Ridiculous On-Going False Positive Issue That Bd Never Fixes!

TimH
edited July 2016 in Protection

I am a programmer and like having a good anti-virus tool on my computer. I don't want to have to exclude scans on my development folders as it leaves them vulnerable to attacks; however, Bitdefender has had the issue of any exe file being created from compiling in an IDE (I use Visual Studio) being flagged as a virus for years now (I have seen multiple threads on this over the years as well as personally experiencing it for years).

The worst issue with this is that I recently reformatted my PC and forgot about excluding scans and changing the ridiculous default option of 'Take proper actions' (which automatically deletes files) for my most recent development build - of course, this resulted in my file being deleted when I compiled it. After wasting an hour trying to find out why no exe was being created when I compile, I realised Bitdefender was responsible. I went to Bitdefender's 'Events' screen and decided to tell it to 'Delete' the file (I did this instead of recovering the file as I wanted to confirm that it was in fact Bitdefender holding it in limbo that was preventing re-creation); however, the file still wouldn't create on re-compile after doing this. I then turned off the anti-virus but it still can't be re-created (potentially a blacklist that Bitdefender acts on even with AV off?); now it appears to be completely impossible for me to create my executable with the name I want without removing Bitdefender from my system due to the ridiculous limited settings Bitdefender allows for users.

I've spent the last few hours playing around with settings to see how flexible the new 2016 version is (as settings on past versions have typically been very limited); to my disgust, I found the range of settings have grown even more limited now, to the point I almost have no control.

After testing and confirming the re-creation issue was Bitdefender by locking my ability to ever create another file, I decided to see what happens when I change the AV actions to 'Move files to quarantine' instead of 'Take proper actions'. I renamed my VS project so that it would actually create the exe on re-compile - it was flagged as a virus and deleted without asking; however, no file was quarantined so I try renaming again but still no quarantined files. I check events to find it is asking me if I want to quarantine the file so I say yes (to see if it will show up in quarantine); doing so states "The item C:\Users\PC\test.exe can't be moved to quarantine. Contact support for further assistance.", meanwhile it gives me no way to recover the file and leaves it deleted from my system (I would hate to see this happen to important files which aren't backed up; thankfully in this test case it doesn't prevent me from re-creating the file through re-compile like the 'Delete' action does).

I am disgusted that Bitdefender still has issues after years of people raising concerns with false positives on even the simplest of exes created on compilation (when I say simple, I mean one line of code which doesn't interact with other applications or system files or do any sort of unusual behaviour). On top of that, I am infuriated by the fact deletion of a file prevents any future control or creation (no matter if I turn off the AV or change actions) for that file with no way to manually override this.

I want to finally see a fix for false positives on at-time-compilation so I can actually make full use of the anti-virus I'm paying for while I do my work. I also want to see real settings so that we actually have control over what BD can and cannot do for once.

Comments

  • Unknown
    edited July 2016

    a good anti-virus tool...paying for while I do my work... real settings so that we actually have control

    Real control - those days are over for products that go for a few bucks. :mellow: BD is a great anti-virus tool.

    I know two programmers who are quite successful, one owns a really nice Ducati and we're waiting on a few others to arrive before we all head out for a Fourth of July road trip. As happenstance would have it, while I was wrapping up a few online things before shutting down the LAN, l showed him your rant.

    He wonders, as a professional who depends on a workstation for a living, why the heck you're not running a server and a BD business solution to handle that end of things. He doesn't know anyone who runs a consumer anti-whatever product on their production workstation.

    We both think the behavior you're imposing on yourself is exactly the protection the mainstream PC user is paying for. Your expectations for what is marketed as a pure consumer product are irrational.

    My other friend uses a router which I think has Trend Micro embedded. I don't recall the details, but a Google should do it for you.

    Then there's the Bitdefender BOX.

    Gotta go. Cheers. And good luck.

  • Hi TimH,

    I am sorry to hear about the issue that you encountered.

    Please understand that the Bitdefender product you are using was designed for a daily home-usage including the options you have there.

    In order to investigate the False-Positive events that occur, please use the link below to send us a few samples:

    http://www.bitdefender.com/submit/

  • TimH
    edited July 2016

    Real control - those days are over for products that go for a few bucks. :mellow: BD is a great anti-virus tool.

