List of BUGs to fix in the Home versions.

Nunzio77

Hi,
Below is the list of bugs that I think Bitdefender should work on as a priority before thinking about any new implementations. Obviously this has the sole aim of suggesting improvements that serve to make both the free version and the paid version increasingly competitive compared to the competition. I believe in the security and quality of Bitdefender products:

• Reduce the impact of the use of resources on PCs even for older PCs (with the high cost of living and costs, many have non-latest generation PCs) especially in terms of CPU use during system scans or external drives that during signature updates;
• Malware removal times are too long;
• Secure search function. Currently not working in Chrome and Edge, is the cause probably a browser setting? Ok so if it can't be solved it can also be removed otherwise users will be given false expectations. With the Traffic Light extension you have the same safe search function that works;
• Prompting to scan when inserting a USB drive if set to "on demand" does not work. Only automatic scanning works, but it requires high CPU usage and takes a long time, especially if the USB drives are large and have many files. So it would be necessary to impose (at the user's choice) a quick scan or run an "on request" scan so that the user can choose;
• When updating the antivirus version, avoid triggering the Windows Security notification that says the system is not protected. The system remains protected because the basic security processes remain active during the update phase, but with that notification from the Windows security center the average user does not know it and goes into alarm. So either you decide to have the update performed after restarting your PC or you try not to trigger the Windows Security Center notification;
• The free version should now also have the included ransoware recovery option active. Other free AVs have second defense protection against ransoware in the free versions;

Obviously if anyone has other bugs that I missed, please add them. 😉

Thanks for attention. 🙂

@Alexandru_BD @camarie Please export it to engineers and developers.😉

Scott

@Nunzio77 there are a couple of other things that I could add to your list, but it's been a while so they may have been resolved by now.

Regarding the Ransomware feature missing in the free version, I have no problem with that in this regard. It may be a shrewd business decision to not include it. Give people the incentive to at least upgrade to the AV+ along with all the other features that are disabled in the free version(s).

If other AV's want to provide that in their free AV, that's okay, but a lot of those people are content with the free version and never support the company by buying a paid version, let alone that they should get full fledged support for a free version? In a way, you may as well use "hardened" Windows Security (includes ransomware), maybe even WFC (which both are using the Windows system environment) uBlock and TrafficLight and have a very competent free security setup.

Just my 2 cents worth, okay, maybe 50 cents worth, lol

Nunzio77

@Scott you're right about second level ransoware protection, it's certainly a corporate choice but they could include it given that direct competing free AVs have included them. In my opinion, it would be useful to push more users to choose Bitdefender Free instead of others and then possibly switch to the paid version to have more protection components.

However, the most important thing is that the other bugs mentioned are resolved as soon as possible.😉

Flexx

@Nunzio77, @Scott there are bugs everywhere, be it in software or in nature😂😂😂

@camarie, the bug list is extensive, with this post covering only a fraction of it. Despite Bitdefender continuously adding new features, the memory usage problem persists without a clear solution. The forum is packed with complaints about Bitdefender's Home product. While there's a support article ( https://www.bitdefender.com/consumer/support/answer/87461/ ) on reducing bdservicehost resource usage, it was only created after users reported the issues and isn't very useful. Sending logs to support doesn't yield any results. It would be beneficial if Bitdefender prioritized fixing the memory issue instead of adding new features for a while. All developers should collaborate to tackle this.

Regards

Alexandru_BD

Hi,

Wow, that's indeed an extensive list. I think that first of all the difference between 'bug' and 'intended behavior' must be made.

A bug is a flaw, an error, or a defect in a program or system that causes it to behave unexpectedly or produce incorrect results. Intended behavior is how the software was designed to function.
The FAD approach involves breaking down the system into smaller, manageable features and designing each feature individually before integrating them into the overall system design. This emphasizes iterative development and continuous refinement of features based on user feedback. And that's pretty much what we do here, we gather feedback (for which we are most grateful) and forward it to the development teams for analysis.

