[Fixed] Very Frustrating Problem With Bitdefender, Bandwidth Usage, Bandwidth Consantly And Massivel

123457

Comments

  • Shame on the developers. More than a year can not fix the problem. And if one has limited traffic, the user will have to pay, not you!

  • I'm having the same problem, started as soon as I installed BD IS 2013 (not surprisingly). Unbelievable that support can't be bothered to even reply to this thread let alone get the problem fixed. Looks like it's been going on for years and BD have just banked on people not noticing. Totally unprofessional, and what a bunch of monkeys they can't even fix a simple fault in 5 years! I'll certainly not be renewing BD and I'll be posting everywhere to warn other people not to buy it.

  • F3TiSH
    edited June 2013

    It's incredible that after so many months this issue was not fixed by BD staff. Not only lack of official fix for this problem, but also complete ignorance from creators of bitdefender. Just....incredible. I don't understand how this program gets so good ratings compared to other solutions. This is not minor problem that can be ignored, it's huge for someone with low speed connection. I made account on this forum just to say that and bump this thread.

  • Only one way is change Bitdefender to another good internet security like F-Secure 2013. They have bitdefender engine and good rating in a lot of test. My computer and INTERNET works perfect. Regards

  • Hello,


    Forty days after throwing away BD, I'm back just to say a big THANK YOU to BD staff who, finally, they've helped me (especially through this topic) open my eyes, realizing what kind of crap their product is.


    After 5 years using of BDIS & BD Win 8 Sec, it's the first time "Malwarebytes" cannot find any trojan in my system while free COMODO protects me, giving lessons about how an AV/FW should be for both novices and advanced users.


    THANK YOU BD staff, keep up the good work... <img class=" />


    My Best Greetings to my friends here!!! :)

  • ...and one more thing (for users):


    Pay NO attention to any comparison test. It's just a marketing game... ;)

  • I see that few posts from yesterday made by unhappy users were deleted.

  • ...and one more thing (for users):


    Pay NO attention to any comparison test. It's just a marketing game... ;)


    If the companies like AV and VB can be bribed then every antivirus product is under a question mark.

  • If the companies like AV and VB can be bribed then every antivirus product is under a question mark.
    ...which should (or not) be turned into another mark, under our experience...And that's (nowadays) life :)


    My Best!

  • If the companies like AV and VB can be bribed then every antivirus product is under a question mark.
    ...I've just found this. Bellow 3rd post there is a very interested dialog between our "guards"...dedicated to all who "In God We Trust" -_-


    Have fun with your new myth... :)

  • ozziebear
    ozziebear ✭✭✭
    ...I've just found this. Bellow 3rd post there is a very interested dialog between our "guards"...dedicated to all who "In God We Trust" -_-


    Have fun with your new myth... :)


    very interesting werby3....very interesting

  • ...I've just found this. Bellow 3rd post there is a very interested dialog between our "guards"...dedicated to all who "In God We Trust" -_-


    Have fun with your new myth... :)


    This is scary. And if it's true then which antivirus is good?

  • New Bitdefender Internet Security 2014 nothing change with this problem of bandwith usage and speedtest. So this topic nothing has changed. We can write and write with no result. Maybe Bitdefender Internet Security 2020 will not have this problem :D

  • New Bitdefender Internet Security 2014 nothing change with this problem of bandwith usage and speedtest. So this topic nothing has changed. We can write and write with no result. Maybe Bitdefender Internet Security 2020 will not have this problem :D


    Serious? Bitdefender 2014 still has this issue? <img class=" />

  • Unfortunately yes. I just install Bitdefender 2014 and the problem is the same...

  • This is scary. And if it's true then which antivirus is good?
    That's a very good and simple question.


    The answer is also very simple: NONE of them especially for what they promise.


    So, you/we have to seriously think about and if we have to pay for that kind of products and especially about and if we can trust comparison tests.


    Serious? Bitdefender 2014 still has this issue? angry.gif
    You will never see anything about it in tests and reviews...


    Regards!

  • Unfortunately yes. I just install Bitdefender 2014 and the problem is the same...
    Perhaps, a research for a relation between BD company and telecommunication companies (charging per MB) will solve the problem.


    Regards!

  • Does the patch which works with BD 2013 still work with 2014 series?

  • Same issue here on Win7 64 bit. Happened when watching youtube vids on FF but didn't realise that was what is was. Really had an issue pinning it down and used a packet sniffer eventually to track the usage and post on BD forums which lead me here.


    I wonder how much money has been spent by non technical people on tech support or bandwidth costs because of this issue...?


    Shame as I really like BD but maybe back to Kaspersky??

  • Hello. Only one way to disable high usage of bandwidth is install TcpView for Windows and manual disabled "Fin Wait" connections or install, like me, different Internet Security.

  • Hello,


    Final Version 0.1


    http://www17.zippyshare.com/v/53614871/file.html


    (I have made the installer, add support for all ports, and made the program stard automatically at Windows Startup)


    [iNSTALL]


    1) Delete any previous version of the fix.


    2) Just launch the setup.exe on your computer, and it works!


    [uNINSTALL]


    Go to: C:\Program Files (x86)\BitdefenderBandwidthFix\ and click on unins000.exe.


    [REQUIREMENTS]


    About 1 MB of RAM Memory only!


    Thanks.


    There is also the above solution, created by JoshY.


    It is not a patch, it's a standalone app thus, it should work with any BD release.


    For further adjustments on this app, after installation, you may go to "Task Scheduler".


    Regards!

  • ...in addition


    NOTE: For the above Joshy's solution to work, Visual C++ 2012 (x86 by Microsoft) must be installed.

  • I was having this problem, the solution is to download bitdefender offline kit and install with your network connection disabled and once the activation page shows up enable your network, i installed 2014 ts yesterday and i am not having this issue anymore.

  • ...and i am not having this issue anymore...
    ...until you rediscover it. :)
  • I was having this problem, the solution is to download bitdefender offline kit and install with your network connection disabled and once the activation page shows up enable your network, i installed 2014 ts yesterday and i am not having this issue anymore.


    This seems to have solved the problem for me, as well. I've had no problems with Youtube for two days now. The 2013 version always had the problem.


    Just to be sure everything goes well I disconnected the Internet before doing anything and reconnected it at the license activation screen. First I uninstalled Joshy's fix and then removed BD IS 2013 with the official removal tool. After restart I installed the new version using the offline installation kit.


    Looking good so far! Keeping my fingers crossed, though... I will report back at a later date.

  • ...Looking good so far! Keeping my fingers crossed, though...
    Hi qazserNOS,


    Can you please try to connect to this site and see if it's still happening?


    If so, do not blame the site cause w/o BD there is no problem.


    THX

  • Hi qazserNOS,


    Can you please try to connect to this site and see if it's still happening?


    If so, do not blame the site cause w/o BD there is no problem.


    THX


    I spoke too soon in my previous message... I didn't even have to test your link. After reloading a Youtube page several times (was changing some browser plugin settings) the problem reoccurred. Bandwidth usage continued even after closing the browser. Then I installed the Joshy's fix and instantly my bandwidth usage died off.


    Sorry for getting your hopes up! :D At least I was happy for a couple of days.

  • werby3
    edited July 2013





    :D with BD :P
  • ...and DO NOT FORGET...

