Av - Active Virus Control

error-id10t
edited February 2014 in Antivirus

Using latest Internet Security, setting this to either normal or aggressive blocks a program executable when I run it. In theory that's fine but there are 2 problems:


1) There is no way to make it go into quarantine


2) Once it has blocked it, I cannot get that file there again. I can however put the folder elsewhere, the executable goes in and the cycle starts.


Now, before someone says that I can exclude them - I know. But this does not avoid / fix the problems above. You do not know if Bitdefender for some reasons finds a false-positive and then goes about blocking it. Once it's done that, you're SOL and cannot put the executable that folder anymore (ie: Desktop folder, Temp folder, etc).


Fix: Allow quarantine for this also and/or remove that 2nd option which doesn't make sense to me. It errors out saying I'm not the admin, but I am so BD is over-writing my permissions re: the blocked file.


add: can I also recommend you change the description. An "alert" is just that, a pop-up warning and providing an option. This does not provide that in anyway and I'm not in auto-pilot mode.

Comments

  • Using latest Internet Security, setting this to either normal or aggressive blocks a program executable when I run it. In theory that's fine but there are 2 problems:


    1) There is no way to make it go into quarantine


    2) Once it has blocked it, I cannot get that file there again. I can however put the folder elsewhere, the executable goes in and the cycle starts.


    Now, before someone says that I can exclude them - I know. But this does not avoid / fix the problems above. You do not know if Bitdefender for some reasons finds a false-positive and then goes about blocking it. Once it's done that, you're SOL and cannot put the executable that folder anymore (ie: Desktop folder, Temp folder, etc).


    Fix: Allow quarantine for this also and/or remove that 2nd option which doesn't make sense to me. It errors out saying I'm not the admin, but I am so BD is over-writing my permissions re: the blocked file.


    add: can I also recommend you change the description. An "alert" is just that, a pop-up warning and providing an option. This does not provide that in anyway and I'm not in auto-pilot mode.


    If AVC blocks legimate software why don't you just go to bitdefender events --> antivirus --> active virus control --> click event about blocked application and click allow?

  • Because it's not there. It's not in Quarantee and event shows nothing.


    Bitdefender does provide a pop-up saying it's blocked it so you know what's happened, but you press that pop-up to go into the event and it's empty. Nada. Nothing you can do.

  • Please post here a support tool log to further investigate the case:


    http://www.bitdefender.com/support/how-to-...t-log-1168.html


    or


    http://bitdefender.com/diagnostic


    You may not be able to upload the BDSP_ log resulted on your Desktop here as it is too big so you can put it on www.sendspace.com and post the download link.


    Thank you!

  • error-id10t
    edited March 2014

    This is really doing my head in now.


    It's now picking up "Rog Realbench v2.1" executable as malicious program and simply deletes it - still saying it's quarantine but it's not. There are no events either.. it's simply been deleted. CPU-Z executable is another one that simply get's removed at times.


    I could run the program you've listed but instead, how about we get a program that allows me to choose the action? I am not running in auto-pilot and On-Access is set to Modified (move files to quarantine). That is obviously failing. Setting both AV options Permissive or Aggressive gives exact same behaviour.

  • duhfool
    edited March 2014
    This is really doing my head in now.


    It's now picking up "Rog Realbench v2.1" executable as malicious program and simply deletes it - still saying it's quarantine but it's not. There are no events either.. it's simply been deleted. CPU-Z executable is another one that simply get's removed at times.


    I could run the program you've listed but instead, how about we get a program that allows me to choose the action? I am not running in auto-pilot and On-Access is set to Modified (move files to quarantine). That is obviously failing. Setting both AV options Permissive or Aggressive gives exact same behaviour.


    I have the same issue with ROG Realbench.


    I even tried the option of "Allow and monitor", but as the OP pointed out, the executable isn't even restored.


    Recover option will remove the Event from the list, but the file itself is still not restored either.


    Good think I didn't try to run CPU-Z. I'll give Bitdefender a few weeks to fix this issue, otherwise I'll be removing bitdefender from the last PC it's installed on, despite having a valid license for a couple of years.


    This should not be an issue that needs to be "diagnosed". Bitdefender customer support should attempt to reproduce this issue first before asking customers to work in the QA department.


    I don't mind the false positives... what I don't like is not being able work around it in a simple manner.


    Workaround that I tried and failed on.


    Deleted Realbench folder


    Added exlusion.


    Unzipped Realbench folder again (same location)


    I get an error saying "Permissions required", but even as Admin, I don't have the ability to do this.


    Bitdefender seems to save information on this file, and despite having added the folder in the exclusions list, it still preventing me from restoring it.

  • Thanks for your input, hopefully that shows I'm not some lonely nut-case here.


    False-positives is one thing and expected to be honest, but quarantine/restore failing and the rest mentioned here isn't - those are broken. If I'm in User mode and I've specifically told it to quarantine then I'd expect that to happen. Just like what happens when it warns about a webpage, I get an option on what I choose to do. I get no options here.

  • Thanks for your input, hopefully that shows I'm not some lonely nut-case here.


    False-positives is one thing and expected to be honest, but quarantine/restore failing and the rest mentioned here isn't - those are broken. If I'm in User mode and I've specifically told it to quarantine then I'd expect that to happen. Just like what happens when it warns about a webpage, I get an option on what I choose to do. I get no options here.


    I agree. I really think Bitdefender hates their customers. I mean seriously, they do not give the users enough control over certain aspects. It's ridiculous. And they wonder why people go to another security vendor.