[escalated] Port Scans - Old 2012 Problem In 2013

So I'm experiencing an issue that I've read was originally fixed in 2012.


I'm seeing my primary and secondary DNS servers show up with 'port scan detected' messages.


In addition, as others have noted, my home server running Windows Home Server 2011 is showing up as port scanning as well.


Somewhat irritating since I cant seem to suppress the messages.

Comments

  • Hi. What DNS server addresses do you currently have set? Is it automatic from your ISP? Try changing it to 4.2.2.2 and 4.2.2.1 and see if it makes a difference. smile2.png

  • Same problem here, I`m connected through wireless router and there are frequently "port scan blocked" alerts from the router`s primary IP address(the primary DNS sever). Can it be fixed?

  • This strange firewall behavior continues even with zone set for the same router primary IP(192.168.1.1)


    Despite "allow" zone for that adapter still frequent UDP port scan block alert persist


    Any support response?


    I don't think turning off port scan would be proper solution

  • Hello :)


    A product update was released. Your build should be 16.24.0.1682(please right click on Bitdefender icon from system tray-near the clock-and choose "About". You should see in the left side the build number).


    In order for the product update to be installed, you need to reboot your machine(you should see in the Events -> "Reboot required" under the Update module).


    Changelog:


    http://forum.bitdefender.com/index.php?sho...st&p=164968


    http://forum.bitdefender.com/index.php?showtopic=35499


    Let me know if the situation is solved.


    Have a nice day.

  • Same problem.


    My build is 16.24.0.1682


    Keeps popping port scan alerts.


    For local IP 192.168.1.106


    Remote IP 192.168.1.17


    Created a rule for 192.168.1.17 with allow permission.

  • Georgia
    Georgia ✭✭✭

    Hello everyone,


    Before going any further with the investigation, could you please post back and tell me if the port scan messages persist with the new build 16.27.0.1763 ?


    Thank you, looking forward to hearing from you all. :)

  • Hello everyone,


    Before going any further with the investigation, could you please post back and tell me if the port scan messages persist with the new build 16.27.0.1763 ?


    Thank you, looking forward to hearing from you all. :)


    I am constantly getting "Port Scan Blocked" messages from my own router's IP (192.168.1.1) and I have build 16.270.0.1763


    I have added the router's IP to my "Allow" list and changed the Network profile to "Trusted", and neither seemed to help. I am still getting these messages.

  • Any luck resolving this? All of the false alarms are very annoying.

  • ...the same here.


    I am using Internet Security 2013 Version 16.27.0.1763 with Windows 8


    It is really a mess that this problem is occuring again from release to release. <img class=" />

  • Georgia
    Georgia ✭✭✭

    Hello,


    Thank you all your posts.


    I am writing to inform you that we are working on solving this issue. Could you please test to see if the alert 'port scan detected' also appears each time you access a website?


    Looking forward to hearing from you.

  • Hello,


    Thank you all your posts.


    I am writing to inform you that we are working on solving this issue. Could you please test to see if the alert 'port scan detected' also appears each time you access a website?


    Looking forward to hearing from you.


    It doesn't appear EVERY time for me, but it appears way more often than it should. Haven't you guys got this fixed yet? I bought your software and am thinking about uninstalling it because of this.

  • columbo
    edited March 2013

    Yes, at least for me, it is when I'm surfing, especially when I go to a new link and it brings me to a new tab (Firefox). It was pretty consistent a couple of weeks ago, but seems to have settled down, at least on my Windows 8, BD W 8 Security PC.


    I think I had a port scan a day or two ago on my Windows 7, 2013 Internet Security PC.


    I am mainly using a wireless notebook. It is always showing me my default gateway, and subnet mask address in Event details


    post-4566-1364383754_thumb.png

  • Georgia
    Georgia ✭✭✭

    Thank you for your feedback, we are still working to fix this.


    Please test to see if the number of blocked port scans decreases after choosing "Allow" for Windows Explorer traffic on HTTP (from Settings > Firewall > General rules ).

  • You're welcome :) Thanks for the progress report.


    For me, on Windows 8 with BD W8 Security, it seemed to have really settled down. I will try to use my Windows 7 partition more which has the 2103 IS version, changing that setting. (yes, as as the default setting is Deny) I take it the other Firewall/Privacy/Antiphishing settings will cover that setting being set to allow?

  • Thank you for your feedback, we are still working to fix this.


    Please test to see if the number of blocked port scans decreases after choosing "Allow" for Windows Explorer traffic on HTTP (from Settings > Firewall > General rules ).


