VBS Scripts for automation are Blocked by Default

remember_username · 2023-11-13T04:43:49+00:00

There was an error rendering this rich post.

My VBS scripts for automation are blocked. This is a very poor type of detection. When does the advanced heuristics implementation kicks in?

ALL malware scanners returned safe results:

Can't post virustotal links because I'm not "around for a little while."

Find more posts tagged with

annoying

false positive

Comments

remember_username

Uninstalled it. Waste of time.

Flexx

https://community.bitdefender.com/en/discussion/97815/vbs-scripts-for-automation-are-blocked-by-default

Advanced threat detection is a type of behavior blocker that is independent of signature-based detection, created by malware researchers. VirusTotal only shows the detection created by malware researchers for all of the vendors listed.

If you believe that a website or file has been incorrectly blocked by Bitdefender, you can share the details with our malware researchers by filling out the form at the link provided below: https://www.bitdefender.com/consumer/support/answer/29358/

If the website or file is indeed incorrectly blocked, the detection will be removed within a maximum of 72 hours. However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.

Additionally, you can set exclusions in Bitdefender for your particular file.

1) Temporarily disable Bitdefender Protection: https://www.bitdefender.com/consumer/support/answer/28557/

2) Set exclusions in Bitdefender Antivirus: https://www.bitdefender.com/consumer/support/answer/13427/

3) Set exclusions in Bitdefender Advanced Threat Defense:https://www.bitdefender.com/consumer/support/answer/2393/

4) Re-enable real-time protection in Bitdefender

Regards

remember_username

However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.

I wrote the scr𝗶pts myself to automate Windows tasks.

All vbs files are blocked. The antivirus is interrupting non-malicious files. This is not an "advanced" bitdefender feature as I have been using the same files since 2014 while running avast! in the background (I replaced bitdefender with Kaspersky just now but even Kaspersky never blocks my vbs files), and its heuristics detection never flagged any of my vbs files as malicious. The file that was blocked only contain a command to start a built in windows program for taking screenshots.

100% of the "vendors" agree that the files are indeed, not malicious. How can a scr𝗶pt file that contains code that automates launching of legitimate built-in windows programs considered as malicious? BD's antimalware that blocks everything based on file type is lazy and avast's heuristics from a decade ago has more common sense in differentiating between malicious and harmless scr𝗶pt files.

Flexx

https://community.bitdefender.com/en/discussion/comment/330806#Comment_330806

@Alexandru_BD, @Mike_BD kindly check on this

Regards

chiyaki

The problem was resolved by substituting it with AVG. So far, AVG doesn't block any of my harmless scr𝗶pt files.

Alexandru_BD

If I understand this correctly, it's about a vbscript that launches a bat. file. The location is suspicious, we don't know what the .bat file is, so it could very well be malware. The vbs skript itself is just a launcher.

remember_username

launches a bat. file

No. It launches snippingtool.exe:

You're referring to this post by some other user, which mentions a .bat file ▲

----------------------------------------------------------------------------------

so it could very well be malware

Bitdefender is wrong. Snippingtool.exe is not a malware. The issue is why BD blocks all of my vbs scr𝗂pts regardless of their content. This is one of the scr𝗂pts:

Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
objShell.Run("snippingtool.exe")
Set objShell = Nothing

▲ as you can see it launches "snippingtool.exe" without specifying a path. It means that it launces the executable exe file which belongs to the Snipping Tool process which comes along with the Microsoft Windows Operating System.

I don't write or embed cmd commands in my vbs scr𝗂pts. I also run a vbs scr𝗂pt that comes with Easy Context Menu and BD also blocked it. CLearly, as posted by some other user regarding the same issue, BD has a problem with vbs scr𝗂pts.

remember_username

Sorry to bother you. I left (and several others) a suggestion on making Bitdefender's main window resizable but until now there has been no improvement and that was posted around 14 years ago. Asking something like the issue above is futile as developers don't really listen to feedback. LOL

Don't respond to this thread, it's a waste of time.

Flexx

https://community.bitdefender.com/en/discussion/comment/330995#Comment_330995

To add here, Bitdefender on VirusTotal is signature-based, created by malware researchers. In contrast, Bitdefender Theta is machine learning-based. The component blocking your file is advanced threat defense (behavior blocker), which will not be displayed on VirusTotal.

Regards

Alexandru_BD

Snipping tool is legit of course. But vbs skript combined with cmd/bat and exe... I'm not surprised that it returned a detection. As you've mentioned you changed the security provider, how does the new solution compare?

Regards

remember_username

Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
objShell.Run("%any executable file%")
Set objShell = Nothing

▲ Not malicious. I'm the human checker of my own programs and scr𝗂pts. Compared to BD's "artificial intelligence," in this specific context and scenario, my common sense works better.

I know what the scr𝗂pts can do when I wrote them. I only reported the issue here as to why harmless files are blocked.