    Hello,


    Final Version 0.1


    http://www17.zippyshare.com/v/53614871/file.html


    (I have made the installer, add support for all ports, and made the program stard automatically at Windows Startup)


    [iNSTALL]


    1) Delete any previous version of the fix.


    2) Just launch the setup.exe on your computer, and it works!


    [uNINSTALL]


    Go to: C:\Program Files (x86)\BitdefenderBandwidthFix\ and click on unins000.exe.


    [REQUIREMENTS]


    About 1 MB of RAM Memory only!


    Thanks.

    ...above solution, created by JoshY, eliminating remaining connection problems.


    It is not a patch, it's a standalone app thus, it should work with any BD release (and against their willingness).


    For further adjustments on this app, after installation, you may go to "Task Scheduler".



    NOTE: For the above Joshy's solution to work, Visual C++ 2012 (x86 by Microsoft) must be installed.


    Regards!


  • NOTE: For the above Joshy's solution to work, Visual C++ 2012[/b] (x86 by Microsoft) must be installed.


    Regards!


    Okay, Werby. It's been awhile but a few minor health problems have kept me away for awhile (that and a lot of business on the road). When I look at that little executable you recommend so highly, guess what? It's built against the Java GNU C libraries and built with MINGW (GNU Portable tools/cross compiler environment for Windows). These strings appear in the executable you're referring people to. So, it's a Java program built with GNU tool set built with MINGW, not the Visual Studio 2012 IDE. So my question to you is: How do you know what's in that executable?


    Here's a string dump from this executable (starting at address 0x1400 for people with dump or hexiwin)


    .rdata:00403000 0000000E C libgcj-13.dll


    .rdata:0040300E 00000014 C _Jv_RegisterClasses


    .rdata:00403028 00000018 C Mingw runtime failure:\n


    .rdata:00403040 00000031 C VirtualQuery failed for %d bytes at address %p


    .rdata:00403074 00000032 C Unknown pseudo relocation protocol version %d.\n


    .rdata:004030A8 0000002A C Unknown pseudo relocation bit size %d.\n


    Net net, you don't have to build it and it doesn't reference the MSVCRT DLL libs from VS2012 from what I can see (thus far).


    So, I don't know why that's there but it is making calls to IPHLPAPI but what's more interesting. It goes through and IPHLPAPI call, GetTCPTable which dumps all of the


    socket connections and looks for ones in FIN_WAIT_2 State (7 as defined by MIB_TCP_STATE_FIN_WAIT2). When it finds one, it then just closes off of the socket


    via SetTCPEntry and sets the state to MIB_DELETE_TCB_ENTRY (12, or 0xC)


    Here's the disassembly of that section of the code.. Note: Women and Children should avert their eyes.


    text:00401C40 loc_401C40:


    .text:00401C40 mov eax, [ebp+var_1C]


    .text:00401C43 mov [esp+40h+var_40], eax


    .text:00401C46 call malloc <-- allocate a chunk of memory


    .text:00401C4B mov edi, eax


    .text:00401C4D test eax, eax


    .text:00401C4F jz short loc_401CB4


    .text:00401C51 mov [esp+40h+var_38], 1


    .text:00401C59 lea eax, [ebp+var_1C]


    .text:00401C5C mov [esp+40h+var_3C], eax


    .text:00401C60 mov [esp+40h+var_40], edi


    .text:00401C63 call GetTcpTable < Store the TCB table in our chunk of memory


    .text:00401C68 sub esp, 0Ch


    .text:00401C6B test eax, eax


    .text:00401C6D jnz short loc_401CAC


    .text:00401C6F mov ecx, [edi]


    .text:00401C71 test ecx, ecx


    .text:00401C73 jle short loc_401CAC


    .text:00401C75 mov esi, edi


    .text:00401C77 xor ebx, ebx


    .text:00401C79 jmp short loc_401C84


    .text:00401C79 ; ---------------------------------------------------------------------------


    .text:00401C7B align 4


    .text:00401C7C


    .text:00401C7C loc_401C7C:


    .text:00401C7C inc ebx


    .text:00401C7D add esi, 14h < -- increment to next in the TCB list from GetTcpTable


    .text:00401C80 cmp [edi], ebx


    .text:00401C82 jle short loc_401CAC


    .text:00401C84


    .text:00401C84 loc_401C84:


    .text:00401C84 ; sub_401C18+8Fj


    .text:00401C84 cmp dword ptr [esi+4], 7 <-- is the TCB entry in MIB_TCP_STATE_FIN_WAIT2?


    .text:00401C88 jnz short loc_401C7C <-- branch around if it isn't


    .text:00401C8A mov dword ptr [esi+4], 0Ch <-- set state of the entry to MIB_STATE_DELETE_TCB_ENTRY


    .text:00401C91 lea eax, [ebx+ebx*4]


    .text:00401C94 lea eax, [edi+eax*4+4]


    .text:00401C98 mov [esp+4Ch+var_4C], eax


    .text:00401C9B call SetTcpEntry


    .text:00401CA0 push edx < -- increment to the next entry in the TCB


    .text:00401CA1 inc ebx


    .text:00401CA2 add esi, 14h


    .text:00401CA5 cmp [edi], ebx


    .text:00401CA7 jg short loc_401C84 < -- if we have more entries, do the next one in the list.


    .text:00401CA9 lea esi, [esi+0]


    .text:00401CAC


    .text:00401CAC loc_401CAC:


    .text:00401CAC ; sub_401C18+5Bj ...


    .text:00401CAC mov [esp+50h+var_50], edi


    .text:00401CAF call free


    .text:00401CB4


    .text:00401CB4 loc_401CB4:


    .text:00401CB4 mov [esp+50h+var_50], 7D0h


    .text:00401CBB call Sleep <-- Sleep for 2 seconds


    .text:00401CC0 push eax


    .text:00401CC1 jmp loc_401C40 <-- and do it all over again.


    .text:00401CC1 sub_401C18 endp


    Anyway, this is pretty much stock and nothing to worry about on this front, but I am worried about the other artifacts in the executable. Did somebody save Joshy's post with the source code? I haven't traversed the remaining functions because I wanted to get to the meat and potatoes as it were. So, here's the algorithm


    Look at all TCP/IP connections for ones in the FIN_WAIT_2 state


    if you find one, zap it


    rinse and repeat every two seconds.


    If you have a lot of connections, not very efficient but it'll get the job done as a Work Around not a FIX which is what I'd like to see ultimately from BD; like everybody else here.


    Oh here's a 2003 CodeProject snippit discussing this technique, which is valid. CodeProject ref from 2003.


