TIWORKER.EXE Blocked


Getting the following error this morning after a Windows Update & reboot:


Ransomware remediation

The process C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.400_none_eb2ff40c1d41442d\TiWorker.exe manifests ransomware behavior and was blocked. Your attention is required because automatic file restoration is disabled. You can find the files to be restored below.


scf /scannow did not report any issues.


The file matches Microsofts information for size, date and version. I cannot locate the MD5 for it but appears to be byte comparable.


 


Is this a false positive?


 

Comments


  • I think it's a false positive yes



  • On 11/17/2018 at 3:53 PM, MikeO3 said:



    Getting the following error this morning after a Windows Update & reboot:



    Ransomware remediation

    The process C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.400_none_eb2ff40c1d41442d\TiWorker.exe manifests ransomware behavior and was blocked. Your attention is required because automatic file restoration is disabled. You can find the files to be restored below.


    scf /scannow did not report any issues.


    The file matches Microsofts information for size, date and version. I cannot locate the MD5 for it but appears to be byte comparable.


     


    Is this a false positive?


     



    Hi, 



    We would need some logs that are generated during a reproduction of the issue. Can you reach us at bitsy@bitdefender.com for more details?


  • Hello, 


    I´m getting the same message over and over again: 


    The process [...]TiWorker.exe manifests ransomware behavior and was blocked


     


    I guess it's a false positive....



  • On 11/23/2018 at 4:42 PM, LateNight said:



    Hello, 


    I´m getting the same message over and over again: 



    The process [...]TiWorker.exe manifests ransomware behavior and was blocked


     


    I guess it's a false positive....



    Hi, 



    Did you send us an email at bitsy@bitdefender.com as I mentioned above? 



    Thanks!



  • 47 minutes ago, Sergiu C. said:



    Did you send us an email at bitsy@bitdefender.com as I mentioned above? 

     



    Hi, 


    yes, I did it today. 


     


  • So I sent a message to bitsy@...


    Last week I wrote support a separate message about this but have had no response either.


    So what is the news on this? I keep getting this error, and then bitdefender stops windows update from working and downloading needed updates.


    Is this ransomware or is it a false positive and I'm just sitting here without any updates which in its self is a vulnerability?

    RANBITDEFENDER.PNG


  • I'm experiencing exactly  the same thing and was referred here by the Microsoft forum - with other Bitdefender users having the same problem: https://answers.microsoft.com/en-us/windows/forum/all/ransomware-behavior-detected-tiworkerexe/a771fdb3-5595-4a08-923d-c8b3754890ab


    I tried turning off Bitdefender Shield and re-running the update but it still would not complete !? So how long before Bitdefender provides a fix? Should I just be clicking on "Except application" within the "Ransomware behavior detected" warning?


  • Any update on this? Im getting it too now. I will wait to hear a reply from Technical Support



  • On 11/28/2018 at 2:24 AM, GPDX said:



    So I sent a message to bitsy@...


    Last week I wrote support a separate message about this but have had no response either.


    So what is the news on this? I keep getting this error, and then bitdefender stops windows update from working and downloading needed updates.


    Is this ransomware or is it a false positive and I'm just sitting here without any updates which in its self is a vulnerability?


    RANBITDEFENDER.PNG



    Hi,


    We have replied to your email.  Please send us the log we have requested.



  • On 11/26/2018 at 6:33 PM, LateNight said:



    Hi, 


    yes, I did it today. 


     



    Hi,


     


    Please provide us the ticket ID, so we can prioritize it.



  • 2 hours ago, mokuni said:



    Any update on this? Im getting it too now. I will wait to hear a reply from Technical Support



    Hi,


     


    Most likely it is a False Detection, but to say for sure, we need some logs. Thus, please contact us at bitsy@bitdefender.com.


  • Thanks for the email.


    So I followed the steps, but after a few restarts and an update to bitdefender it is no longer showing the issue so I can no longer log it. My last windows update installed finally.


    Has this issue been fixed then if I'm no longer getting any warnings and updates can install?


    Thanks,


    -g



  • 18 hours ago, GPDX said:



    Thanks for the email.


