[Fixed] Network Traffic Causes Bitdefender To Use Excessive Cpu

1235

Comments

  • Please let us know if the issue still persists with the new build : 20.0.28.1478

    Please note that the update requires a restart to be fully deployed.

    The update did not fix it. Nothing has changed. Lags not disappeared in my case.

  • My thanks to the person who found the port scan fix. I'm trying it now and hopefully it resolves it.

    This is a frustrating issue that should have been fixed in March. It took me months to finally work out the fault was caused by what, I believed, was the best security software out there. In that time I actually went and built a whole new PC because I couldn't find the cause of this fault on the old PC. So this fault has cost me several thousand dollars and hundreds of hours of building, reinstalling, testing etc.

    Hopefully the issue is solved soon. I sit on a static IP and frequently see my PC being port scanned. Turning off the security is not a satisfactory solution: you don't remove a lock from a door because it's hard to open. I didn't pay for a faulty lock.

    Well friend, just so you know, in the future, every major problem that appears out a sudden is usually related to the antivirus solution - bitdefender or any other.

    Your last resort should be reinstalling windows or changing hardware components.

  • Well friend, just so you know, in the future, every major problem that appears out a sudden is usually related to the antivirus solution - bitdefender or any other.

    Your last resort should be reinstalling windows or changing hardware components.

    Hi,

    Yeah, I honestly checked all the other software I had installed before reinstalling then creating a new build. For some reason I didn't even think of the virus scanner which, in hindsight, probably should have been higher up the list of possible causes based on how integrated it is. I just couldn't see the association of the virus scanner creating the system interrupt spike while slowing down the network over time; it just didn't seem to make sense. But then neither does fixing it by turning off the port scanning detection.

    I can confirm that turning that off does appear to have resolved the issue. Build 20.0.28.1478 did not fix it. Hopefully the next build does as I'm feeling unprotected.

  • edited May 2016

    I just joined to mention my 2p's worth! I too had been experiencing this issue for around 2 weeks and it was driving me bonkers and I just worked out how to fix it (or at least it did in my case anyway!). Basically I knew it had to be a program or driver i'd installed as I'd literally just built a new Intel/Nvidia PC on Tuesday and eventually had the same stuttering etc issues in Youtube as I did on my old AMD/ATI setup. So I went off searching the interwebs and eventually found a page on an Avast forum mentioning a problem they had with windows 8.1 & their port scanning module in the firewall and it made me wonder if it was the same problem in my case even though it's a different Anti virus.

    So, I opened Bitdefender, modules and then firewall and turned off the 'block port scans inn the network' module and low and behold when I started up Latencymon again there were no high 100's execution time or high DPC's which usually within seconds there would be loads of them! I've ran my system for over 4 hours now with no issues like before, I mean I get the occasional 0.2ms glitch every hour or so but that's it, no more robotic stuttering and Youtube is finally fully watchable again!

    ignis.sys in latencymon is no more, it's there but it's all 0's after it and the highest i've seen ndis.sys & tcpip.sys(which were my biggest problems) is 1.6ms max and under every hour or so. I can't be 100% sure it will work in your case but if you're having similar issues to me it's worth a shot and may also help Bitdefender team work out what the problem is although i'm not too bothered about having the ports option off as my router takes care of that anyway! Good luck all.

    Thank you sir!

    Problem solved.

    New build PC. Win 10. 6 months old now. Running Bitdefender. No problems until roughly 1.5months ago. No changes to hardware or physical network configuration. Out of the blue I suddenly found that any significant network traffic, even including simply transferring large files from one networked PC to another (on same LAN), one of my CPU cores would throttle up to 100% and remain there. Screen, mouse OS level lag across the board. PC unusable whilst carrying out simple background network task. Problem PROCESS identifies as "SYSTEM INTERRUPTS" in Task Manager. All working perfectly fine prior to 1.5months ago.

    Can confirm that the above solution worked immediately. "turned off the 'block port scans inn the network' module"

    I have build 20.0.28.1478 installed. Problem persists on this build.