    So, this isn't a FIX, Okay I will repeat one more time, not a FIX!!! It's a work around to a firewall issue. So before you go and download code from websites from people swearing that it's good stuff and virus free from some strange website, think for a minute.. If you don't like the firewall in BD, turn it off and disregard the firewall warnings and use something that begins with a Z and ends with Alarm. Or *gasp* use the Windows Firewall that comes with your O/S. I've done that in the past, I use it all the time on systems that don't have BD on them, they work just as well. But to me, this issue really is a NAT (as in small insect I can't see not Network Address Translation) for me but I have big fat network pipes (50meg+) with all you can drink broadband. I don't know, some guy in the UK or in some suburban H*E*L*L* hole use AOL may have problems with it. Sorry, I've just given you two extra alternatives outside of this; repeat: there's nothing wrong with using another firewall solution. Windows will b*i*t*c*h and complain just as much as folks in this thread if a Firewall is not on (that's a joke people) so unless you were dumb and disabled those messages it'll walk you through turning on Windows Firewall. If you're on XP, first you have my deepest sympathy, but here's a Windows KB article on how to do it. http://support.microsoft.com/kb/283673 Oh and by the way, Chris Lloyd just called he wants his Delorean back! ;-)


    Oh and in case you're wondering, there are other stateful, O/S based, firewalls that have the same issue. For example: IPTables in Linux can suffer from this where the firewall detects that the connection is over yet it then subsequently blocks the FIN ACK from the peer getting through, thus you have sockets in FIN_WAIT_2 state around for awhile until the TCP stack times them out and cleans the up. There are ways around it and they're well documented for those kinds of stateful firewalls.


    Also, please don't take this personally but this thread is getting old, I mean like stale, moldy. We were here back in January (and beyond) AFAIK, but still it amazes me why you guys want to trounce up and down in a forum over this. It's like the BD Firewall Zombies have arrived.. but instead of spouting "Brains! Brains!" it's "Firewall! Firewall! FINWAIT2! FINWAIT2!" Where's Brad Pitt when I need him? Better yet, I need Woody Harrelson and twinkies. Oh wait, I can't get twinkies just yet until the new brand owner starts production.


    I've sent e-mails to BitDefender on this, I've even opened ticket myself on this issue and this forum post (Ticket Number 201301301000873) on this and have yet to hear a reply since the last e-mail I had from Ionel Tuli, Bitdefender Technical Support Engineer on 1/29/13 indicating "This is the ticket id asigned for our conversation regarding the forum post." So, right now I'm frustrated because I can't ever seem to get a response to *most* of the tickets I've opened with BD Support, Parental Controls people seem to respond but not the AV or Firewall folks for some reason. I dunno, maybe they keep them in a closet, tied to the wall in chains? So, let me repeat, I haven't seen Joshy's source code and he hasn't published it online, curious, hey Joshy, Github is your friend. I do see a couple of weird things, and I'll follow up with that. The actual meat of the work-around is benign albeit brute-force. I don't know why his other thread was removed nor why it shows up as a Trojan (and not the

    . I haven't seen anything in the forensic work on the binary to lead me to believe that it is but I'm still looking at it and it takes a bit of time. Come to think of it Firewalls and AV are kind of like prophylactics but that's another topic.


    BD, let's fix this issue once and for all please. I have customers that I have personally recommend your Enterprise products to and this is not the kind of support I get from your commercial side of the house. So, once and for all please address this and your customers in a professional manner please.


    Oh and BTW, Werby, I thought you were leaving? My mistake? The Righteous Indignation is funny... If this product is causing the next zombie apocalypse in Europe or wherever because of connection speeds and costs, then buy something else but please it's getting old... If you hate BitDefender that much why do you keep coming here? We get the point, the message is understood, you've bought whatever from vendor x, good, happy, great but I come out here to learn and help once in awhile. I've been writing software for over 30 years all the way from end user apps, mobile apps to down and dirty device drivers on multiple platforms and I have never seen somebody as worked up over a COTS shrink-wrap product. If you read the Ts&Cs for Bitdefender you may just find that they're not liable for nuking your system or causing you pain or irritable bowel syndrome or more to the point the next zombie apocalypse.




    Don't take things so


    ;-)


    Oh and folks, don't download things from websites like zippy whatever until you understand what it actually does especially if it means creating exceptions in your AV software to make it work. There is one report on this app that it opens a port up to an unusual address, so I haven't seen that in the disassembly yet but I'll report back. YMMV


    @ BD Team


    Finally, because your practices and behavior makes me feel deeply insulted, it's impossible for me to continue using your product.


    Every time I see the "B" icon on my taskbar I feel like an idiot.


    I've already uninstalled BD and I never want to hear about you again.


    Once again:


    Shame on you for your practices!!!


    P S : If I was a Romanian citizen I would deeply investigate the reason of your denial and your fight against fixing this bandwidth issue. It would be very interesting...especially for clients who pay per MB for their connections...

  • ...bla...bla...bla. :wacko:


    If you didn't waste your time writing all those useless words, you would (probably) have noticed this: http://forum.bitdefender.com/index.php?sho...st&p=180985


    And as I have said to you in the past, fortunately, we are not Americans. :D


    Take care!!! :)

  • ...bla...bla...bla. :wacko:


    If you didn't waste your time writing all those useless words, you would (probably) have noticed this: http://forum.bitdefender.com/index.php?sho...st&p=180985


    And as I have said to you in the past, fortunately, we are not Americans. :D


    Take care!!! :)


    You so funny werby :blink: , I wish I could sit around all day and beat up on poor defenseless BitDefender. :rolleyes: But I have binaries to dissect. :ph34r:


    Ahh, three things...


    One, thanks for that code snippet, but it's not what's in the executable that's being delivered. a) That source doesn't match the actual binary code from the .exe from zippyland. Even with optimization you can't avoid checking for 80 or 443 since those constants are defined in that snipped. In text above, do you see 50h or 1BB being moved into a register checked for comparison like that 7 at .text:00401C84? (For those keeping up, there are a couple of refs to 50h but those are freeing memory, not for comparison against HTTP or HTTPS constants) And, checking for that in this context with that code source? It doesn't make sense. Also the WinSock2 library (#pragma ws2_32.lib ref) isn't being included in it either. IMO that's an early prototype. JoshY can confirm that, it's his code.


    Two, I can confirm that the binary distributed on zippland is being built by the MinGW toolset which is fine, but it's not being built by Microsoft Visual Studio as you led folks to believe. MinGW does rely on the MS Visual C runtime library, a very, very old version in fact Visual C version 7.1. See Here. I believe that's Visual Studio .NET 2003. I have t-shirts older than that, but that's another story. Again, that may be an oversight by JoshY there but it's another thing that just raises another question of what you really have here. Since you don't have the source, and you didn't build it, you really don't know what's there. That's one of my points here and I'm not trying to be mean spirited or a jerk, but purporting to say something is "safe" may not be the best train of thought. Oh and building with MinGW does include references to libgcj, don't ask me why but it's the way it is. So, my previous concern about libgcj is mute because that binary on zippyland was built using this framework, there's no hidden Java code.


