Question about BitDefender's file Quarantine/Deletion Processes

From posts that have been posted in this community, it seems that during antivirus scanning, files identified as potential/actual malicious files can be automatically deleted by BitDefender's antivirus software, without being moved to the quarantine folder - depriving the user of a chance to restore files that aren't malicious or to even know that a file they own has been removed. Please see links to related threads below. I'm considering BifDefender's anti-virus application but can't have a 3rd party delete company files automatically or via some background process that bypasses a) notification of the user b) quarantine c) restoration of files that we know (because we created them) are not malicious. 

1) What, if anything) is BitDefender doing to ensure that all files identified as potentially malicious are ALWAYS quarantined, with functionality that allows users to restore files?

2) What types of files (please indicate file extensions) are at higher risk of being flagged as potentially malicious, when in fact they are not? If we subscribe to BitDefender antivirus, I want to gauge whether we have any files that are at risk for this issue. Thank you!

Links to threads RE: files not being quarantined

https://community.bitdefender.com/en/discussion/comment/313945#Comment_313945

https://community.bitdefender.com/en/discussion/94755/added-exception-still-deletes-my-folders

https://community.bitdefender.com/en/discussion/91121/no-quarantine-items

https://community.bitdefender.com/en/discussion/94709/bitdefender-deletes-my-downloads-from-turbobit-without-warning-or-asking-any-help

Best Answer

  • Alexandru_BD
    Alexandru_BD admin
    Answer ✓

    Hi @Seafarer257,

    The files identified as potentially malicious should not be automatically deleted. They are kept for 30 days in quarantine, after which they are deleted. For what it's worth, there is also a restore button and this will set an exception on the original restore path. If it cannot restore to the original path, it asks you where you want to put the file. In the event that the file is not in the desired location, this should be investigated further by the anti-malware teams.

    You can get in touch with the Support teams to request more insight on the processes involved, or further assistance if needed. You can contact the Bitdefender engineers by choosing one of the contact channels available here:

    https://www.bitdefender.com/consumer/support/help/

    Choose from the available contact channels, chat, phone and email/ticket. Chat would be the fastest way to reach them.

    I hope the information is helpful.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

Answers

  • Hello @Seafarer257 and welcome to the Community!

    When Bitdefender finds an infection on your computer, it usually takes automatic action against it and gets rid of the malware without requiring any input on your side. Bitdefender isolates suspicious or infected files that cannot be disinfected in a secure area named Quarantine. When a threat is in quarantine, it cannot do any harm because it cannot be executed or read. Uninstalling Bitdefender won’t restore the quarantined items back to their original location. They remain isolated unless you choose to manually restore them.

    If you suspect that Bitdefender mistakenly flagged a legitimate file as a threat (a false positive alert) you can send the file that you think is not infected to Bitdefender labs for analysis. Once confirmed, false positives are corrected within hours via automatic update.

    You can also restore a file from quarantine if you think it’s legitimate and not a real infection. If you want to examine or recover data from quarantined files, follow the steps below. Caution should be exercised when managing quarantined files to prevent accidental malware infection.

    There isn't an actual list of files at higher risk of being flagged as potentially malicious. Bitdefender's Advanced Threat Defense continuously monitors the applications and processes running on your computer. It monitors suspicious activities such as copying files to important Windows operating system folders, executing or injecting code into other processes, multiplying them, changing the Windows registry, or installing drivers.

    Each action is scored, and every process receives a danger score. If the overall score for a process reaches a certain threshold, Bitdefender makes the decision to block that application that 99% of the time turns out to be malware. Thanks to the score-based rating system, the number of false positive detections is very low and the detection of threats, even if they are very new, is extremely effective. However, Advanced Threat Defense may block a trusted process or application if it performs threat-like actions and for this exceptions can be set to allow the respective app to run.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Seafarer257
    edited October 2023

    @Alexandru_BD thanks for your response. To clarify, I'm familiar with how anti-virus software should work. My question was, specifically for BitDefender antivirus apps, are ALL files identified as potentially malicious (including the ~ 1% that are a false positive) always quarantined? To re-phrase my question - Are there any circumstances in which BitDefender antivirus apps DELETE a file identified as potentially malicious rather than quarantining it?

    So we're on the same page, my definition of antivirus DELETING a file = removal of a file identified as potentially malicious WITHOUT that file being moved to quarantine folder/directory.

    I ask this question because of the above posts RE:users not being able to retrieve (locate in quarantine) files that were falsely identified as malicious.

    Please let me know if I need to clarify further. Thx!

  • @Alexandru_BD  That's the clarification I needed, Thank you.