Ransomeware Protection Needs To Tell The Location Of The File Creating The Problem

Hi,

The other day I got an alert that Runtimebroker is trying to access my pictures folder. I have a windows 10 x64 pro edition.

Now I know that runtimebroker.exe is a genuine windows file. What i didn't know, is to allow or disallow the access.

Why?

1) because, being a windows file, BD should have whitelisted it.

2) I didn't know the location from which runtimebroker was running. So that I can determine if its a genuine windows file or not.

The request is that Ransomware protection should show the full file path of the application trying to access the protected folders.

Eventually, I didn't make a choice and just rebooted the system and the question was not asked again. So should i assume runtimebroker was blocked or allowed by default?

Comments

  • mirage22
    edited June 2016

    This morning i received another alert from Ransomware protection. It apparently blocked explorer.exe from accessing thumbs.db in my graphics folder.

    The first question should be, why? it's explorer.exe.

    The second point is, is explorer.exe being launched from it's default windows folder?

    or is this some other program masqurading as explorer.exe and launching from some other folder?

    Hence I am unsure if i should allow it to run or not.

    Ransomware should give more details like the location of the file and perhaps it's trust rating as well.

    IjSLjqr.jpg


  • Hi , I am also facing the same issue. Can anyone here please explain, why the runtimebroker.exe is being asked for ACCESS by BD Ransomeware Protection-Blocked Applicaions ?


  • Hi , I am also facing the same issue. Can anyone here please explain


  • Hello,


     


    Please upgrade to the latest version of Bitdefender, the issue should not persist afterwards.


    http://www.bitdefender.com/support/upgrading-to-bitdefender-2017-on-my-computer-1711.html

  • vknowles
    vknowles
    edited October 2017


    On 12/21/2016 at 6:39 AM, Sorin G. said:



    Hello,


     


    Please upgrade to the latest version of Bitdefender, the issue should not persist afterwards.


    http://www.bitdefender.com/support/upgrading-to-bitdefender-2017-on-my-computer-1711.html



    I have run into this problem. The message is that Safe Files blocked runtimebroker.exe attempting to change a file in the pictures folder. I am running  BD AV Plus 2018 (v22.0.13.169) on Win10 Home 64bit. As the others have noted, it seems like it should not be necessary to specially permit a Windows system process to access files.


    So do I need to whitelist this program, or is there a fix?


    Thanks!



  • 1 hour ago, vknowles said:



    I have run into this problem. The message is that Safe Files blocked runtimebroker.exe attempting to change a file in the pictures folder. I am running  BD AV Plus 2018 (v22.0.13.169) on Win10 Home 64bit. As the others have noted, it seems like it should not be necessary to specially permit a Windows system process to access files.


    So do I need to whitelist this program, or is there a fix?


    Thanks!



    Hey vknowles,


    So first of all let's get an insight on what runtimebroker.exe is:



    Quote



    The Runtime Broker is responsible for checking if a Metro app is declaring all of its permissions (like accessing your Photos) and informing the user whether or not its being allowed. In particular it is interesting to see how it functions when paired with access to hardware, such as an app’s ability to take webcam snapshots. It's serves as a middleman between your apps and your privacy/security.



    The easiest way to get rid of this situation is to:


    •  Open Bitdefender and click on "View Features"

    • Under Safe Files click on Protected Folders 

    • Remove the folder /Pictures from this list.


  • 23 hours ago, Alex D. said:



    The easiest way to get rid of this situation is to:


    •  Open Bitdefender and click on "View Features"

    • Under Safe Files click on Protected Folders 

    • Remove the folder /Pictures from this list.


    But doesn't that eliminate the protection from the Pictures folder against all other programs (including malware)?



  • 22 hours ago, vknowles said:



    But doesn't that eliminate the protection from the Pictures folder against all other programs (including malware)?



    Following the steps I have provided will indeed remove the ransomware protection for that folder, still those files will not be critically endangered, the Safe Files can be seen as an extra layer of protection.


    Normally the Runtimebroker.exe should be allowed by default, one thing that you could try is to manually :


    •  Open Bitdefender and click on "View Features"

    • Under Safe Files click on Application Access

    • In here add the Runtimebroker.exe by browsing to [C:\Windows\System32]. It is there.

    • I cannot check if the exception can be made at the current moment, however it is worth a try. If this does not work then yeah, the only option would be to take out the /Pictures folder from the Protected folders. (And that does not mean your files will be completely unprotected)