    Third, I have one concern that leaped out at me tonight. This method looks at FIN_WAIT_2 states only. There's also FIN_WAIT_1 and CLOSING which I've also seen with this issue. This code doesn't address that. Another big concern is that every two seconds, like the grim reaper, this code goes through and flushes the connections regardless of how long they may have been in FIN_WAIT_2. Well, we know from this, it can't be longer than two seconds right? Why is this important? There *may* be a chance that data is still flowing between the peers on the socket. Not just streaming YouTube stuff, but important data, like your bank statement. For example: Peer A transmits lots of data, data packet 1, data packet 2,... , data packet n. Then says "I'm done, FIN" What happens to PEER B on the other side if he hasn't received all of the packets successfully and re-assembled them? Sure, Peer A is finished but there's still underlying TCP stack work remaining to be sure that we haven't lost data. It's possible, that you'll lose data when you don't want to lose it because here comes this code and *whack* every two seconds, you're in FIN_WAIT_2 and bye bye, tear down all the TCP stack structures. So what happens to PEER B and your data? It's not complete. This is a small chance granted but it's still there and may be exasperated on a slow or congested network. I'm going to go back and review my state mechanics but I will say blowing connections away in FIN_WAIT_2 without some grounding in time, say a longer delay or looking at the other states that may hang is significant. There's a state machine in TCP/IP and just arbitrarily going and terminating connections may not be the most optimal approach. That may be why the executable was marked as a Trojan, which honestly it isn't and I'll fault BitDefender there for not communicating with their customers. Again, BitDefender people wouldn't be trying to come up with work-arounds if you would address your customers in a professional and prompt manner in fixing known issues. Give people a timeline, or say "we don't know how to fix it" but sheesh, what a ridiculous way to handle the customer experience aspect of your product. It is incomprehensible that you ignore customers who point out an issue to you and you won't even say one way or the other that you'll address their concerns. Are you afraid of people out there on your forum boards or something?


    So, if you just watch YouTube all day on your Mom's Dial-Up (which according to a recent Google IO Presentation on VP9 seems to happen a lot in Europe as well as BitTorrent traffic (ref 8:50 40% of traffic in Europe is Video (25% YouTube, 13% BitTorrent) ) then this work-around is for you. If you rely on network communications for important data, this is not the work-around you want. Sorry, you *may* loose data when you indiscriminately blow peers out of the water. Think of it as when one of the two systems exchanging long streams of information crashes, what's the state of your data (conversation) then? The answer is Jibberish or incomplete.


    If you're watching UltraP*O*R*N all day in your mom's basement, you need to find something else to do. This work-around requires Administrative rights, and since BitDefender et al has marked it as a Trojan, your AV will not help you if somebody at zippyland injects something really nasty into it and you've excluded it from scanning. You see, JoshY there didn't include an MD5 or SHA hash that you can confirm that when he built it, matches what you're getting. That's another topic.


    So, have fun beating on BitDefender, whatever twists your nipples as they say in my country but this problem is not that simple to address with this level of code complexity, while novel, is very coarse grained as a work-around. That's business speak for using a BFH to kill a fly. If it works for you, great, but when it wipes a transfer out because the last few kilobytes gets lost on your Mom's dial-up connection, don't blame JoshY or Werby here, there' just frustrated customers trying to fix something that BitDefender should be taking care of.

  • All your post sounds Greeks to me (as they say in your country).


    What is given? From users' side there is JoshY's solution which is at least clean and works fine, from your -full of knowledge- side there is a stupid suggestion "If you don't like the firewall in BD, turn it off and disregard the firewall warnings and use something that begins with a Z and ends with Alarm" and from BD staff's side the absolute silence (means the absolute lack of respect). If you were me (a simple user), what would you follow?


    As for me, I followed my heart (common sense) and put BD where it belongs (garbage) but I'm still here just to help (with my very little knowledge) BD victims in contrast with you who always criticize users' opinions showcasing your knowledge.


    It's very nice to really know about something. But I think it's also useless if you have not something to propose. So, if your proposal is for BD staff to do something you are exactly like all these people who ask again and again (since 2009) for the same thing.


    So, you may also "twist your nipples" as they say in your country. :)


    Good binaries dissection! :D

  • It's very nice to really know about something. But I think it's also useless if you have not something to propose. So, if your proposal is for BD staff to do something you are exactly like all these people who ask again and again (since 2009) for the same thing.


    So, you may also "twist your nipples" as they say in your country. :)


    Good binaries dissection! :D


    Okay, I suggested two other work-arounds that were safe alternatives. Since XP, there's been an embedded Windows Firewall. It doesn't block port scans but it is a firewall built into the O/S. Is what you're saying is that you'd like a "how-to" to disable the BD Firewall and enable that? I also suggested a competitors product, Z...Alarm Firewall (there's a free edition) Yeah, it's kludgy and it's another thing to install but if BitDefender isn't going to fix their code, then what alternatives out there. I like BitDefender and as you'll not in my posts, I don't like the fact that they don't follow up and don't respect their customers by even giving them the courtesy of an acknowledgment to open tickets. But if that's the way they want to do business, then I'll stop giving them business until they change their customer service practices.


    Life is full of trade-offs but I can buy another product but I'd still like to get somebody in authority at BitDefender to fix this bug, glitch, kludge and work constructively with their users rather than ignore them.


    Oh and thanks for the compliment, I do try but even

    <-- (** Warning not for kids **)


    Here's what I'll do, I'll come up with some quick instructions for Windows Firewall. Give me a little bit of time here and I'll post back.


    Just call me "Bartholomew."

  • Thought I'd share something with you on a prototype running on a Win7-X64 installation with BD2013 installed. In this prototype, I keep track of the socket state and give it an amount of time (In this case one minute) to transition out of FIN_WAIT_1, CLOSING or FIN_WAIT_2. If it doesn't, I'll terminate the socket but it's a bit more involved. This is debug output and release app is less than 7K in size from a distribution and worse case will use less than 100KB of memory. You'll see a socket terminated on the line when you see a line with Closing. If the socket transitions, we reset the counter or if it goes away, we just clean our references up every two minutes. This doesn't run every two seconds either but every 10.


    the state=number represents the socket state I'm monitoring currently state=6, FIN_WAIT_1, state=7, FIN_WAIT_2 and CLOSE_WAIT = 8.


    As you can see I also have a lot of sockets hanging in CLOSE_WAIT, not only FIN_WAIT_2 and I've caught a few today in FIN_WAIT_1 so all three


    states are happening with the BD Firewall.


