Calling Home

I noticed a high level of internet traffic coming from BD and decided to block everything except for the update service. I have Safepay off, Wallet off, ID Theft, off, Data protection, off, Safego, off, Profiles off, Vulnerability, off and all but "protection against Phishing, off.' I even have auto update off because I like doing it manually... I'm sorry, but all I want is a basic AV without all the silly bells and whistles I never use. But even after turning all that off this is what I get from Personal Firewall, and this was all I could fit in a screen shot, this goes on all day long! What the heck is going on BD?

post-31695-1414312829_thumb.jpg

Comments

  • Most of those IPs are being used by Vsserve.exe which is a module for real time protection. Maybe it's used to send data onto a server for future analysis? 1.gif

  • shpshftr@netzero.net
    edited October 2014
    Most of those IPs are being used by Vsserve.exe which is a module for real time protection. Maybe it's used to send data onto a server for future analysis? 1.gif


    It's stranger than that, when I am not doing anything on my computer there are no calls home. However when I open a Word doc it calls home, when I open note pad, it calls home, when I open a picture or a video, it calls home, when I open any program on my computer, it calls home. This is very disconcerting. Please explain what's going on Bitdefender Home?

  • Is there some difficulty with this question? Is this a program malfunction? Seems to me the only thing that should be calling home is the update service. What is all this other stuff?

    post-31695-1414547064_thumb.jpg

  • Try turning off 'Anonymous Usage Reports'. In 2014 version it was found under Settings>General Settings>Advanced. Not sure about 2015 but it should be similar. Anyhow, that is most likely what is calling home. It also enables the cloud functions for realtime malware protection. So whenever you open a new file or create one and save it the program will contact home to see if the new file is a potential threat.


    Further reading:


    http://forum.bitdefender.com/index.php?sho...anonymous+usage

  • Rohugh
    Rohugh ✭✭
    edited October 2014
    Try turning off 'Anonymous Usage Reports'. In 2014 version it was found under Settings>General Settings>Advanced. Not sure about 2015 but it should be similar.


    Hiya Antikythera,


    Just to confirm it is the same from the top drop down on the GUI.


    Ro.

  • shpshftr@netzero.net
    edited October 2014
    Try turning off 'Anonymous Usage Reports'. In 2014 version it was found under Settings>General Settings>Advanced. Not sure about 2015 but it should be similar. Anyhow, that is most likely what is calling home. It also enables the cloud functions for realtime malware protection. So whenever you open a new file or create one and save it the program will contact home to see if the new file is a potential threat.


    I do have 'Anonymous Usage Reports' off along with 'Proxy usage' 'Security reports' 'special offers/product notifications' and 'Paranoid mode' whatever that is. lol With every new release I go through and turn off everything I can find to turn off beyond real time scanning and Phishing. It can take a long time to find everything!


    If it is a cloud service "realtime malware protection" that might explain the bulk of the traffic for one particular service but I see 4 services calling home, bdagent, vsserv, bdwtxag and seccenter. I mean gimme a break... lol That we even have to speculate is cause for alarm. Forthright answers are scarce and that makes me believe politics are in play. O_o


    Why can't we just have an ultra basic version, like BDBU "Bitdefender Basic Ultra"? That has a nice ring to it! Just antivirus without the kitchen sink, toilet, bathtub and irrigation system? Symantec and McAfee started doing this before they lost all their credibility, trying to be all things security for all people. Simple is better and far less resource intensive. All in favor, take a shower! :)


    The latest:


    post-31695-1414659786_thumb.jpg

  • I'm still hoping to get some sort of reply on this. Anyone?


    Here's another screen shot:


    post-31695-1415671653_thumb.jpg

  • Is a Moderator going to answer these/his posts?


    I'm quite interested in the reply.

  • Is a Moderator going to answer these/his posts?


    I'm quite interested in the reply.


    are you really waiting for a reply? LOL! Bitdefender is worse than having a virus!