    So I followed the steps, but after a few restarts and an update to bitdefender it is no longer showing the issue so I can no longer log it. My last windows update installed finally.


    Has this issue been fixed then if I'm no longer getting any warnings and updates can install?


    Thanks,


    -g



    Can you paste here what the steps are? im not sure why the mods need direct emails to them. Thought this was a forum so we can share information?


    1. Restart windows

    2. Start->update

    3. Click check for updates

    4. Install the update (in my case Win 10 1803 for X64 based system KB4477029)

    5. Update stops and stalls at 90-95%

    6. Bit defender a little bit later has a warning about "ransomware detected"

    7. Fix the issue in bit defender (sorry can't remember exact steps for recovery)

    8. Try windows update again...but nothing happens or it will not let you update (even manually)

    9. Restart windows...rinse repeat.


    For logs, they had my download an .ini (not sure I can/should share it) and copy that to my c drive in safe mode


    Here are the steps they sent me:


    Hello,


    Thank you for reaching us.


    To further investigate the reason you receive these notifications, we need some logs:


    1. Download the attachments from this email.


    2. Restart your device in Safe Mode:


    https://www.bitdefender.com/consumer/support/answer/2129/


    3. Copy the dbg_trace.ini file to C:\


    4. Restart your device, then reproduce the issue, while having all the modules enabled.


    5. Generate a Bitdefender Support tool log, in order to collect all the information, then attach the archive in your next reply:


    [how to generate a SUPPORT TOOL log]

    https://www.bitdefender.com/consumer/support/answer/1733/

    Afterward, please remove the attached file from  C:\ in Safe Mode in order to stop the logging.


    Then I restarted, and ran the support tool and tried to record my steps with it to log the issue, but since bitdefender updated on that particular, the error was solved so I didn't bother sending in a log file.


    -g


     



  • 18 hours ago, GPDX said:



    1. Restart windows

    2. Start->update

    3. Click check for updates

    4. Install the update (in my case Win 10 1803 for X64 based system KB4477029)

    5. Update stops and stalls at 90-95%

    6. Bit defender a little bit later has a warning about "ransomware detected"

    7. Fix the issue in bit defender (sorry can't remember exact steps for recovery)

    8. Try windows update again...but nothing happens or it will not let you update (even manually)

    9. Restart windows...rinse repeat.


    For logs, they had my download an .ini (not sure I can/should share it) and copy that to my c drive in safe mode


    Here are the steps they sent me:


    Hello,


    Thank you for reaching us.


    To further investigate the reason you receive these notifications, we need some logs:


    1. Download the attachments from this email.


    2. Restart your device in Safe Mode:


    https://www.bitdefender.com/consumer/support/answer/2129/


    3. Copy the dbg_trace.ini file to C:\


    4. Restart your device, then reproduce the issue, while having all the modules enabled.


    5. Generate a Bitdefender Support tool log, in order to collect all the information, then attach the archive in your next reply:


    [how to generate a SUPPORT TOOL log]

    https://www.bitdefender.com/consumer/support/answer/1733/

    Afterward, please remove the attached file from  C:\ in Safe Mode in order to stop the logging.


    Then I restarted, and ran the support tool and tried to record my steps with it to log the issue, but since bitdefender updated on that particular, the error was solved so I didn't bother sending in a log file.


    -g


     



    Sorry, I meant can you list the steps as to how to "fix" the issue. I know how to cause the problem i.e. start Windows Update.

  • Sergiu C.
    Sergiu C.
    edited December 2018


    Hi, 



    There aren't any clear steps to fix the issue. We have not had internal reproduction, and it seems the issue was solved in the cases I've seen without doing anything.



    Is the issue still occurring for you? If yes, we'd appreciate if you could contact us with the logs. 



    I've attached the dbg_trace.ini file that is needed to create the logs to this message.


    /applications/core/interface/file/attachment.php?id=18719" data-fileid="18719" rel="">dbg_trace.ini



    If some simple steps were available to solve this issue, we'd post it about here of course. 



    Thank you!

This discussion has been closed.