VBS Scripts for automation are Blocked by Default

Options

My VBS scripts for automation are blocked. This is a very poor type of detection. When does the advanced heuristics implementation kicks in?

ALL malware scanners returned safe results:

Can't post virustotal links because I'm not "around for a little while."


Comments

  • Uninstalled it. Waste of time.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited November 2023
    Options

    Advanced threat detection is a type of behavior blocker that is independent of signature-based detection, created by malware researchers. VirusTotal only shows the detection created by malware researchers for all of the vendors listed.

    If you believe that a website or file has been incorrectly blocked by Bitdefender, you can share the details with our malware researchers by filling out the form at the link provided below: https://www.bitdefender.com/consumer/support/answer/29358/

    If the website or file is indeed incorrectly blocked, the detection will be removed within a maximum of 72 hours. However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.

    Additionally, you can set exclusions in Bitdefender for your particular file.

    1) Temporarily disable Bitdefender Protection: https://www.bitdefender.com/consumer/support/answer/28557/

    2) Set exclusions in Bitdefender Antivirus: https://www.bitdefender.com/consumer/support/answer/13427/

    3) Set exclusions in Bitdefender Advanced Threat Defense:https://www.bitdefender.com/consumer/support/answer/2393/

    4) Re-enable real-time protection in Bitdefender 

    Regards 

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • remember_username
    edited November 2023
    Options

    However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.

    I wrote the scr𝗶pts myself to automate Windows tasks.

    All vbs files are blocked. The antivirus is interrupting non-malicious files. This is not an "advanced" bitdefender feature as I have been using the same files since 2014 while running avast! in the background (I replaced bitdefender with Kaspersky just now but even Kaspersky never blocks my vbs files), and its heuristics detection never flagged any of my vbs files as malicious. The file that was blocked only contain a command to start a built in windows program for taking screenshots.

    100% of the "vendors" agree that the files are indeed, not malicious. How can a scr𝗶pt file that contains code that automates launching of legitimate built-in windows programs considered as malicious? BD's antimalware that blocks everything based on file type is lazy and avast's heuristics from a decade ago has more common sense in differentiating between malicious and harmless scr𝗶pt files.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    Options

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • chiyaki
    chiyaki
    edited November 2023
    Options

    The problem was resolved by substituting it with AVG. So far, AVG doesn't block any of my harmless scr𝗶pt files.

  • Alexandru_BD
    Alexandru_BD admin
    edited November 2023
    Options

    If I understand this correctly, it's about a vbscript that launches a bat. file. The location is suspicious, we don't know what the .bat file is, so it could very well be malware. The vbs skript itself is just a launcher.

    Premium Security & Bitdefender Endpoint Security Tools user

  • remember_username
    edited November 2023
    Options

    launches a bat. file

    No. It launches snippingtool.exe:

    You're referring to this post by some other user, which mentions a .bat file

    ----------------------------------------------------------------------------------

    so it could very well be malware

    Bitdefender is wrong. Snippingtool.exe is not a malware. The issue is why BD blocks all of my vbs scr𝗂pts regardless of their content. This is one of the scr𝗂pts:

    Dim objShell
    Set objShell = WScript.CreateObject( "WScript.Shell" )
    objShell.Run("snippingtool.exe")
    Set objShell = Nothing
    
    

    ▲ as you can see it launches "snippingtool.exe" without specifying a path. It means that it launces the executable exe file which belongs to the Snipping Tool process which comes along with the Microsoft Windows Operating System.

    I don't write or embed cmd commands in my vbs scr𝗂pts. I also run a vbs scr𝗂pt that comes with Easy Context Menu and BD also blocked it. CLearly, as posted by some other user regarding the same issue, BD has a problem with vbs scr𝗂pts.

  • remember_username
    edited November 2023
    Options

    Sorry to bother you. I left (and several others) a suggestion on making Bitdefender's main window resizable but until now there has been no improvement and that was posted around 14 years ago. Asking something like the issue above is futile as developers don't really listen to feedback. LOL

    Don't respond to this thread, it's a waste of time.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    Options

    To add here, Bitdefender on VirusTotal is signature-based, created by malware researchers. In contrast, Bitdefender Theta is machine learning-based. The component blocking your file is advanced threat defense (behavior blocker), which will not be displayed on VirusTotal.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Alexandru_BD
    Options

    Snipping tool is legit of course. But vbs skript combined with cmd/bat and exe... I'm not surprised that it returned a detection. As you've mentioned you changed the security provider, how does the new solution compare?

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • remember_username
    edited November 2023
    Options
    Dim objShell
    Set objShell = WScript.CreateObject( "WScript.Shell" )
    objShell.Run("%any executable file%")
    Set objShell = Nothing
    

    ▲ Not malicious. I'm the human checker of my own programs and scr𝗂pts. Compared to BD's "artificial intelligence," in this specific context and scenario, my common sense works better.