    Hours wasted finding a solution to this problem. Credit to h4x0rm1k3 for posting the solution here. Disappointed Bitdefender support have not done more to inform users of this issue and also the temporary fix (highlighted above) pending them finding a proper fix. This is clearly not an isolated issue for Bitdefender users. Many average users do not have the tech savvy to trawl through user support forums or even identify problems like this - and are simply living with this issue, cursing their PC and probably blaming WIN10 (or some other 3rd party) for this decreased performance. (Such as luci_flash above who has wasted time and money reinstalling and testing, trying to find a solution)

    You are guilty Bitdefender. Own up to it and notify your loyal customers and save 100's of 1000's of hours of wasted productivity. I understand bugs exist and it takes time to rectify them. This I have no problem with. Denying them or leaving users to unknowingly suffer with them rather than stepping forward, however, is another story.

  • @Growler thank you for your feedback, however not all machines are affected by this situation.

    Our support lines are available 24/7 should a user encounter any difficulty with the product or on the machine while using the product he can then contact us at any time and receive assistance.

  •  

    @Growler thank you for your feedback, however not all machines are affected by this situation.

    Our support lines are available 24/7 should a user encounter any difficulty with the product or on the machine while using the product he can then contact us at any time and receive assistance.

     

    I agree that you support lines are available 24/7 but in this particular case the problem is hidden behind Windows processes and the average user would not be able to tell if this is caused by a faulty driver or by his BitDefender solution.

    I for one, know of at least 2 other people besides myself that started having this issue and ended up reinstalling Windows just because nothing seemed to work. As the problem was hidden behind System Interrupts process or System and compress memory process (both Windows processes that nobody would suspect of having anything to do with BitDefender) it was difficult to pinpoint that the actual bug was in BitDefender. I tried a lot of different solutions for fixing this until I ended up researching how to properly do a CPU usage debug using Windows Performance Toolkit and finally reaching this forum post.

    I would like in the future to receive any kind of communication that there is a long standing issue that hasn't been fixed yet (I think that more than 1 month qualifies for this) and any way around it. I would like to have the decision of turning a feature off, even though it leaves me open to attack I will at least get my computer back.

    Other than that I have to say that Bitdefender is a good product, that I will continue to use and support in the future, even though I have my problems with it.

  • Please let us know if the issue still persists with the new build : 20.0.28.1478

    Please note that the update requires a restart to be fully deployed.

    The problem is still there for me. It's been two months. I guess I just have to admit that Bitdefender's "block port scans" option will never work on my laptop.

  • edited May 2016

    Version 20.0.28.1478

    Issue still persists.

    While copying files to another computer via Windows Explorer, had massive slowdowns that were instantly relieved by disabling port scanning.

    I would also like to note that a few minutes later after re-enabling the block port scan option, copies appear to (at the moment) be working without slowdown.

  • Version 20.0.28.1478

    Issue still persists.

    While copying files to another computer via Windows Explorer, had massive slowdowns that were instantly relieved by disabling port scanning.

    I would also like to note that a few minutes later after re-enabling the block port scan option, copies appear to (at the moment) be working without slowdown.

    Yeah, for a couple of hours it's ok, but after that it starts to act up again.

  • No response in over 10 days from Bitdefender on this issue and this is one reason why I can't wait for my subscription to be up. I don't understand how an issue like this can be open for several months, go through several updates and still be unresolved. I'm sure it's possible for a company like yourself to reproduce the issue and have your QA team mark it as approved to release with it ACTUALLY fixing the issue.

    We all want a status update.

  • Yeah...at first I thought is was ok, because it's hard to track down specific problems, that may be connected to hardware or software issues, but it's been 2 months. Come on, how hard can it be?

    I have a couple of dozens subscriptions at my firm, and I'm starting to go on the same road as AcePuppy - cancel my subscriptions and go for Kaspersky instead.

