System dropping packets after giving Bitdefender files full disk access

microlaser · 2023-02-17T11:29:37+00:00

There was an error rendering this rich post.

Screenshot 2023-02-16 at 10.03.23 PM.png

I think one of these Bitdefender files is a trojan, my system stared dropping packets when I gave these files full disk access, I think one is fake. This shows the result.

sh-3.2# tcpdump -vvfA | grep 9.9.9.9

tcpdump: data link type PKTAP

tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

dns9.quad9.net.domain > 192.168.0.148.59097: [udp sum ok] 12219 q: A? dns.quad9.net. 2/0/0 dns.quad9.net. A 9.9.9.9, dns.quad9.net. A 149.112.112.112 (63)

21:19:09.999298 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65)

21:19:09.999494 IP (tos 0x60, ttl 56, id 0, offset 0, flags [DF], proto UDP (17), length 1278)

^C10532 packets captured

10778 packets received by filter

0 packets dropped by kernel

sh-3.2# tcpdump -vvfA | grep 9.9.9.9

tcpdump: data link type PKTAP

tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

21:37:09.909492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1277)

21:37:09.909693 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 113)

21:37:09.909794 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 91)

^C3316 packets captured

3325 packets received by filter

0 packets dropped by kernel

sh-3.2# tcpdump -vvfA | grep 9.9.9.9

tcpdump: data link type PKTAP

tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

37.120.155.202.https > 192.168.0.148.51361: Flags [.], cksum 0x0f12 (correct), seq 898929:900317, ack 3531, win 330, length 1388

^C29661 packets captured

47892 packets received by filter

17080 packets dropped by kernel

The kernels were dropped after I gave all these items full disk access.

Find more posts tagged with

Comments

Pleonasm

@microlaser, I am using Bitdefender Antivirus for Mac (9.2.0.12, macOS 13.2.1) with Full Disk Access enabled for (1) Antivirus for Mac and (2) Bitdefender – but, not for (3) bdagentd or (4) Installer. Perhaps that configuration might be worthwhile to test?

Flexx

https://community.bitdefender.com/en/discussion/95090/system-dropping-packets-after-giving-bitdefender-files-full-disk-access

Generate bitdefender BDsysLog for macOS: https://www.bitdefender.com/consumer/support/answer/11198/

Generate bitdefender BDProfiler log for macOS: https://www.bitdefender.com/consumer/support/answer/1863/

Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com

The support team will reply back to your query within next 24-48 hours excluding weekends.

Regards