While I cannot comment on the first 4 points, for #5 I can reiterate an explanation that I've posted a while ago on the forum, although I don't recall the context exactly, I believe there was a user who complained about the update notification. In newer versions of Windows, shut down or sleep is no longer equal to restart, due to performance considerations of the operating system. So unless the user explicitly restarts the system, he would no longer be able to replace the update files as he used to do before - that's about what was wrong with deferring service restarts until the machine is restarted the way they used to be. That's why a new flow appeared, so that we can allow updates to be carried out when necessary and ensure the devices are restarted properly.

As the update notification says, Bitdefender services will restart. This means that Windows will give the user a message that he is no longer protected in the few seconds that Bitdefender services stop and start. It is important, however, that the user sees this pop-up from Bitdefender before seeing the message from Windows, because otherwise it will seem like there is a problem with the antivirus. I'm not sure if the Windows Security Center notification can be silenced in this scenario, but I think that if there was a possibility, the developers would have implemented it.

In regards to #6, I think this is more of a business decision that I cannot comment. But your feedback has been noted regarding this.

For the remaining points, I summon @camarie as well. I'm sure that if he has insights or news he will share them with us, if possible.

There's one more thing that I wish to add here and this is something that we have already debated on a number of occasions, either following reports from affected users, or simply to understand more about how CPU usage works in conjunction with the antivirus. Although we have indeed received several reports concerning abnormal usage of CPU disk and memory usage by bdservicehost, this must be taken in the user's context and cannot be handled with universal approach, since tests and investigations revealed that this is NOT a general issue that all users encounter.

Sending logs to support doesn't yield any results - @Flexx, it does yield results, because this way the engineers can find out what exactly is causing the high resource consumption and they can take it from there. My question for you is this: how many confirmations of successful fixes have you seen on the forum, once the users contact the support teams? I'll tell you, not many. Why? Because most of the time, the users who solve their problem via Support don't come back here to follow up on the resolution. So we are mostly exposed to situations where the users's inquiry couldn't be resolved, or is pending a response, or they encounter it again. My point is, here we only see one side of the story and don't really get the full perspective. So, your assumptions are only based on what you are exposed to here, and that's only natural.

As with every troubleshooting, there are certain steps to follow and in the case of CPU usage, first it must be determined if the recommended system requirements are met, then Bitdefender Shield and Advanced Threat Defense should be turned off to identify which one could be the culprit for the high usage, and the list of steps continues.

Alexandru_BD

Then there are other things that should be taken into account. During an on-demand or background scan performed by Bitdefender it is normal for CPU, RAM, and disk usage to increase. Scanning involves intensive processes that require significant resources to analyze files, folders, and system areas for threats. The temporary increase in resource usage that occurs during the Bitdefender system scan and quick scan is normal. It does not significantly slow down Windows and should not be interpreted as an issue.

bdservicehost is already designed to operate efficiently, however, if users encounter higher than expected CPU and memory usage, we must always take into consideration the user context. At first, it may seem that there's a problem and rightfully so, if the usage goes through the roof and the performance is affected, chances are something is not right or there is an incompatibility between the system and the antivirus. But before making any assumptions, there is always a checklist to follow, and in many cases this operation must be carried out by the Support teams, in the event the basic troubleshooting steps don't make a difference.

Sometimes, even adjusting the scanning options can make a huge difference. For example, you could schedule scans during periods of low computer usage or decrease the scanning frequency. Otherwise, if the antivirus is scanning the whole device whenever you have 20 tabs open and you are also streaming, writing emails and working in other apps, surely you will notice a decrease in performance. Setting exclusions can also help, if the problem appears only when using a certain program or when compiling software into a particular directory, etc. add those specific apps and the folders they are accessing to the exceptions list in Bitdefender.

Bottom line is, we need to take into account what else is happening on the device that may result in this high consumption. The usage context, available device resources and the PC configuration where Bitdefender is installed all play a part in this. I've said this before, the developers wouldn't create a software that is hogging resources and any vendor would get tens of thousands of complaints if that was to happen.