  • And the saga continues... 24/7 calling home with every opening of any program. An explanation would be nice.


    post-31695-1417107700_thumb.jpg

  • Rampant
    Rampant ✭✭
    edited November 2014

    Antivirus obliged to verify the checksums of files opened, to prevent contamination of polymorphic viruses. If you examine the system registry, you can find a server that communicates bitdefender, to analyze files. Here is a sample registry key, proactive module.

    post-39675-1417111745_thumb.png

  • Antivirus obliged to verify the checksums of files opened, to prevent contamination of polymorphic viruses. If you examine the system registry, you can find a server that communicates bitdefender, to analyze files. Here is a sample registry key, proactive module.


    I appreciate your reply but I see it as speculation, unsupported from BD Tech support... Any polymorphic virus detection has always been part of the local virus detection system (Downloaded virus definitions). Not to mention most polymorphic virus infections are far less prevalent these days than they were when BD was first released and BD didn't call home like this back then. Calling home for every bit of computer activity is not only resource intensive but not very practical since polymorphic virus infections are less prevalent these days and many people are limited on bandwidth, like me. AV programs should not rely on the internet connection for protection beyond definition downloads due to the fact that most viruses disable the AV's access to the internet.


    However, since my posting this subject the calls home from bdwtxag and seccenter (As seen in my Oct 30 2014, 12:03 PM post) have been dropped almost completely, so it appears something is being done.

  • Polymorphic viruses, I gave as an example, cloud technology increasingly are used in anti-virus programs, and there's nothing you can do.

  • I appreciate your reply but I see it as speculation, unsupported from BD Tech support... Any polymorphic virus detection has always been part of the local virus detection system (Downloaded virus definitions). Not to mention most polymorphic virus infections are far less prevalent these days than they were when BD was first released and BD didn't call home like this back then. Calling home for every bit of computer activity is not only resource intensive but not very practical since polymorphic virus infections are less prevalent these days and many people are limited on bandwidth, like me. AV programs should not rely on the internet connection for protection beyond definition downloads due to the fact that most viruses disable the AV's access to the internet.


    However, since my posting this subject the calls home from bdwtxag and seccenter (As seen in my Oct 30 2014, 12:03 PM post) have been dropped almost completely, so it appears something is being done.


    Cloud technology consume fewer resources than client based detection

  • Polymorphic viruses, I gave as an example, cloud technology increasingly are used in anti-virus programs, and there's nothing you can do.


    Yes, cloud technology is being used more but not for real time AV protection that I know of. It decreases the effectiveness of detection due to the nature of viruses since disabling AV internet access is almost always the first action of an infection. I look forward to BD tech support weighing in on this. Speculation is simply not a definitive answer for this new activity.


    Cloud technology consume fewer resources than client based detection


    I'm sorry, I totally disagree with that statement. lol


    BDAV is calling home over 1-10+ times a minute depending on what programs are opened! This is not normal behavior for any AV I know of other than the current version of BD.


    post-31695-1417313935_thumb.png

  • It's incredible that this company will not provide any input concerning an important question. Should we therefore have to assume that this traffic is unnecessary and / or being used for suspicious purposes not directly related to keeping us safe? If BD do not wish to answer officially then should we contact those large media companies that test this product and ask them to ask BD on our behalf since we can't get any direct answers?

  • Yes, cloud technology is being used more but not for real time AV protection that I know of. It decreases the effectiveness of detection due to the nature of viruses since disabling AV internet access is almost always the first action of an infection. I look forward to BD tech support weighing in on this. Speculation is simply not a definitive answer for this new activity.


    I'm sorry, I totally disagree with that statement. lol


    BDAV is calling home over 1-10+ times a minute depending on what programs are opened! This is not normal behavior for any AV I know of other than the current version of BD.


    post-31695-1417313935_thumb.png


    If u open a file cloud will check file hash to see it's infected..if your pc is accessing all the time files than ur pc can be infected bd just try to report to cloud the file hash nothing more..another thing that can be is that old thing regarding updates sharing but that can be turned off.