    Hi Geeorgia


    With reference to the below topic for explaination of Firewall General Rules, I am interested to know how the rule "Windows Explorer traffic on HTTP" is related to Port Scan Attempts.


    http://forum.bitdefender.com/index.php?showtopic=33576


    I also experienced this issue in the 2012 version also, (http://forum.bitdefender.com/index.php?showtopic=27799), and the topic was closed without the fix and response from the users.

  • Hello :)


    Here it goes:-------------------


    --------------------------------


    6. All traffic made via HTTP or FTP by Windows Explorer is blocked because malware can use the process to connect to compromised servers.


    Have a great weekend!


    You're welcome :) Thanks for the progress report.


    For me, on Windows 8 with BD W8 Security, it seemed to have really settled down. I will try to use my Windows 7 partition more which has the 2103 IS version, changing that setting. (yes, as as the default setting is Deny) I take it the other Firewall/Privacy/Antiphishing settings will cover that setting being set to allow?


    Thanks for that link, ONT, as it must have been set to deny for a reason. I guess we consider this a experiment in seeing if it helps for now, until a final solution is released? Hopefully until then, the other components of BD keep us secure, for those of us trying that setting.

  • Still nothing, huh? Looks like I am going to uninstall BitDefender and go with another product :(

  • columbo
    edited April 2013

    Hi douglasbarbin


    Did you try this, as a test, to see if it worked on your end, post# 14? http://forum.bitdefender.com/index.php?s=&...st&p=181063


    It seems to have helped settle things down for me. The Security issue is still a question, post# 16, but for now may help the techs. figure this one out :blink:

  • Hi douglasbarbin


    Did you try this, as a test, to see if it worked on your end, post# 14? http://forum.bitdefender.com/index.php?s=&...st&p=181063


    It seems to have helped settle things down for me. The Security issue is still a question, post# 16, but for now may help the techs. figure this one out :blink:


    I really don't want to open the firewall to allow all Windows Explorer HTTP traffic. If I'm going to do that, I might as well not have the firewall.

  • columbo
    edited April 2013

    Understood, as those were ONT's and my concerns also. (posts# 16-17)

  • I have the same issue.


    On my Windows 8 laptop, BitDefender Windows 8 Security informs me several times a day that it blocked a port-scan from either 192.168.1.1 (It's my main router, Linksys E4200) or from 192.168.1.118 ( the Linksys RE1000 Wireless-N Range Extender). I've had BitDefender for 6 months but those pop-ups started recently, only three weeks ago.


    First, I did not pay attention to those "blocked port scan" messages but I've started experiencing Wi-Fi Network Connections Drops. I followed Christian's rules and created a zone for those addresses.


    ===================================================


    http://forum.bitdefender.com/index.php?showtopic=39492


    "Now please check if the issue persists. If it does, please create a zone for the device's IP address:


    - open Bitdefender


    - click on Settings


    - go to Firewall module and click on the Advanced tab


    - turn ON "Internet Connection Sharing" and turn OFF "Block port scans"


    - then click on Settings tab


    - click on Adapter rules


    - select the corresponding adapter and click on "Add zone" button


    - select the IP address from the list or enter it manually, set Permission to Allow and click OK.


    ===============================================================


    At this moment, I cannot say my networking problems are related to BitDefender's blocking port scans from my router/extender.

  • Another problem for a community member to fix?

  • The subject issue is in 2014 beta version also, when I report this, I got the reply


    "This is the default behaviour for some routers, to scan the LAN. In order to stop receiving the alerts, please add your adapter settings to Trusted, with Stealth set to Remote."


    It seems that Bitdefender can't differentiate that this is the MODEM/ROUTER IP unlike other security softwares on the same MODEM/ROUTER, I've verified from them on my network.

  • Could you at least tell us how turn the ###### notifications off? I have status alerts for Firewall turned completely off, and I still keep getting Port Scan Detected messages every 30 seconds or so.

  • This has been an ongoing issue for at least 6 months, and the only response we can get is "try updating to the latest version", which never fixes the issue. Good job, BitDefender. You are really going to keep customers like this.

  • Georgia
    Georgia ✭✭✭

    Hello all,


    A quick solution for the encountered issue is to upgrade to The New Bitdefender. The upgrade is absolutely free of charge and due to the many improvements brought to this lineup any issues you may have encountered with your current product are now solved.


    In order to upgrade to the new version please follow the steps below:


    http://forum.bitdefender.com/index.php?act...f=366&id=58


    From now on, post in this area of the forum in case you encounter further issues after the upgrade:


    http://forum.bitdefender.com/index.php?showforum=360


    Thank you.

This discussion has been closed.