Among the free antivirus options I've tested—like Windows Defender, Malwarebytes, Avast, AVG, Kaspersky, Bitdefender, and Avira—only Panda has been the least intrusive. It doesn't cause slowdowns while I'm using Photoshop for tasks like saving, pasting image data, exporting files, and converting images. Other antivirus programs slow down my computer, even though it has a powerful Core i9 processor and RTX GPU. A good antivirus should perform well, even on a computer with basic specifications.

To avoid harmful software, I usually create my own tools, like vbs scr𝗂pts and desktop apps, to automate my work. However, many security programs block these custom scr𝗂pts and programs. It's annoying that a 30-second behavioral analysis prevents my executables from running; wasting both time and money.

remember_username

So to summarize your claims, Bitdefender is correct to flag my executables and scr𝗂pts, written in Visual Studio, as "malicious," when all the other free AV I have tried on my PC have found them harmless—during behavioral analysis and on-demand scans.

Yes, I have uploaded the scr𝗂pts to Virustotal but I also tested six AVs on my PC. AVG and Avast launched behavioral analysis but found nothing.

To add here, Bitdefender on VirusTotal is signature-based, created by malware researchers. In contrast, Bitdefender Theta is machine learning-based. The component blocking your file is advanced threat defense (behavior blocker), which will not be displayed on VirusTotal.

Signature-based, heuristics, and so on. These concepts went into my college research paper on security solutions from 15 years ago. I'm aware of these detection techniques.

I don't think that it's smart enough to distinguish harmless files from malicious files. It should exert its efforts on obvious malicious behavior, that is, a significant deviation from "normal" program behavior. Therefore, it needs more training data.

Rasit

So… I created a vbs scr1pt to launch Thunderbird at Windows Startup, with delay:

On Error Resume Next

' Connect to WMI service
Set objWMIService = GetObject("winmgmts:\.\root\CIMV2")
If Err.Number <> 0 Then
WScript.Echo "Failed to connect to WMI service. Error: " & Err.Description
WScript.Quit(1)
End If

' Query for running instances of thunderbird.exe
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = 'thunderbird.exe'")
If Err.Number <> 0 Then
WScript.Echo "Failed to execute WMI query. Error: " & Err.Description
WScript.Quit(1)
End If

' Check if any instances are found
If colItems.Count = 0 Then
WScript.Sleep 20000
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run """C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk"""
End If

On Error GoTo 0

But Bitdefender blocks it.

I added it to exceptions:

But still blocks it.

The notifications says it got blocked by Advanced Threat Defence:

And I can't enable the "Advanced Threat Defence" option in "Manage Exceptions" because it's greyed out…

Now what?

Scott

https://community.bitdefender.com/en/discussion/comment/339569#Comment_339569

Hello,

Advanced Threat Defense is only for .exe files, thus it is grayed out. Try disabling Bitdefender Shield in the AV Advanced settings, and FWIW, disable ATD, then add your above file path into Exceptions, re-enable the two components, restart you PC and see if it still gets flagged.

Rasit

https://community.bitdefender.com/en/discussion/comment/339571#Comment_339571

??????????????????? IT WORKED ????????????? WTF ???????????????????????????

You seem like you know better than the BD developers, so lemme kindly get your opinion on these bugs as well:

https://community.bitdefender.com/en/discussion/95295/firewall-permission-dialog-box-is-poorly-coded-any-explanation

https://community.bitdefender.com/en/discussion/93701/remove-anti-spam-toolbar-in-thunderbird

Scott

https://community.bitdefender.com/en/discussion/comment/339572#Comment_339572

Well, 1 out of 3 isn't bad…LOL, but regarding the other two links you provided, I have no solution for those.

I did have a time where I needed to tick the firewall confirmation box 2-3 times in order for BD to keep and Allow an app through, but nothing like your video shows.

And as far as Thunderbird, that also seems to be an ongoing issue as well as with some others. If you type Thunderbird in the search bar at the top of this webpage, you'll see what I mean. At times it's not only BD, but some of the other AV's can have misc. issues with T-Bird as well as with Outlook.

I hope you have a good weekend.

Rasit

https://community.bitdefender.com/en/discussion/comment/339573#Comment_339573

Aaaaand I'm out of luck again… 5 mins ago I booted my pc and Bitdefender blocked my ****** again…

It was a nice 4 days long ride tho, thanks to you. I really appreciate it. Unlike BD devs, you actually tried to solve my problem and even did, for a couple of days.

I'm super fed-up with Bitdefender's bugs and not getting solutions from BD, so I don't plan to renew my license. I may even leave it before my license expires because it keeps actively interrupting my workflow with new problems again and again. I need stability.

Scott

https://community.bitdefender.com/en/discussion/comment/339811#Comment_339811

Bummer, at least it was a "fun" 4 day ride. Thank you for the kind words, though :)

Scott