Suspicious Connection (blocked 9 times every 3 minutes)

"msedge.exe attempted to establish a connection relying on an untrusted certificate to wpad. We blocked the connection to keep your data safe since untrusted certificates are issued by unrecognized Certificate Authorities."

What is this? Can I add an exception to stop getting interrupted by this notification?

Answers

  • Hello @pmcconnaughey and welcome to the Community!

    Check the following article for explanations, possible causes and steps to supress this notification:

    Let us know how it goes

    Premium Security & Bitdefender Endpoint Security Tools user

  • Yeah, I've read that already, wpad. is not a web url as far I understand and I don't know how to figure out what is triggering edge to initiate this "Web Proxy Auto-Discovery Porotocol"

    Bit defender is the only extension I have msedge

    I could just turn off the notification but if this actually is some sort of security problem I don't just want to allow it to keep occurring even if bitdefender is preventing it. If it isn't, then I would like to add an exception.

  • Have your tried the remediation steps suggested in the article? I've seen mentions of "wpad" triggering this notification before on the forum..

    If you still receive these notifications, then your browser connects to it either through allowed notifications or toolbars/extensions. I suggest that you clear the cache & cookies, remove any unused/unknown extensions and if the issues persist, reset your browser. You can find these steps here:

    Alternatively, you can add an exception for the website in Bitdefender - Protection - Online Threat Prevention - Manage Exceptions, or, from the same area (Online Threat Prevention) - disable the Encrypted Web Scan feature which scans for the certificates of websites (not a recommended action).

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • That suggested solution is not acceptable. This is not a normal URL with an out of date certifcate... it is Web Proxy Auto-Discovery Porotocol so is related in some complex way to the way the computer makes the connection to server. Clearly out of average user's league. I get this notification 90 times a day now - didn't start that long ago. I had an elevated BD ticket and their response too was 'reset my browser'. I hated that response - no discussion or explanation and a generic task for customer to "try". This is a technical issue with a technical solution -- that should be pursued by the technicians who designed the software -- that I purchase every year. What's the point of "Critical Notifications" feature if we are to ignore or make an exception without knowing the cause of the problem. If they can't handle this how are we to believe they can address serious hacker attacks. Bitdefender don't get to big for your britches... do the work to uphold the integrity of your product and support your loyal customers.

  • Mine started with the blocked suspicious connections to wpad about one month ago. I have searched and read through all suggestions to no avail. Should I try to do a restore to an earlier time? Just guessing at this point!!!!

  • Alexandru_BD
    Alexandru_BD admin
    edited February 2023

    Hello @donafrio13,

    If the basic recommended troubleshooting steps do not work for you and the pop ups keep coming, I think it's best to reach out to our Support Teams for further assistance. Head to the link below to choose your desired contact channel:

    https://www.bitdefender.com/consumer/support/help/

    Let us know how it goes. I remember seeing this notification being triggered by wpad on several occassions, thus our engineers should have a solution for this.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • I followed instructions to turn off autodetect of lan settings. seems to have done the trick.

    Disable WPAD in Windows to Stay Safe on Public Wi-Fi Networks (howtogeek.com)

  • Interesting @audiomutt, thanks for sharing! 👍️

    Premium Security & Bitdefender Endpoint Security Tools user

  • I have the same issue for the last month; using MS Edge and Google Seach/GMail. Within this period of time my PC was infected with Trojan.GenericKD.69812247 and with the help of Bitdefender Forum got it removed. I am careful which sites I go to, rarely download prefering to copy what I need and do not know when the infection took place. However it reappeared and after trying various solutions got it deleted by bitdefender. I am unsure whether it still resides on the PC unless I run a full scan to see if it is still there. I am considering to carry out a factory reset and change my internet security

  • I've had it on my laptop for two years and just bought a new custom desktop. Without installing any programs except Bitdefender I started getting the same messages..

  • @drew1772 have you found the notification trigger? Did you check the guidelines here?


    Premium Security & Bitdefender Endpoint Security Tools user

  • @audiomutt that was the issue! I didn't even know about this before but it definitely should be disabled unless you're in an organization that requires adjusting your proxy settings.

  • vinieux
    vinieux Mr.
    edited May 2

    I seem to have triggered this alert when I enabled NextDNS servers for my DNS. Hope this helps somebody. What really gets my goat is that nowadays these problems persist across the years. This is now April 2024 and I get this alert, which means NOBODY has been able to figure out anything for the past year and a half. And I have paid versions of both NextDNS as well as BitDefender! And I hardly use Edge!