    This kind of problem is actually valid for a complete refund; it does not perform as advertised, and thus it infringes the conformity warranty.

  • edited May 2016

    I agree that Bitdefender has not done enough to inform the community of this issue. It should have been announced via the Bitdefender client popup or emails that issue exists. Imagine how many people may be affected that simply do not realize it could be Bitdefender, or have the expertise to track it down.

    However, I understand why it might take so long to fix. They have already pushed out a couple of builds in an attempt to fix it and it still affects us. This shows they are having extreme difficulty reproducing it in their development systems. The fact that I have only experienced it once since the last build shows that it is quite random and hard to reproduce.

    Also, given that its symptoms, while annoying, are not at the same severity as a bug causing a bluescreen and coupled with an easy and provable workaround (turn off blocking port scans) that doesn't really immediately affect the overall security of your computer ( especially if you are already behind a firewall that already blocks port scans like a corporate firewall or home router), I can see why this issue may not be highest on the "to fix" list.

    Bitdefender doesn't want this bug to exist anymore than you do. If we were to provide an easy, simple to reproduce test case I would be surprised if wasn't fixed within a day.

  • Yeah...at first I thought is was ok, because it's hard to track down specific problems, that may be connected to hardware or software issues, but it's been 2 months. Come on, how hard can it be?

    I have a couple of dozens subscriptions at my firm, and I'm starting to go on the same road as AcePuppy - cancel my subscriptions and go for Kaspersky instead.

    This kind of problem is actually valid for a complete refund; it does not perform as advertised, and thus it infringes the conformity warranty.

    Agreed, it's been months and nothing.

    If we had some info from Bitdefender on what they are doing then at least we'd know they were trying to fix it. But the silence is deafening.

    I'm not going to wait for my subscription to end, I'm going to seek a refund.

  • Hello,

    I understand the level of frustration this situation brings, however as previously mentioned in this thread, the developers are working on resolving this situation and if there is going to be a update on the situation it will be posted here. I ask that you have patience.

    Despite popular belief such situations are not resolved by pressing two buttons. Due to the nature of the application and how each module communicates with one and other, it takes time patience and a lot of testing that doesn't come easy.

    By disabling the Block Port Scans you can work around this situation with minimal security impact until it is resolved.

  • Still experiencing this problem on all of my systems even with the most recent build. This is irritating because I recently purchased TS2016 because I enjoyed using the older versions in the past. Now that I have struggled with this for nearly 2 months now it is fairly annoying.

  • Hello,

    I understand the level of frustration this situation brings, however as previously mentioned in this thread, the developers are working on resolving this situation and if there is going to be a update on the situation it will be posted here. I ask that you have patience.

    Despite popular belief such situations are not resolved by pressing two buttons. Due to the nature of the application and how each module communicates with one and other, it takes time patience and a lot of testing that doesn't come easy.

    By disabling the Block Port Scans you can work around this situation with minimal security impact until it is resolved.

    I work in a software company where we are constantly resolving bugs, so I understand the nature of application development.

    Your company is missing the point of not answering our questions in a timely manner. In fact it went, what 10 days for another response to others posts, several days ago.. thats bad customer service and has nothing to do with application development.

    Thirdly, telling your customers to disable the Block Port Scans feature as a work around "with minimal security impact", is 100% false impact wise. There are games, and up to more recently, Skype, used to leak your IP address when in video mode with another user, along with some games, once your IP is leaked to the world, it is easy to not only do port scans, but hey I have your IP now and can also DDOS you when I want until your dynamic IP changes, if you are static, well you're screwed.

    It shouldn't go unnoticed for all the above issues, your temporary work around really isn't a work around and makes everyone susceptible to attacks. Feel free to Google the IP leaks for certain games if you don't believe me, as well as Skype (which they finally resolved).

  • I have to disagree with you AcePuppy about the security impact, the option doesn't actually really add any security in the majority of cases.