    12:11:19 - Starting. Size of MIB_TCPROW=20, Node=40


    12:11:19 - adding node to hash Node=00a010b8 socket=25024 state=7


    12:11:19 - adding node to hash Node=00a012a8 socket=26304 state=7


    12:11:19 - adding node to hash Node=00a012d8 socket=27328 state=7


    12:11:19 - adding node to hash Node=00a01308 socket=27840 state=7


    12:11:19 - adding node to hash Node=00a01338 socket=5825 state=7


    12:11:19 - adding node to hash Node=00a01368 socket=6337 state=7


    12:11:19 - adding node to hash Node=00a04858 socket=44225 state=7


    12:11:19 - adding node to hash Node=00a04888 socket=1474 state=7


    12:11:19 - adding node to hash Node=00a048b8 socket=1730 state=7


    12:11:19 - adding node to hash Node=00a048e8 socket=3522 state=7


    12:11:19 - adding node to hash Node=00a04918 socket=3778 state=7


    12:11:19 - adding node to hash Node=00a04948 socket=6338 state=7


    12:11:19 - adding node to hash Node=00a04978 socket=30146 state=7


    12:11:19 - adding node to hash Node=00a049a8 socket=30402 state=7


    12:11:19 - adding node to hash Node=00a049d8 socket=31682 state=7


    12:11:19 - adding node to hash Node=00a04a08 socket=64450 state=8


    12:11:28 - Node found=00a010b8 socket=25024 state=7 counter=0


    12:11:28 - Node found=00a012a8 socket=26304 state=7 counter=0


    12:11:28 - Node found=00a012d8 socket=27328 state=7 counter=0


    12:11:28 - Node found=00a01308 socket=27840 state=7 counter=0


    12:11:28 - Node found=00a01338 socket=5825 state=7 counter=0


    12:11:28 - Node found=00a01368 socket=6337 state=7 counter=0


    12:11:28 - Node found=00a04858 socket=44225 state=7 counter=0


    12:11:28 - Node found=00a04888 socket=1474 state=7 counter=0


    12:11:28 - Node found=00a048b8 socket=1730 state=7 counter=0


    12:11:28 - Node found=00a048e8 socket=3522 state=7 counter=0


    12:11:28 - Node found=00a04918 socket=3778 state=7 counter=0


    12:11:28 - Node found=00a04948 socket=6338 state=7 counter=0


    12:11:28 - Node found=00a04978 socket=30146 state=7 counter=0


    12:11:28 - Node found=00a049a8 socket=30402 state=7 counter=0


    12:11:28 - Node found=00a049d8 socket=31682 state=7 counter=0


    12:11:28 - Node found=00a04a08 socket=64450 state=8 counter=0


    12:11:38 - Node found=00a010b8 socket=25024 state=7 counter=1


    12:11:38 - Node found=00a012a8 socket=26304 state=7 counter=1


    12:11:38 - Node found=00a012d8 socket=27328 state=7 counter=1


    12:11:38 - Node found=00a01308 socket=27840 state=7 counter=1


    12:11:38 - Node found=00a01338 socket=5825 state=7 counter=1


    12:11:38 - Node found=00a01368 socket=6337 state=7 counter=1


    12:11:38 - Node found=00a04858 socket=44225 state=7 counter=1


    12:11:38 - Node found=00a04888 socket=1474 state=7 counter=1


    12:11:38 - Node found=00a048b8 socket=1730 state=7 counter=1


    12:11:38 - Node found=00a048e8 socket=3522 state=7 counter=1


    12:11:38 - Node found=00a04918 socket=3778 state=7 counter=1


    12:11:38 - Node found=00a04948 socket=6338 state=7 counter=1


    12:11:38 - Node found=00a04978 socket=30146 state=7 counter=1


    12:11:38 - Node found=00a049a8 socket=30402 state=7 counter=1


    12:11:38 - Node found=00a049d8 socket=31682 state=7 counter=1


    12:11:38 - Node found=00a04a08 socket=64450 state=8 counter=1


    12:11:49 - Node found=00a010b8 socket=25024 state=7 counter=2


    12:11:49 - Node found=00a012a8 socket=26304 state=7 counter=2


    12:11:49 - Node found=00a012d8 socket=27328 state=7 counter=2


    12:11:49 - Node found=00a01308 socket=27840 state=7 counter=2


    12:11:49 - Node found=00a01338 socket=5825 state=7 counter=2


    12:11:49 - Node found=00a01368 socket=6337 state=7 counter=2


    12:11:49 - Node found=00a04858 socket=44225 state=7 counter=2


    12:11:49 - Node found=00a04888 socket=1474 state=7 counter=2


    12:11:49 - Node found=00a048b8 socket=1730 state=7 counter=2


    12:11:49 - Node found=00a048e8 socket=3522 state=7 counter=2


    12:11:49 - Node found=00a04918 socket=3778 state=7 counter=2


    12:11:49 - Node found=00a04948 socket=6338 state=7 counter=2


    12:11:49 - Node found=00a04978 socket=30146 state=7 counter=2


    12:11:49 - Node found=00a049a8 socket=30402 state=7 counter=2


    12:11:49 - Node found=00a049d8 socket=31682 state=7 counter=2


    12:11:49 - Node found=00a04a08 socket=64450 state=8 counter=2


    12:11:49 - adding node to hash Node=00a08758 socket=64706 state=8


    12:11:59 - Node found=00a010b8 socket=25024 state=7 counter=3


    12:11:59 - Node found=00a012a8 socket=26304 state=7 counter=3


    12:11:59 - Node found=00a012d8 socket=27328 state=7 counter=3


    12:11:59 - Node found=00a01308 socket=27840 state=7 counter=3


    12:11:59 - Node found=00a01338 socket=5825 state=7 counter=3


    12:11:59 - Node found=00a01368 socket=6337 state=7 counter=3


    12:11:59 - Node found=00a04858 socket=44225 state=7 counter=3


    12:11:59 - Node found=00a04888 socket=1474 state=7 counter=3


    12:11:59 - Node found=00a048b8 socket=1730 state=7 counter=3


    12:11:59 - Node found=00a048e8 socket=3522 state=7 counter=3


    12:11:59 - Node found=00a04918 socket=3778 state=7 counter=3


    12:11:59 - Node found=00a04948 socket=6338 state=7 counter=3


    12:11:59 - Node found=00a04978 socket=30146 state=7 counter=3


    12:11:59 - Node found=00a049a8 socket=30402 state=7 counter=3


    12:11:59 - Node found=00a049d8 socket=31682 state=7 counter=3


    12:11:59 - adding node to hash Node=00a087a0 socket=57026 state=8


    12:11:59 - Node found=00a04a08 socket=64450 state=8 counter=3


    12:11:59 - Node found=00a08758 socket=64706 state=8 counter=0


    12:12:09 - Node found=00a010b8 socket=25024 state=7 counter=4


    12:12:09 - Node found=00a012a8 socket=26304 state=7 counter=4


    12:12:09 - Node found=00a012d8 socket=27328 state=7 counter=4


    12:12:09 - Node found=00a01308 socket=27840 state=7 counter=4


    12:12:09 - Node found=00a01338 socket=5825 state=7 counter=4


    12:12:09 - Node found=00a01368 socket=6337 state=7 counter=4


    12:12:09 - Node found=00a04858 socket=44225 state=7 counter=4


    12:12:09 - Node found=00a04888 socket=1474 state=7 counter=4


    12:12:09 - Node found=00a048b8 socket=1730 state=7 counter=4


    12:12:09 - Node found=00a048e8 socket=3522 state=7 counter=4


    12:12:09 - Node found=00a04918 socket=3778 state=7 counter=4


    12:12:09 - Node found=00a04948 socket=6338 state=7 counter=4


    12:12:09 - Node found=00a04978 socket=30146 state=7 counter=4


    12:12:09 - Node found=00a049a8 socket=30402 state=7 counter=4


    12:12:09 - Node found=00a049d8 socket=31682 state=7 counter=4


    12:12:09 - Node found=00a04a08 socket=64450 state=8 counter=4


    12:12:09 - Node found=00a08758 socket=64706 state=8 counter=1


    12:12:19 - Node found=00a010b8 socket=25024 state=7 counter=5