Gjoksi

@Alexandru_BD

Hi,

Wow, that's indeed an extensive post/comment.

Cheers.

camarie

About inclusion of a feature in a certain version of our products, this is not something I am involved it, and it is a business/management decision. On the scan various ideas, I forwarded a number of them to the appropriate colleagues, but I am not directly involved in those teams to-do list.

The number one issue it is for me the performance thing. But also here it's a tradeoff between features vs consumption. The number of moving targets (read: components running) is certainly several times higher than, say, 10 years ago, and as you correctly observed, an older PC or laptop might suffer more than a modern device because of this. (The same thing can be said regarding OS requirements, or even a regular browser - I am writing this from Chrome with 13 tabs opened, each one consuming some 160 MB memory, so 2+ GB just for one browser; comparing to this, the entire set of executables run by Total Security is in 7-800 MB). But aside this, we are committed this year to do a full analysis regarding the memory consumption and efficiency overall. It's just that is, as one might imagine, a daunting task which will require, most likely, several iterations, thorough analysis of the entire product, and obviously a nontrivial amount of time. From what we discussed informally in my team, this is scheduled to start shortly this month - but I cannot say how long it will take; obviously we have our regular things to do. We will keep posting messages of progress as soon as we have significant improvements.

Alexandru_BD

Thank you @camarie ! 👍️

Scott

https://community.bitdefender.com/en/discussion/comment/338739#Comment_338739

@camarie that is very encouraging to read and hear :) :) Thank you for your post.

"The number one issue it is for me the performance thing. But also here it's a tradeoff between features vs consumption. The number of moving targets (read: components running) is certainly several times higher than, say, 10 years ago, and as you correctly observed, an older PC or laptop might suffer more than a modern device because of this".

"But aside this, we are committed this year to do a full analysis regarding the memory consumption and efficiency overall".

Nunzio77

@Alexandru_BD and @camarie thanks very much! 😉💯

Flexx

https://community.bitdefender.com/en/discussion/comment/338736#Comment_338736

https://community.bitdefender.com/en/discussion/comment/338739#Comment_338739

@Alexandru_BD, my issue was related to logs for performance and high memory usage, which is the most common issue and not related to anything else. For other things, sending logs is a good practice.

At the same time, thank you for the information, @camarie. I hope this performance and high memory usage issue gets sorted out at the earliest opportunity.

Regards

Nunzio77

@camarie if possible, as you have already written, give priority to the performances to be improved and also to the recognition of USB drives with the "always ask" antivirus scan setting.

Thanks! 😉

SeriousHoax

I think one area Bitdefender should try to improve is the update process. Currently from I see is that Bitdefender on every signature update writes about 500 MB data on average. It seems Bitdefender downloads the update, verify it, move a large portion/the whole of the old database and create new database files containing older database + recently downloaded signature update. This process is rather lengthy, consumes decent CPU power with higher-than-average disk usage. But this 500 MB data written on average becomes 800+ to sometimes 1 GB when multiple updates are missed. I could be wrong, but it seems Bitdefender maybe once a day update its whole engine or something like that. I see that the folder in this region "C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner" changes its version number every day. When this happens, Bitdefender writes the most amount of data on disk. As I said, it could range from 800 MB to 1GB or maybe even more. So, this is a lot of daily disk writes IMO. It's also time consuming compared to other products.

Now I have to give some comparison to properly elaborate it as well as I can.

In comparison, Kaspersky writes from 110-180 MB data on each signature updates. They release less signatures everyday compared to Bitdefender as they rely on their cloud a bit more for detecting new malware.

ESET also have similar disk writes like Bitdefender from 480-700 MB on each update (depending on files on your PC as they scan some areas after every single update), but their update process is somehow ridiculously fast. Only take 5-6 seconds for the update process. Some excessive disk writes come from their startup scan which they perform after every signature update which is a bit strange.