    Turning off block port scans is only a (marginal) security issue in the following circumstances:

    • You are directly connected to an unknown or hostile network, eg free WiFi, bridged home router, VPN.
    • You do not already have a corporate gateway or home router that already does port scan blocking, which any good gateway with a state-full firewall should.

    If your game or Skype IP is "leaked", and you are behind any kind gateway using a state-full firewall (or using NAT ), then the external IP means nothing as any external connection without an entry in the firewall connection state will be unable to connect past the firewall and will simply be dropped.

    Even if you had ports forwarded through your NAT/router and If you turned off the Block Port scans option and connected to a hostile network the biggest risk is that the attacker *may* know what ports are open on your machine. This doesn't lead to an attack by itself, they still need to be able to connect to the service on that port and then find a way in through that service. I must stress, that disabling the Block Port Scan option will not prevent an attacker from sending a connection request to an open port, it simply prevents them doing a mass scan in a short time. In this case, you must rely on the firewall itself, and most firewalls will already be blocking open ports by default. The Windows Firewall will for example, when the network is set to public, prevent most incoming connections without explicit user consent. Remember too that Bitdefender Firewall (and Microsoft Windows Firewall for that matter) is state-full! It will automatically block incoming connections if you haven't authorized an app to open a port through the firewall in the first place.

    As for the potential DDOS. Even if you were connected to a hostile network with a state-full firewall, NAT and had Block Port scans on, it wouldn't do anything to prevent a DDOS. An attacker might not know which ports are open, but if they know your IP by a game leak, then they can already reasonably assume the IP is valid and send packets to it anyway. The Block Port Scan option would do nothing to prevent this.

    The Block Port Scan option has minimal security impact on an established corporate or home network, and it's only real use is if the computer is connected directly to a hostile network such as WiFi hotspot, and even then it is simply a fog in front of an attacker, not a shield.

  • I have to disagree with you AcePuppy about the security impact, the option doesn't actually really add any security in the majority of cases.

    Turning off block port scans is only a (marginal) security issue in the following circumstances:

    • You are directly connected to an unknown or hostile network, eg free WiFi, bridged home router, VPN.
    • You do not already have a corporate gateway or home router that already does port scan blocking, which any good gateway with a state-full firewall should.

    If your game or Skype IP is "leaked", and you are behind any kind gateway using a state-full firewall (or using NAT ), then the external IP means nothing as any external connection without an entry in the firewall connection state will be unable to connect past the firewall and will simply be dropped.

    Even if you had ports forwarded through your NAT/router and If you turned off the Block Port scans option and connected to a hostile network the biggest risk is that the attacker *may* know what ports are open on your machine. This doesn't lead to an attack by itself, they still need to be able to connect to the service on that port and then find a way in through that service. I must stress, that disabling the Block Port Scan option will not prevent an attacker from sending a connection request to an open port, it simply prevents them doing a mass scan in a short time. In this case, you must rely on the firewall itself, and most firewalls will already be blocking open ports by default. The Windows Firewall will for example, when the network is set to public, prevent most incoming connections without explicit user consent. Remember too that Bitdefender Firewall (and Microsoft Windows Firewall for that matter) is state-full! It will automatically block incoming connections if you haven't authorized an app to open a port through the firewall in the first place.

    As for the potential DDOS. Even if you were connected to a hostile network with a state-full firewall, NAT and had Block Port scans on, it wouldn't do anything to prevent a DDOS. An attacker might not know which ports are open, but if they know your IP by a game leak, then they can already reasonably assume the IP is valid and send packets to it anyway. The Block Port Scan option would do nothing to prevent this.

    The Block Port Scan option has minimal security impact on an established corporate or home network, and it's only real use is if the computer is connected directly to a hostile network such as WiFi hotspot, and even then it is simply a fog in front of an attacker, not a shield.

    You're missing the entire point to this to whole thread and the whole issue at hand. And you are not correct on this. Feel free to Google the issue at hand when it comes to IP leaks. Even Twitch streamers have stated this many times and being affected even with the tightest of security they have on their home network. Lirik is a perfect case from a year or two ago and suffered from down time for a day or two because of it and the issue that he has a static and not dynamic IP.

