Vulnerability in password protection
Adding an exception for a website in Online threat prevention requires a password (if it's set), but if you add an exception from the notification center or the blocked page notification, it bypasses the password protection and just adds the website anyway. Now, I'm wondering if this is intended or an actual issue but either way it sure is a problem in my case.
Comments
-
Hi,
I've reported this to our development team. Thanks.0 -
2 hours ago, Sergiu C. said:
Hi,
I've reported this to our development team. Thanks.
Thanks for the quick response.
One more thing. A great portion of settings in the "Settings" section also seems to not be covered by the password protection ("like Scan hosts files"). Same goes for Drives and Devices in the "Anti Virus" component.
The removal of the product can be done regardless of whether the password protection is set or not. That's a shame.
0 -
Edit: I was also able to delete a threat (PUP) from the quarantine without requiring the password. But if I try to delete it via the notification center, I get the password prompt.0 -
I assume that this is one of the low priority issues, but is there maybe an ETA for it?
I received an email two weeks ago saying that the team is looking into this.0 -
47 minutes ago, cee_naa said:
I assume that this is one of the low priority issues, but is there maybe an ETA for it?
I received an email two weeks ago saying that the team is looking into this.
Hi,
No ETA at this time unfortunately.0 -
4 hours ago, Sergiu C. said:
Hi,
No ETA at this time unfortunately.
Ok, thanks
Keep us posted.0 -
Still no fix?? " data-emoticon="" src="https://us.v-cdn.net/6031943/uploads/ipb_attachments/emoticons/default_angry.png" title="" />
When will we see a solution?0 -
13 hours ago, Sinus said:
Any progress on this issue? I had sent an email to the technical support with the issue explained (in video demonstrations), but received no response since 12th of October.
Hi,
We still do not have an ETA. We will let you know when we have more updates.0 -
On 6/23/2019 at 4:04 AM, Sinus said:
/index.php?/profile/212173-roxana-g/&do=hovercard" data-mentionid="212173" href="<___base_url___>/index.php?/profile/212173-roxana-g/" rel="">@Roxana G Will this problem be fixed completely in the upcoming 2020 version, because as of now only the website exception had been fixed and not the file exception?
Hello,
The situation was addressed. In case you still are not prompted to add the password, please update Bitdefender and restart your PC.0 -
On 6/27/2019 at 10:37 PM, Sinus said:
I was told that I'd be contacted once the entirety of the solution was achieved, but that was a long time ago and nobody has contacted me yet. In the video attached it is evident that the problem is still not completely fixed - I was able to restore the file from the quarantine without requiring a password, which is something I've addressed in the email I sent (similar video explanation was included). I am also running the latest build.
/uploads/monthly_2019_06/Video.mp4.f4e07a5badbea13eb379351eaea94940.mp4">/applications/core/interface/file/attachment.php?id=19252" rel=""> Video.mp4 1.17 MB · 0 downloads
Hi,
The issue when a website is blocked, you can choose to exclude it directly from the notification in Bitdefender, without being asked for any password was solved. The issue regarding the files restored from Quarantine is still under investigation. Sorry for the misunderstanding. I did not know to which of the 2 examples you were referring to.0