrusted certificate to js.clrt.ai."

So something could be screwed up with my Bitdefender setup. I am reluctant to do a complete uninstall/reinstall because of what I would lose (previously this has led to hours of work on hunting down e.g. exceptions that were needed to make something work). Any hints/tips? Is there a way to save all settings and revert them post reinstall?

Scott

@twanv do you get it with another browser like Edge, FF? If not, maybe consider doing a total uninstall (every file, every folder etc) of Chrome? With a Bitdefender reinstall, you would lose some of, if not most of, your settings. There is no option to save, or export our settings.

Maybe try adding it to Online Threat Prevention exceptions? I don't know, as I can't try it on my end. To be honest, at this point, I'm just kinda grasping at straws.

https://www.bitdefender.com/consumer/support/answer/1519/

Otherwise, Support may still be an option, where they could dig in-depth more with log files etc.