Avast takes a different approach. They use streaming signatures. They download 2-3 KB file every couple of minutes. So, their product and users are always up-to-date. No need to download signatures 5-6 times a day, no need to worry about missing signature updates. They seem to update their whole database once or maybe twice per day. This way they keep their users up to date with almost no impact caused by the signature updating process.
I don't think Bitdefender can come up with something like this as this would need a massive change both on the product as well as on the cloud infrastructure. Then again, I see online that higher tier Bitdefender Enterprise can be used completely cloud-based way without any local signatures. So, cloud-based detection with less database on the disk is probably possible.

My last example is Sophos. I haven't noticed this by myself but a friend of mine told me that Sophos update small updates every day a couple of times which is separate from their main signature database. For a whole month, the update is downloaded on that particular set of separate database and then every month they merge these daily updates to their main database and repeat the process the next month. For the whole month the size of the database is around 30 MB. This way Sophos also keeps things small avoiding any performance impact caused by the update process.

Maybe a method similar to Sophos can be achieved by Bitdefender.

In the days of SSDs with limited TBW (Tera Bytes Written) value, writing too much data on SSD for updating signature alone is not very ideal IMO even though modern SSDs have very high TBW values. The update process is a nightmare for HDD users. Bitdefender should also probably try to reduce the size of their database. It's quite bulky it seems. Probably the largest in the entire AV industry. Products like Kaspersky, Avast, Norton offload many not so important signature databases to their cloud which helps to reduce the size of local signatures. Also, in my experience Bitdefender often creates IMO many useless signatures that can only detect the particular submitted sample. ESET and Kaspersky are the two most efficient products in terms of signature creation. They try to identify the behavior in the code, create a heuristic type signature if possible, to detect similar malware in the future rather than creating one that detects that particular file only. I'm saying this from the experience of submitting samples to all security vendors (I could be wrong on some things but mostly I'm accurate).

Here's Bitdefender downloading signature update to the "Antivirus-NewTemp" folder.
Yesterday (I think) the main database was in the "Antivirus_73035_015" folder. Tonight after running the VM the new database was created in the "Antivirus_73044_016" folder.
For this, 1.09 GB data was written by the "downloader.exe" process which downloads the update and "testinitsigs.exe" wrote further 360 MB which is responsible for verifying the downloaded database, I guess.
So about 1.36 GB data written for 1 update session. The next signature update would write 400-500 MB more data and so on.
The database and the update process need to be optimized to reduce database size, disk writes and improve signature updating performance.

I hope this is something the Bitdefender team prioritize.

Please correct me if I've unintentionally provided any wrong information @camarie @Alexandru_BD or anyone else.

Flexx

https://community.bitdefender.com/en/discussion/comment/338915#Comment_338915

ESET also have similar disk writes like Bitdefender from 480-700 MB on each update (depending on files on your PC as they scan some areas after every single update), but their update process is somehow ridiculously fast. Only take 5-6 seconds for the update process.

I totally agree with you. Also, they update the signatures every 4 hours.

ESET and Kaspersky are the two most efficient products in terms of signature creation. They try to identify the behavior in the code, create a heuristic type signature if possible, to detect similar malware in the future rather than creating one that detects that particular file only. I'm saying this from the experience of submitting samples to all security vendors (I could be wrong on some things but mostly I'm accurate).

It's a bit disappointing that Bitdefender hasn't been able to incorporate the generic detection method, despite my repeated suggestions. Having to submit the same sample multiple times for different versions can be a bit time-consuming for both users and the malware research team. On the other hand, I really admire ESET's approach with their simple and small signatures, along with their effective generic detection method. It would be wonderful if Bitdefender could improve their detection process in the future.

@Alexandru_BD, could we possibly get Bob back to chat about the signatures?

Regards

Nunzio77

https://community.bitdefender.com/en/discussion/comment/338915#Comment_338915

I concorde with you!

Alexandru_BD

Cheers @SeriousHoax and thank you for sharing your comprehensive analysis here. I have forwarded your findings to our product development teams for consideration and they'll know what to do next. 😉👍️