VBS Scripts for automation are Blocked by Default
My VBS scripts for automation are blocked. This is a very poor type of detection. When does the advanced heuristics implementation kicks in?
ALL malware scanners returned safe results:
Can't post virustotal links because I'm not "around for a little while."
Comments
-
Uninstalled it. Waste of time.
0 -
Advanced threat detection is a type of behavior blocker that is independent of signature-based detection, created by malware researchers. VirusTotal only shows the detection created by malware researchers for all of the vendors listed.
If you believe that a website or file has been incorrectly blocked by Bitdefender, you can share the details with our malware researchers by filling out the form at the link provided below: https://www.bitdefender.com/consumer/support/answer/29358/
If the website or file is indeed incorrectly blocked, the detection will be removed within a maximum of 72 hours. However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.
Additionally, you can set exclusions in Bitdefender for your particular file.
1) Temporarily disable Bitdefender Protection: https://www.bitdefender.com/consumer/support/answer/28557/
2) Set exclusions in Bitdefender Antivirus: https://www.bitdefender.com/consumer/support/answer/13427/
3) Set exclusions in Bitdefender Advanced Threat Defense:https://www.bitdefender.com/consumer/support/answer/2393/
4) Re-enable real-time protection in Bitdefender
Regards
OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)
0 -
However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.
I wrote the scr𝗶pts myself to automate Windows tasks.
All vbs files are blocked. The antivirus is interrupting non-malicious files. This is not an "advanced" bitdefender feature as I have been using the same files since 2014 while running avast! in the background (I replaced bitdefender with Kaspersky just now but even Kaspersky never blocks my vbs files), and its heuristics detection never flagged any of my vbs files as malicious. The file that was blocked only contain a command to start a built in windows program for taking screenshots.
100% of the "vendors" agree that the files are indeed, not malicious. How can a scr𝗶pt file that contains code that automates launching of legitimate built-in windows programs considered as malicious? BD's antimalware that blocks everything based on file type is lazy and avast's heuristics from a decade ago has more common sense in differentiating between malicious and harmless scr𝗶pt files.
1 -
@Alexandru_BD, @Mike_BD kindly check on this
Regards
OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)
0 -
The problem was resolved by substituting it with AVG. So far, AVG doesn't block any of my harmless scr𝗶pt files.
1 -
If I understand this correctly, it's about a vbscript that launches a bat. file. The location is suspicious, we don't know what the .bat file is, so it could very well be malware. The vbs skript itself is just a launcher.
0 -
launches a bat. file
No. It launches snippingtool.exe:
You're referring to this post by some other user, which mentions a .bat file ▲
----------------------------------------------------------------------------------
so it could very well be malware
Bitdefender is wrong. Snippingtool.exe is not a malware. The issue is why BD blocks all of my vbs scr𝗂pts regardless of their content. This is one of the scr𝗂pts:
Dim objShell Set objShell = WScript.CreateObject( "WScript.Shell" ) objShell.Run("snippingtool.exe") Set objShell = Nothing▲ as you can see it launches "snippingtool.exe" without specifying a path. It means that it launces the executable exe file which belongs to the Snipping Tool process which comes along with the Microsoft Windows Operating System.
I don't write or embed cmd commands in my vbs scr𝗂pts. I also run a vbs scr𝗂pt that comes with Easy Context Menu and BD also blocked it. CLearly, as posted by some other user regarding the same issue, BD has a problem with vbs scr𝗂pts.
1 -
Sorry to bother you. I left (and several others) a suggestion on making Bitdefender's main window resizable but until now there has been no improvement and that was posted around 14 years ago. Asking something like the issue above is futile as developers don't really listen to feedback. LOL
Don't respond to this thread, it's a waste of time.
0 -
To add here, Bitdefender on VirusTotal is signature-based, created by malware researchers. In contrast, Bitdefender Theta is machine learning-based. The component blocking your file is advanced threat defense (behavior blocker), which will not be displayed on VirusTotal.
Regards
OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)
1 -
Snipping tool is legit of course. But vbs skript combined with cmd/bat and exe... I'm not surprised that it returned a detection. As you've mentioned you changed the security provider, how does the new solution compare?
Regards
0 -
Dim objShell Set objShell = WScript.CreateObject( "WScript.Shell" ) objShell.Run("%any executable file%") Set objShell = Nothing▲ Not malicious. I'm the human checker of my own programs and scr𝗂pts. Compared to BD's "artificial intelligence," in this specific context and scenario, my common sense works better.
I know what the scr𝗂pts can do when I wrote them. I only reported the issue here as to why harmless files are blocked.
Among the free antivirus options I've tested—like Windows Defender, Malwarebytes, Avast, AVG, Kaspersky, Bitdefender, and Avira—only Panda has been the least intrusive. It doesn't cause slowdowns while I'm using Photoshop for tasks like saving, pasting image data, exporting files, and converting images. Other antivirus programs slow down my computer, even though it has a powerful Core i9 processor and RTX GPU. A good antivirus should perform well, even on a computer with basic specifications.
To avoid harmful software, I usually create my own tools, like vbs scr𝗂pts and desktop apps, to automate my work. However, many security programs block these custom scr𝗂pts and programs. It's annoying that a 30-second behavioral analysis prevents my executables from running; wasting both time and money.
0 -
So to summarize your claims, Bitdefender is correct to flag my executables and scr𝗂pts, written in Visual Studio, as "malicious," when all the other free AV I have tried on my PC have found them harmless—during behavioral analysis and on-demand scans.
Yes, I have uploaded the scr𝗂pts to Virustotal but I also tested six AVs on my PC. AVG and Avast launched behavioral analysis but found nothing.
To add here, Bitdefender on VirusTotal is signature-based, created by malware researchers. In contrast, Bitdefender Theta is machine learning-based. The component blocking your file is advanced threat defense (behavior blocker), which will not be displayed on VirusTotal.
Signature-based, heuristics, and so on. These concepts went into my college research paper on security solutions from 15 years ago. I'm aware of these detection techniques.
I don't think that it's smart enough to distinguish harmless files from malicious files. It should exert its efforts on obvious malicious behavior, that is, a significant deviation from "normal" program behavior. Therefore, it needs more training data.
0
