Loki / PE-Sieve reports implanted process - False Positive?

Hi, there

running a scan with the tool loki (using PE-Sieve), it gives a warning:

20240520T10:22:06Z HOME LOKI: Warning: MODULE: ProcessScan MESSAGE: PE-Sieve reported implanted process PID: 2952 NAME: bdservicehost.exe OWNER: SYSTEM CMD: "C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe" "settings/services/configs/bdshieldsrv_config.json" PATH: C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe IMPLANTED PE: 5 IMPLANTED SHC: 0

I checked the signature in windows explorer and it says that the signature is valid. Is this warning a false positive or do I need to dig deeper / take precautions?

Tagged:

Best Answer

  • Alexandru_BD
    Alexandru_BD admin
    edited May 21 Answer ✓

    Hello @dartyang,

    I would recommend to contact Bitdefender support to inquire about the specific warning. Provide them with details from the LOKI and PE-Sieve scan, including the hash and the context of the warning. They can confirm if the detection is a false positive or if further action is needed. You can get in touch with the Bitdefender engineers by choosing one of the contact channels listed here:

    https://www.bitdefender.com/consumer/support/help/

    State your contact reason, then choose from the available contact channels, chat, phone and email/ticket.
    Chat would be the fastest way to reach them.

    Let us know how it goes.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

Answers

  • Thank you Alexandru, I will let you know once I have an update.