    As others have stated, this software currently infringes on conformity warranty. Meaning it does not work the way it is supposed too. Telling your customers to disable a "feature" in your product as a work around for over 2 months is not a resolution, nor is it a valuable work around. With this feature on it literally breaks the product/computer, so to say this feature is of minimal use is off base. There are threads upon threads on this feature, please look them up and Google this feature and you will see it is not of minimal use.

  • AcePuppy, I have /index.php?showtopic=68902&page=7#entry254331" rel="">already agreed in a previous post that this issue needs more attention, you don't need to argue that. I will still argue however that the option does not that important from a security standpoint.

    Your first paragraph is frankly confusing as I fail to see how a twitch user being the target of a DDoS has anything to do with an option blocking a port scan.

    My guess is that you don't know what a port scan is or why it is different from a DDoS (which appears to be what you are trying to allude to).

    Here is the definition of a port scan:

    https://en.wikipedia.org/wiki/Port_scanner

    A port scan or portscan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port; this is not a nefarious process in and of itself.[1] The majority of uses of a port scan are not attacks, but rather simple probes to determine services available on a remote machine.

    And for DDoS:

    https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack

    A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.[8] Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.

    I am aware some twitch users have issues where (in some way) their IPs were published, and then they were DDoS'ed. A DDoS is a distributed denial of service attack, which as summarized above, is basically sending a huge amount of packets (often from other compromised computers) in an attempt to overwhelm legitimate packets being received by the target by using all of it's bandwidth or to try to intentionally crash a service on the target by overwhelming the resource usage.

    The "Block port scan" option within Bitdefender does not protect against a DDoS, here is the description of what it actually does from the manual (page 132):

    Block port scans in the network - detects and blocks attempts to find out
    which ports are open.

    Port scans are frequently used by hackers to find out which ports are open
    on your computer. They might then break into your computer if they find
    a less secure or vulnerable port.

    The option we are talking about blocks port scans only and as I said before, if you are behind a home router or corporate firewall, a port scan should be blocked there and never reach your computer in the first place.

    If you were the target of a DDoS, the "block port scan" option would be useless to you. A DDoS is a flood of packets and even if blocked at a router they will generally still overwhelm your connection enough to make you unable to use the internet, and no firewall or application can help you. The packets, even if discarded, would still travel along your connection regardless of your firewall settings and the only way to stop a DDoS is to change IP address (which may not help you if the address is still on the same subnet) or ask your ISP to filter the packets at their border routers.

  • Hello,

    While I appreciate it when the community has an argument and both sides come with proper information and enriches the forum with their knowledge, I do not like it when the discussion gets corrupted and twisted into something else.

    Lets keep on-topic, if you have any pertinent information regarding this case feel free to post it.

    If you have complaint use the official channels and not fill the thread with spam. Read the forum rules.

  • Any word on this issue being resolved?

  • Any word on this issue being resolved?

    Nothing changed. This is already unbearable

  • No update since last comment.. anything new? This is still an ongoing problem..

  • This is still an ongoing problem for me too. Is there a fix expected anytime soon, like in less than a month?! Else I'll switch to Kaspersky or Norton now rather than later.

  • Hello,

    The fix for this situation is still a work in progress and a fix will be delivered via automatic updates and also announced in this thread.

  • Was this issue fixed in the new build that was released yesterday?

  •  

    Was this issue fixed in the new build that was released yesterday?

     

    Doubt it, because it's not fixed on my end.

  •    

    Doubt it, because it's not fixed on my end.

    I would tend to agree this is still not sorted out

  • It think I has been fixed. I enabled port scan 2 days ago, and I've had no issues since.

  • Support: You all said you would notify us when an update is pushed into this thread. One was pushed several weeks ago, and yet you notified no one and we are STILL telling you this issue is not resolved.

    Please provide an update..

This discussion has been closed.