Advanced Threat Control, File Reputation?


Hello ^_^


I'm considering picking up a yearly subsciprtion of BitDefender antivirus plus and so I've been wondering, I read up a bit regarding the global protective network and "Bitdefender Advanced Threat Control" and I have some questions regarding the file reputation feature (which as I understand, is present in the Antivirus Pro version).


1. It it even a file reputation feature? Anything like Avast's file reputation feature, or something completely different?


2. Is it a whitelist of sorts? Is it enabled by default? What are the odds of my own compiled files (none of them being malicious) being flagged and removed?


3. Does the file reputation feature trigger upon both download and execution? And if so, would a simple "Hello world" file be enough, because of its characteristics (new and unknown) to be flagged and removed?


Sorry for the amount of questions, I just haven't found any of this information in the official documentation or on the forums and so I'm kinda confused.

Comments


  • Hello, 


     


    The Advanced Thread Defense module analyzes the behavior of apps, though other aspects of the application are taken into consideration as well (even something as simple as the icon used). In general it detects behavior that is outside the norm when compared to regular applications. This raises the chances that “home-made”/custom applications that are not really widely-used or popular will be detected as malicious.


    Advanced Thread Defense should not trigger on the download of a file, only upon execution. A typical "Hello World" program should not trigger a detection as it should not be performing any suspicious actions. 


     

  • GreekPoppy
    edited January 2018


    Thanks for the reply =)


    As far as I understand, this is the feature that uses the reputation info from GPN, yes? Because after some searching I found a whitepaper (https://businessresources.bitdefend...ss-2015-SolutionPaper-ATC-93030-en_EN-web.pdf) on Advanced Threat Defense which has a paragraph dedicated to the global protective network that states: "Bitdefender’s Global Protective Network (GPN) performs 11 billion queries per day, and uses reflective models and advanced machine

    learning algorithms to extract malware patterns... It updates the reputation of apps, email sources and websites, and broadcasts alerts."


    So I'm trying to compare this to similar looking reputation features of various AVs. Is there any other feature which relies on file reputation, or is exclusively the ATD?


    Thanks =)


    Edit:


    Also, what is the difference between AVC and this feature? thanks