System dropping packets after giving Bitdefender files full disk access
I think one of these Bitdefender files is a trojan, my system stared dropping packets when I gave these files full disk access, I think one is fake. This shows the result.
sh-3.2# tcpdump -vvfA | grep 9.9.9.9
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
dns9.quad9.net.domain > 192.168.0.148.59097: [udp sum ok] 12219 q: A? dns.quad9.net. 2/0/0 dns.quad9.net. A 9.9.9.9, dns.quad9.net. A 149.112.112.112 (63)
21:19:09.999298 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65)
21:19:09.999494 IP (tos 0x60, ttl 56, id 0, offset 0, flags [DF], proto UDP (17), length 1278)
^C10532 packets captured
10778 packets received by filter
0 packets dropped by kernel
sh-3.2# tcpdump -vvfA | grep 9.9.9.9
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
21:37:09.909492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1277)
21:37:09.909693 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 113)
21:37:09.909794 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 91)
^C3316 packets captured
3325 packets received by filter
0 packets dropped by kernel
sh-3.2# tcpdump -vvfA | grep 9.9.9.9
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
37.120.155.202.https > 192.168.0.148.51361: Flags [.], cksum 0x0f12 (correct), seq 898929:900317, ack 3531, win 330, length 1388
^C29661 packets captured
47892 packets received by filter
17080 packets dropped by kernel
The kernels were dropped after I gave all these items full disk access.
Comments
-
@microlaser, I am using Bitdefender Antivirus for Mac (9.2.0.12, macOS 13.2.1) with Full Disk Access enabled for (1) Antivirus for Mac and (2) Bitdefender – but, not for (3) bdagentd or (4) Installer. Perhaps that configuration might be worthwhile to test?
1 -
Generate bitdefender BDsysLog for macOS: https://www.bitdefender.com/consumer/support/answer/11198/
Generate bitdefender BDProfiler log for macOS: https://www.bitdefender.com/consumer/support/answer/1863/
Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com
The support team will reply back to your query within next 24-48 hours excluding weekends.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1