    12:12:19 - Node found=00a012a8 socket=26304 state=7 counter=5


    12:12:19 - Node found=00a012d8 socket=27328 state=7 counter=5


    12:12:19 - Node found=00a01308 socket=27840 state=7 counter=5


    12:12:19 - Node found=00a01338 socket=5825 state=7 counter=5


    12:12:19 - Node found=00a01368 socket=6337 state=7 counter=5


    12:12:19 - Node found=00a04858 socket=44225 state=7 counter=5


    12:12:19 - Node found=00a04888 socket=1474 state=7 counter=5


    12:12:19 - Node found=00a048b8 socket=1730 state=7 counter=5


    12:12:19 - Node found=00a048e8 socket=3522 state=7 counter=5


    12:12:19 - Node found=00a04918 socket=3778 state=7 counter=5


    12:12:19 - Node found=00a04948 socket=6338 state=7 counter=5


    12:12:19 - Node found=00a04978 socket=30146 state=7 counter=5


    12:12:19 - Node found=00a049a8 socket=30402 state=7 counter=5


    12:12:19 - Node found=00a049d8 socket=31682 state=7 counter=5


    12:12:19 - Node found=00a04a08 socket=64450 state=8 counter=5


    12:12:19 - Node found=00a08758 socket=64706 state=8 counter=2


    12:12:29 - Node found=00a010b8 socket=25024 state=7 counter=6


    12:12:29 - Closing node=00a010b8 socket=25024


    12:12:29 - Removing Node 00a010b8 socket=25024


    12:12:29 - Node found=00a012a8 socket=26304 state=7 counter=6


    12:12:29 - Closing node=00a012a8 socket=26304


    12:12:29 - Removing Node 00a012a8 socket=26304


    12:12:29 - Node found=00a012d8 socket=27328 state=7 counter=6


    12:12:29 - Closing node=00a012d8 socket=27328


    12:12:29 - Removing Node 00a012d8 socket=27328


    12:12:29 - Node found=00a01308 socket=27840 state=7 counter=6


    12:12:29 - Closing node=00a01308 socket=27840


    12:12:29 - Removing Node 00a01308 socket=27840


    12:12:29 - Node found=00a01338 socket=5825 state=7 counter=6


    12:12:29 - Closing node=00a01338 socket=5825


    12:12:29 - Removing Node 00a01338 socket=5825


    12:12:29 - Node found=00a01368 socket=6337 state=7 counter=6


    12:12:29 - Closing node=00a01368 socket=6337


    12:12:29 - Removing Node 00a01368 socket=6337


    12:12:29 - Node found=00a04858 socket=44225 state=7 counter=6


    12:12:29 - Closing node=00a04858 socket=44225


    12:12:29 - Removing Node 00a04858 socket=44225


    12:12:29 - Node found=00a04888 socket=1474 state=7 counter=6


    12:12:29 - Closing node=00a04888 socket=1474


    12:12:29 - Removing Node 00a04888 socket=1474


    12:12:29 - Node found=00a048b8 socket=1730 state=7 counter=6


    12:12:29 - Closing node=00a048b8 socket=1730


    12:12:29 - Removing Node 00a048b8 socket=1730


    12:12:29 - Node found=00a048e8 socket=3522 state=7 counter=6


    12:12:29 - Closing node=00a048e8 socket=3522


    12:12:29 - Removing Node 00a048e8 socket=3522


    12:12:29 - Node found=00a04918 socket=3778 state=7 counter=6


    12:12:29 - Closing node=00a04918 socket=3778


    12:12:29 - Removing Node 00a04918 socket=3778


    12:12:29 - Node found=00a04948 socket=6338 state=7 counter=6


    12:12:29 - Closing node=00a04948 socket=6338


    12:12:29 - Removing Node 00a04948 socket=6338


    12:12:29 - Node found=00a04978 socket=30146 state=7 counter=6


    12:12:29 - Closing node=00a04978 socket=30146


    12:12:29 - Removing Node 00a04978 socket=30146


    12:12:29 - Node found=00a049a8 socket=30402 state=7 counter=6


    12:12:29 - Closing node=00a049a8 socket=30402


    12:12:29 - Removing Node 00a049a8 socket=30402


    12:12:29 - Node found=00a049d8 socket=31682 state=7 counter=6


    12:12:29 - Closing node=00a049d8 socket=31682


    12:12:29 - Removing Node 00a049d8 socket=31682


    12:12:29 - Node found=00a04a08 socket=64450 state=8 counter=6


    12:12:29 - Closing node=00a04a08 socket=64450


    12:12:29 - Removing Node 00a04a08 socket=64450


    12:12:29 - Node found=00a08758 socket=64706 state=8 counter=3


    12:15:39 - adding node to hash Node=00a087d0 socket=64962 state=8


    12:18:01 - adding node to hash Node=00a08800 socket=10435 state=8


    12:18:01 - adding node to hash Node=00a08830 socket=10691 state=8


    12:18:01 - adding node to hash Node=00a08860 socket=10947 state=8


    12:18:11 - adding node to hash Node=00a08890 socket=2755 state=8


    12:18:19 - adding node to hash Node=00a088c0 socket=18883 state=8


    12:18:36 - adding node to hash Node=00a088f0 socket=23235 state=7


    12:18:46 - adding node to hash Node=00a08920 socket=19907 state=8


    12:18:46 - adding node to hash Node=00a08950 socket=20163 state=8


    12:18:46 - Node found=00a088f0 socket=23235 state=7 counter=0


    12:18:57 - Node found=00a088f0 socket=23235 state=7 counter=1


    12:19:09 - Node found=00a088f0 socket=23235 state=7 counter=2


    12:19:09 - adding node to hash Node=00a08980 socket=25795 state=8


    12:19:19 - Node found=00a088f0 socket=23235 state=7 counter=3


    12:19:29 - Node found=00a088f0 socket=23235 state=7 counter=4


    12:19:40 - Node found=00a088f0 socket=23235 state=7 counter=5


    12:19:40 - adding node to hash Node=00a089b0 socket=26307 state=8


    12:19:40 - adding node to hash Node=00a089e0 socket=28099 state=8


    12:19:40 - adding node to hash Node=00a08a10 socket=28355 state=8


    12:19:49 - Removing stale socket information for node=00a088f0 socket=23235


    12:19:49 - Removing Node 00a088f0 socket=23235


    12:19:58 - adding node to hash Node=00a088f0 socket=23235 state=7


    12:20:08 - Node found=00a088f0 socket=23235 state=7 counter=0


    12:20:08 - adding node to hash Node=00a08a40 socket=33475 state=8


    12:20:19 - Node found=00a088f0 socket=23235 state=7 counter=1


    12:20:29 - Node found=00a088f0 socket=23235 state=7 counter=2


    12:20:39 - Node found=00a088f0 socket=23235 state=7 counter=3


    12:20:39 - adding node to hash Node=00a08a70 socket=33987 state=8


    12:20:49 - Node found=00a088f0 socket=23235 state=7 counter=4


    12:20:59 - Node found=00a088f0 socket=23235 state=7 counter=5


    12:21:09 - adding node to hash Node=00a08aa0 socket=8643 state=8


    12:21:09 - Node found=00a088f0 socket=23235 state=7 counter=6


    12:21:09 - Closing node=00a088f0 socket=23235


    12:21:09 - Removing Node 00a088f0 socket=23235


    12:21:29 - adding node to hash Node=00a088f0 socket=36803 state=8


    12:21:29 - adding node to hash Node=00a08ad0 socket=37827 state=8


    12:21:29 - adding node to hash Node=00a08b00 socket=38083 state=8


    12:21:29 - adding node to hash Node=00a08b30 socket=38339 state=8


    12:22:59 - adding node to hash Node=00a08b60 socket=44995 state=8


    12:23:10 - adding node to hash Node=00a08b90 socket=20419 state=8


    12:23:10 - adding node to hash Node=00a08bc0 socket=46019 state=8


    Also, there's a forum posting here about disabling the BitDefender Firewall permanently but there may be a glitch with it according to that thread. I'll do some testing to see if it does indeed shut off between reboots.