    I know two programmers who are quite successful, one owns a really nice Ducati and we're waiting on a few others to arrive before we all head out for a Fourth of July road trip. As happenstance would have it, while I was wrapping up a few online things before shutting down the LAN, l showed him your rant.

    He wonders, as a professional who depends on a workstation for a living, why the heck you're not running a server and a BD business solution to handle that end of things. He doesn't know anyone who runs a consumer anti-whatever product on their production workstation.

    We both think the behavior you're imposing on yourself is exactly the protection the mainstream PC user is paying for. Your expectations for what is marketed as a pure consumer product are irrational.

    My other friend uses a router which I think has Trend Micro embedded. I don't recall the details, but a Google should do it for you.

    Then there's the Bitdefender BOX.

    Gotta go. Cheers. And good luck.

    I don't disagree that it is a great anti-virus tool; not sure why real control has to be over though. I've always be an avid user of advanced settings in tools and like to be able to customise tools that work to my specific needs as everyone's needs are different.

    Not really sure about the point about one of your friends owning a nice bike (Ducati is a nice bike though, hope you guys had fun) - are you trying to imply I am obviously not a successful developer due to my use of a non-business solution?

    To sum up the "you shouldn't be working with a consumer version" - the reason I am not is because I do contract work a lot of the time from my personal home computer and have not seen the need for the extra costs and complexities of a business solution for short-term contracts (and still don't to avoid a nuisance). Of course, when I do full-time work on large projects there are on-site solutions already sorted.

    EDIT: To add to this, I just wanted to mention quite a few developers I know that do contract work on their personal computers also haven't bothered with business-grade protection; just to point out, since for some reason you see it as relevant - we are all "successful" programmers making six-figure incomes.

    Also, it's worth considering that there are many hobbyist developers who generally wouldn't be able to set themselves up with business tools.

    Hi TimH,

    I am sorry to hear about the issue that you encountered.

    Please understand that the Bitdefender product you are using was designed for a daily home-usage including the options you have there.

    In order to investigate the False-Positive events that occur, please use the link below to send us a few samples:

    http://www.bitdefender.com/submit/

    Fair point, I hadn't really considered the fact it wasn't intended for business as I'm used to mixing play with work when I'm home which I understand isn't normal practice. Though, it still does bode the question of why a completely clean and simple executable file that does not interact with anything would be flagged as a virus.

    I sent through the false-positive when I posted the thread but it's nothing that couldn't be reproduced in 5 seconds as it happens to almost any executable compiled by Visual Studio. The really odd part is that after a few hours Bitdefender read the executables it had flagged as viruses to in-fact be clean.

  • I an also a developer (c/c++/c#) and do have BitDefender GravityZone Endpoint protection, the BitDefender business solution on my home network. It's been nothing but trouble for development on my dev machine (works fine on my server, which is one reason I chose it). I used it to replace Symantec Endpoint Protection after the purchase of the product by Broadcom, and SEP never gave me any trouble.

    There are three files in my build that are deleted as soon as they are produced with this logged error:

    \tools\Debug\what.exe is malware of type Gen:Variant.Fugrafa.92832

    There is something in the debug builds that it dislikes, as the release builds are not flagged and deleted.

    But what's worse is that BitDefender then locks my registry so I can't register the COM components that I build: OLEAUT32.DLL returns "access denied" while trying to register a type library even while running elevated. I have to reboot and then the registration works fine.

    BitDefender only seems to dislike DEBUG builds -- builds with symbol tables -- and not every file, just three particular ones along with a particular C# program.

    I tried excluding my development directories in the control panel and that seems to have no effect. It does look like excluding detection of this particular "malware" works but I don't know yet if it fixes the registry access problem. Have to reboot to find out.

    I have no idea why BitDefender GravityZone Endpoint protection doesn't have an "off switch" that I can enable on the client -- like, designate my development machine as a trusted client.

    Since these reports go back to 2016, I'm going to have to give up on BitDefender and switch to something more developer-friendly, that provides much more control.

    Again, this is the late 2020 BitDefender business solution, not the consumer product.