    I see u use private firewall but what u see it's not necessarily wrong in fact if u don't see that log conversation might be wrong.Vsserv is the main bitdefender process so it's not wrong it's checking stuff on internet.If u expect that PF log to be empty than you don't understand much about internet and particularly about cloud technology.If u heard about keep alive paket, time to live, syn, syn ack and so on..Here is not a tutorial about internet here u just try to keep up with the smart bitdefender team trust me ;)..about firewall u can forget that crappy baloney private firewall cos it's not anymore updated, bitdefender is.Use windows firewall instead and forget about those annoying pop ups for nubs..block incoming and outgoing delete all rules except those for core networking add your browsers an av components rules (only outgoing) etc.Look at this video u can understand better how to really configure win fw


    Bitdefender has intrusion detection system that PF lack.PF has many weak points and can be altered more easily cos doesn't need admin rights to change firewall rules and that is a big problem among many more.

  • ...try to keep up with the smart bitdefender team trust me...


    That's when corporations risk to abuse their customers when attitudes like this occur. We should trust no-one with our data. Any software on our computers that is communicating with the internet should clearly state what it is doing and why.


    If BD told me what all those comms are about, I would not understand it all, but the fact of declaring and allowing experts to comments on these forums is good enough assurance for me.

  • antikythera
    edited December 2014

    I don't use Bitdefender Firewall or Windows Firewall. Neither suit my needs and are surplus to requirements anyhow. I have a hardware firewall that I test on a regular basis against new threats and it has not failed yet.


    Trusting any Company with your security is not without inherent risk. You are reliant on their maintenance and development to adapt to emerging threats. No solution is 100% full-proof anyhow. So it is personal choice who or what you choose to rely on.

  • I don't use Bitdefender Firewall or Windows Firewall. Neither suit my needs and are surplus to requirements anyhow. I have a hardware firewall that I test on a regular basis against new threats and it has not failed yet.


    Trusting any Company with your security is not without inherent risk. You are reliant on their maintenance and development to adapt to emerging threats. No solution is 100% full-proof anyhow. So it is personal choice who or what you choose to rely on.


    Hardware firewall keeps you safe from internet zone but how can handle an network attack like MITM.If u use wireless connection you can be an easy victim to spoofing attack cos your pc doesn't make the difference is talking to your hardware firewall or your neighbour(spoofed pc) that can sniff your traffic.WFW has mac spoofing protection too and it's free and light.If you really wanna have protection you should create a VPN between your PC and your hardware firewall and WFW has ipsec that can handle this task with ease.I doubt your hardware firewall has payload analysing capabilities so if an attacker sends you a custom made payload goes thru your HFW and infects your pc.WFW blocks all kind of remote access when public profile is chosen.WFW supports all 255 kinds of protocols the other fws can only dream about.On the other hand Bitdefender firewall has injection protections and IDS system advantage over WFW.If i were you i would let BD firewall to work with my HFW together.

  • antikythera
    edited December 2014

    Thanks, you are teaching the proverbial granny to svck eggs though.


    We are so remote my nearest neighbour is a mile away so they would be doing well as would any potential drive-by-snoopers to even find us. I am well aware of the potential risks which is why I test against them as already stated. It is not something I do without due diligence. I am not going to post on here specifics about my firewall or what configuration I use. :ph34r:

  • Thanks, you are teaching the proverbial granny to svck eggs though.


    We are so remote my nearest neighbour is a mile away so they would be doing well as would any potential drive-by-snoopers to even find us. I am well aware of the potential risks which is why I test against them as already stated. It is not something I do without due diligence. I am not going to post on here specifics about my firewall or what configuration I use. :ph34r:


    Good news, than we can explain better to shpshftr that having logging on high level and seeing vsserv conversation over the internet from 2 minutes to 2 minutes does not mean anything wrong..He should try Microsoft Network Monitor and in 2 minutes he could have 20000 logged pakets to be worried about.


    And he can cilax any AV FW has stateful paket inspection and that isn't enough cos payload isn't checked by any mean.In fact there are computers that act like a hardware firewall that have this unique destination to process payloads and they can still fail.


    Even mighty comodo firewall doesn't have payload analysing capabilities cos would drag all resources from a PC

  • ... should we contact those large media companies that test this product and ask them to ask BD on our behalf ...


    "those large media" companies act on their advertisers' behalf, not ours.


    For whatever reason, there isn't much in the way of community management here, so I wouldn't take that alone as nefarious.