    I know what the scr𝗂pts can do when I wrote them. I only reported the issue here as to why harmless files are blocked.

    Among the free antivirus options I've tested—like Windows Defender, Malwarebytes, Avast, AVG, Kaspersky, Bitdefender, and Avira—only Panda has been the least intrusive. It doesn't cause slowdowns while I'm using Photoshop for tasks like saving, pasting image data, exporting files, and converting images. Other antivirus programs slow down my computer, even though it has a powerful Core i9 processor and RTX GPU. A good antivirus should perform well, even on a computer with basic specifications.

    To avoid harmful software, I usually create my own tools, like vbs scr𝗂pts and desktop apps, to automate my work. However, many security programs block these custom scr𝗂pts and programs. It's annoying that a 30-second behavioral analysis prevents my executables from running; wasting both time and money.

  • remember_username
    edited November 2023
    Options

    So to summarize your claims, Bitdefender is correct to flag my executables and scr𝗂pts, written in Visual Studio, as "malicious," when all the other free AV I have tried on my PC have found them harmless—during behavioral analysis and on-demand scans.

    Yes, I have uploaded the scr𝗂pts to Virustotal but I also tested six AVs on my PC. AVG and Avast launched behavioral analysis but found nothing.

    To add here, Bitdefender on VirusTotal is signature-based, created by malware researchers. In contrast, Bitdefender Theta is machine learning-based. The component blocking your file is advanced threat defense (behavior blocker), which will not be displayed on VirusTotal.

    Signature-based, heuristics, and so on. These concepts went into my college research paper on security solutions from 15 years ago. I'm aware of these detection techniques.

    I don't think that it's smart enough to distinguish harmless files from malicious files. It should exert its efforts on obvious malicious behavior, that is, a significant deviation from "normal" program behavior. Therefore, it needs more training data.

  • Rasit
    Rasit
    edited June 1
    Options

    So… I created a vbs scr1pt to launch Thunderbird at Windows Startup, with delay:

    On Error Resume Next

    ' Connect to WMI service
    Set objWMIService = GetObject("winmgmts:\.\root\CIMV2")
    If Err.Number <> 0 Then
    WScript.Echo "Failed to connect to WMI service. Error: " & Err.Description
    WScript.Quit(1)
    End If

    ' Query for running instances of thunderbird.exe
    Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = 'thunderbird.exe'")
    If Err.Number <> 0 Then
    WScript.Echo "Failed to execute WMI query. Error: " & Err.Description
    WScript.Quit(1)
    End If

    ' Check if any instances are found
    If colItems.Count = 0 Then
    WScript.Sleep 20000
    Set WshShell = CreateObject("WScript.Shell")
    WshShell.Run """C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk"""
    End If

    On Error GoTo 0

    But Bitdefender blocks it.


    I added it to exceptions:

    But still blocks it.


    The notifications says it got blocked by Advanced Threat Defence:

    And I can't enable the "Advanced Threat Defence" option in "Manage Exceptions" because it's greyed out…



    Now what?

  • Scott
    Scott Defender of the month mod
    edited June 1
    Options

    Hello,

    Advanced Threat Defense is only for .exe files, thus it is grayed out. Try disabling Bitdefender Shield in the AV Advanced settings, and FWIW, disable ATD, then add your above file path into Exceptions, re-enable the two components, restart you PC and see if it still gets flagged.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Scott
    Scott Defender of the month mod
    edited June 1
    Options

    Well, 1 out of 3 isn't bad…LOL, but regarding the other two links you provided, I have no solution for those.

    I did have a time where I needed to tick the firewall confirmation box 2-3 times in order for BD to keep and Allow an app through, but nothing like your video shows.

    And as far as Thunderbird, that also seems to be an ongoing issue as well as with some others. If you type Thunderbird in the search bar at the top of this webpage, you'll see what I mean. At times it's not only BD, but some of the other AV's can have misc. issues with T-Bird as well as with Outlook.

    I hope you have a good weekend.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Rasit
    Options

    Aaaaand I'm out of luck again… 5 mins ago I booted my pc and Bitdefender blocked my ****** again…

    It was a nice 4 days long ride tho, thanks to you. I really appreciate it. Unlike BD devs, you actually tried to solve my problem and even did, for a couple of days.

    I'm super fed-up with Bitdefender's bugs and not getting solutions from BD, so I don't plan to renew my license. I may even leave it before my license expires because it keeps actively interrupting my workflow with new problems again and again. I need stability.

  • Scott
    Scott Defender of the month mod
    edited June 5
    Options

    Bummer, at least it was a "fun" 4 day ride. Thank you for the kind words, though :)

    Scott

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/