  • Okay, here it is. Enjoy.


    How to disable the BitDefender Firewall and Use the Windows Firewall or some other Firewall


    First, we have to get BitDefender to turn off the Firewall, permanently. Follow this set of instructions in order to turn it off and keep it off. This works for Windows XP, Vista and Windows 7. For Windows 8, there are lots of differences in getting your system into safe mode vs. the other more traditional Windows environments you can follow those instructions I put together but when it comes to the safe mode part, have a look at this article as a reference.


    Trust me, it's not as easy as the older versions of Windows. Again, I didn't write Windows 8 so you can complain to Steve Ballmer and his crew for taking a really, really easy process and making it a nightmare. I'm sure they'd love to hear from you. It may even become Werby's new hobby.. <img class=" />


    I wish turning off the BitDefender firewall were really easy but like everything else around here lately, there seems to be issues or bugs with it and this is the only way that I've found to permanently turn it off. Sorry, as I say

    Not that lousy Kurt Russell remake either..


    <img class=" />


    Before you do any of this, make a system backup of your PC, at least your boot drive and create a windows restore point.


    If you don't know what that is, here's another howto for windows 7 and one for Windows XP And here's a nice video


    Make sure you've backed up and created a restore point before you do anything else!


    If you don't like editing files or dealing with command lines or safe boot?


    Don't do this, just wait until BitDefender fixes their code.


    Runneth Away, and Chicken Out, there's nothing wrong with that. :rolleyes:


    Okay, You're still here let's go. Now follow those instructions above to disable the firewall, It's sticky and nasty and you have to boot into safe mode and .. sorry .. not my doing.


    Once you reboot the last time after changing settings.xml, your firewall should be off and Windows should be screaming at you that you don't have a firewall turned on. You can now simply enable your Windows Firewall. Bitdefender won't conflict with it. But make sure you have some firewall protection turned on Either use Windows Firewall or install a Plan B firewall like ZzzzzAlarm Firewall (only the firewall not the rest of that!)


    Here's some links on the process of enabling the Windows Firewall:


    For Windows XP, Windows 7 (Same as Vista) and finally Windows 8


    I'm not covering Windows ME, Windows 2000, Windows 95, 98 or any Server edition.


    Okay, I've done my good deed for the day.


    All standard warranties apply here, YMMV, 30 feet or 30 seconds whichever comes first and do this at your own Peril!!


    Have a great weekend y'all.

  • wkwood
    edited July 2013

    Just an update on the above Procedure.


    For Windows 8, go ahead and try the msconfig method to get into safe mode for editing the settings.xml file. MSFT is still nasty about the Safe Mode changes but for our purposes msconfig has worked on all but two of my windows 8 machines, so I guess I need to rebuild them? Anyway, sorry for that bit of confusion.


    For all systems, something I did forget. You need to disable warnings about the firewall status. In the BitDefender GUI, Under General Settings and on the Advanced tab, select Configure Status Alerts on the next screen set Firewall Status to off. This will disable warning messages about the firewall being disabled.

  • werby3
    edited July 2013

    @ Will Wood :):D<img class=" /> Your sense of humor is unbelievable... :wub:


    @ BD users (not the "nuclear" ones).


    There are three very very simple ways (one at a time) to solve the "ghost traffic" BD issue.


    1. Download and use TCPView by Sysinternals to manually close "FIN_WAIT2" connections.


    or


    2. Install, clean and fine working Joshy's solution which automatically eliminates the issue.


    or (the best)


    3. Uninstall BitDefender and then install a serious AV/FW solution, for free if you like, discovering that there is no need to spend even a cent for those kind of apps.


    PS: Once again, DO NOT TRUST comparison tests.


    Regards!

  • wkwood
    edited July 2013
    @ Will Wood :):D<img class=" /> Your sense of humor is unbelievable... :wub:


    @ BD users (not the "nuclear" ones).


    There are three very very simple ways (one at a time) to solve the "ghost traffic" BD issue.


    1. Download and use TCPView by Sysinternals to manually close "FIN_WAIT2" connections.


    or


    2. Install, clean and fine working Joshy's solution which automatically eliminates the issue.


    or (the best)


    3. Uninstall BitDefender and then install a serious AV/FW solution, for free if you like, discovering that there is no need to spend even a cent for those kind of apps.


    PS: Once again, DO NOT TRUST comparison tests.


    Regards!


    Dude, Really? Use TCPView all the time to close off FIN_WAIT_2s? I guess you didn't read, it's not just FIN_WAIT_2, it's also CLOSE_WAITs and FIN_WAIT_1s that are also occurring. Just dumping connections every two seconds is unsafe if you're depending on the information that may be in If you're just streaming video, no big deal but if you're using something like Google Apps, or DropBox you may loose your data. How much more simple can I explain it? What Joshy put together is indiscriminate, it sees a FIN_WAIT_2 and disconnects it. It doesn't care what the application is, it doesn't care how long the FIN_WAIT_2 was around and it ignores the other transition states. In the industry we call that a shotgun solution, it's messy and it makes big holes in things.


    Do yourself a favor and take a look at this: TCP Connection Termination


    and pay particular attention to these words.. I've underlined a couple of key points to to help in the discussion..


    Just as TCP follows an ordered sequence of operations to establish a connection, it includes a specific procedure for terminating a connection. As with connection establishment, each of the devices moves from one state to the next to terminate the connection. This process is more complicated than one might imagine it needs to be. In fact, an examination of the TCP finite state machine shows that there are more distinct states involved in shutting down a connection than in setting one up. <-- that means FIN_WAIT_2 isn't the only game in town!


    The reason that connection termination is complex is that during normal operation, both of the devices are sending and receiving data simultaneously. <-- in Media Streaming, it's one way but in data synchronization it can be two way. TCP allows bi-directional data transmission sumultaneously between two peers. If you abruptly wipe one out, you'll lose data.



    Usually, connection termination begins with the process on just one device indicating to TCP that it wants to close the connection. The matching process on the other device may not be aware that its peer wants to end the connection at all. Several steps are required to ensure that the connection is shut down gracefully by both devices, and that no data is lost in the process.


    Ultimately, shut down of a TCP connection requires that the application processes on both ends of the connection recognize that “the end is nigh” for the connection and stop sending data. For this reason, connection termination is implemented so that each device terminates its end of the connection separately. The act of closing the connection by one device means that device will no longer send data, but can continue to receive it until the other device has decided to stop sending. This allows all data that is pending to be sent by both sides of the communication to be flushed before the connection is ended. <-- there can be data in transit that is not recieved or acknowledged and if you just disconnect one side indiscriminately, the data has no place to go but bit heaven.


    There it is, plain and simple. SO if you want to violate the premises of having TCP to begin with, just get TCPView and click to your hearts content. Trust me, if you have a lot of spare time, maybe your unemployed or just looking for a hobby, do that or use Joshy's socket hack and just wipe them out every two seconds, not worrying of course what application had the sockets open and what kind of information is being exchanged, nope seek out FIN_WAIT_2s and blammo.


    Werby, not everybody sits and watches youtube every day or just listens to online radio! TCP does a lot more than just streaming media, so carefully consider that if you value the information you exchange over the Internet. All those E-Mails, that online banking stuff you do and all those new cloud services you're using to store your photos. Yeah that photo of you and your Aunt Helen was great until 1/2 of it was garbled and you can't view it anymore on Instagram.


    The simple, safe answer is just turn off the BD firewall, it takes less than five minutes and you just turn on the Windows firewall and use it until such time as there's a fix for this problem and just use the Anti-Virus, Anti-Spam and other features of BitDefender. I have it configured this way right now on my Windows 8.1 boxes because of all the nifty fun with BD TS2013 the preview release. Windows Firewall, Bitdefender AV. I'm behind two other firewalls so I'm not worried about port scans or IDS but if you aren't behind a firewall that has that, think of a plan B firewall other than the one that comes with Windows.


    Have fun.

  • Are you guys sure this is an issue with the firewall module of Bitdefender? I just did the following:


    1) Uninstall Joshy's program


    2) Enable Windows Firewall


    3) Disable BD firewall


    4) Test YouTube, issue persists: full bandwidth usage even after closing browser


    5) Reinstall Joshy's program, bandwidth usage drops instantly


    6) Enable BD firewall


    7) Disable Windows firewall


    Either the problem lies in a different component of BD or the firewall off-switch does nothing. Does Bitdefender Antivirus Plus have this problem?

  • this issue is not caused by the firewall. it is an issue of the http-scanner. so disabling the bd-firewall will not solve the Ghosttraffic.


    yours


    Olli

  • this issue is not caused by the firewall. it is an issue of the http-scanner. so disabling the bd-firewall will not solve the Ghosttraffic.


    yours


    Olli


    That is a shame. Thanks for the information, though! I think HTTP-scanning is one of the most important features, so disabling it is not really an option. This must be fixed!


    Anyways, I contacted support regarding the issue at hand. We shall see what they have to say on the matter, if anything. If only they would fix this issue, I could buy licenses for all my family's computers. Right now there is no way I could recommend BD to anyone!

  • werby3
    edited July 2013

    @ Will Wood You MUST understand that we are not all gurus like you and we don't want it too.


    Anyway, your infos are very important and valuable. I(we) appreciate this.


    It's at least crazy for a user to follow your suggestions in case he wants to be protected by BD or any other crap.


    BUT, when someone (simple user) gives his money for a s h i t like BD, he demands for it to work at least satisfactory without having to be a guru on PCs or else, demands for a serious and immediate support (as you've mentioned too). That's why he gives his money.


    And, believe me, I(we) can live with this issue and we've found some ways to face it.


    What is ABSOLUTELY UNACCEPTABLE and underestimates our intelligence is BD staff's behavior (not only for this but for most issues/bugs). They MUST understand that we are not idiots. And what's the best way for this to be done? I've already given my answer. What's yours...???(rhetorical question)


    My Best!

  • @ Will Wood You MUST understand that we are not all gurus like you and we don't want it too.


    Anyway, your infos are very important and valuable. I(we) appreciate this.


    It's at least crazy for a user to follow your suggestions in case he wants to be protected by BD or any other crap.


    BUT, when someone (simple user) gives his money for a s h i t like BD, he demands for it to work at least satisfactory without having to be a guru on PCs or else, demands for a serious and immediate support (as you've mentioned too). That's why he gives his money.


    And, believe me, I(we) can live with this issue and we've found some ways to face it.


    What is ABSOLUTELY UNACCEPTABLE and underestimates our intelligence is BD staff's behavior (not only for this but for most issues/bugs). They MUST understand that we are not idiots. And what's the best way for this to be done? I've already given my answer. What's yours...???(rhetorical question)


    My Best!


    While you were on your soapbox there, I put this video together. Take a look, see it work... No Shotgun hacks, Just Windows, BitDefender 2013 with its Firewall disabled and no funny business. Also, BD is running and protecting me via AV and Scanning.. The Bitdefender firewall is the only thing disabled here, Windows Firewall is on, doing it's job. My sockets close as they should, I don't have gobs of data coming at me like a freight train, meaning no Zombie sockets! Isn't that the Root Problem here? Or is it that you want to just moan about things you have no control over? Cripes, I just gave you something you can control and the knowledge to help yourself. Maybe it's cultural, but if you see a problem that's not getting solved you can at least try to solve it, not moan and complain and whine... Don't Zombies do that? Maybe it's just the French... Anyway.


    I have a gift for you. Consider it a cultural exchange.


    Enjoy, the vid turns into a pumpkin in 7 days.


    http://wikisend.com/download/182104/BDWithWindowsFW.mp4


    What still amazes me is folks ranting about this when the fix is really easy to do. Yes, I agree, BD support is horrible, bad, atrocious. Tickets don't get answered, problems left unresolved. Just shutting off the firewall, which should be really easy is a Pain in the A** anyway, I still use it, with all it's faults. Just like my wife, she's still with me with all my faults too.


    So, if you want to see it in action, take a look at the vid. If people want to see how to do MSCONFIG etc. and shut off the firewall I can do one of those later on.


    But I thought I'd first show you that when the TCP/IP stack works as it should, you don't have sockets dangling around in FIN_WAIT_2, CLOSE_WAIT or FIN_WAIT_1 and that things gracefully close as intended. No tricks, no hacks, no sweat.


    Enjoy!


    Oh and as Einstein said:


    Insanity: doing the same thing over and over again and expecting different results.


    If you're expecting BitDefender to change their ways by complaining and pointing people to risky behavior with their computer, then you must be insane.


    :wacko:

  • ...I just gave you something you can control and the knowledge to help yourself...
    <img class=" />


    You are a GOD.


    Thank you.


    Sleep well now!!!


    PS: Please let us go to our soapbox and you do go for a vote to your Obama <img class=" />

  • PS: Please let us go to our soapbox and you do go for a vote to your Obama <img class=" />


    There's no reason to get insulting... ;-)


    The last great US President was Ron Dog Reagan!


    Everything since has just been ... Well Meh..


    Have fun.

  • The last great US President was Ron Dog Reagan!
    We looove(d) Reagan...that's for sure. :wub:


    And something, unrelated to this topic but somehow related.


    One door of my brand new Ford, cannot be locked.


    Manufacturer said, I have to wait a little because, at this time, they cannot fix it.


    And guess what?


    I've replaced it with the one of my other car, an Opel, and I'm happy now, especially because of my brilliant mind.


    Have a nice weekend :)

  • See Below....


    One door of my brand new Ford, cannot be locked.


    You don't need locks, besides somebody will just come down the street and smash the window and grab your stuff. Most likely Gypsies.


    Manufacturer said, I have to wait a little because, at this time, they cannot fix it.


    You mean the Dealer or are you driving all the way to the Factory? If you drove it the factory, no wonder, those guys just build them, the don't fix them. See Ford US is different from Ford rest of the world, kind of like VW. In Ford US, they'll just tell you that the item is not serviceable under the warranty program and send you on your way.



    I've replaced it with the one of my other car, an Opel, and I'm happy now, especially because of my brilliant mind.


    So, you took your brand new Ford and strapped on a GM part? Are you insane??? Ford + GM = Mutant baby cars, like Skodas or something like that.


    Have a nice weekend :)


    You too.


  • ...Are you insane???...
    At least, we've found a common place... ;):D
  • So, I gather from other threads that this issue is to do with the https scanner. Does this issue affect all BD users or is it hit and miss?

This discussion has been closed.