How can I determine the legitimacy of a recent (5/31/2020) Bitdefender downloaded file?

Tech Team:

Hi. Today I received what seemed to me a legit Bitdefender-sponsored notification regarding a pending update. The notification informed me that, as usual with Bitdefender downloads, I could either restart my system to immediately install the update, or wait until later. I opted for an immediate installation, without first checking into the file's name or origin or purpose, etc. In fact, I didn't check the file's credentials (i.e., not even its name -!) until after it had been installed. Now, I'm concerned. According to my Bitdefender user interface (Notifications, Information tab), the downloaded file is: "settings/default/exceptions.http.xml." That's all.

Is this for real? I don't know its origins, and don't know why it was part of Bitdefender's recommended updates.

In addition, Bitdefender informed me on May 25, 2020, that it had detected an infected web page, and blocked it from downloading potentially harmful software. The link and threat name were, as follows: "http://services.checksos.net/api/fileshare/Auikot/files125/Setup_1022.exe

Threat name: Gen:Variant.Ursu.848706." I've since, so far, received no follow-up info regarding this Bitdefender response.

Any opinions, please? Info? What should I do? Anything? Nothing?

Thanks very much for whatever help you can provide.

--janet jb

Bitdefender Total Security 2020 (via family gift)

HP Compaq laptop

Windows 10 1803

Chrome 81, default browser

P.S. There are apparently two Critical updates awaiting further action from me. ! Thanks. --jjb

Answers

  • Hello @janet jb

    • Threat name: Gen:Variant.Ursu.848706 Is a malware and bitdefender already protected your device. There is nothing to worry.
    • settings/default/exceptions.http.xml is a legit product update file of bitdefender. Its a safe file. Nothing to worry either. You had to reboot the computer since bitdefender did a product update.

    If you find my response helpful, please mark it as accepted/agree.

  • Jayakrishnan:

    Thanks for your reply. How about (minus quotation marks): "http://services.checksos.net/api/fileshare/Auikot/files125/Setup_1022.exe"? Did Bitdefender block whatever originated from that (so-called -?) link? How can I be sure that Bitdefender's blocked file notification is for real, rather than just a response to an internalized malware coding trick? In other words, can Bitdefender be fooled by or disrupted by a code injection or something similar? Just wondered. I don't know.

    --jjb

  • @janet jb

    Nothing to worry since bitdefender team provide state of the art malware detection and prevention technologies to stop known and unknown threads or any mutated threats using their behavioural scanning and other stuffs.

    For your info, if you come across any files you think is an infected one, just visit www.virustotal.com and upload it. You can see realtime test results on how every antimalware product detects it.

    Also you can perform a full system scan just to make sure there are no more malwares in your computer.


    If you find my response helpful, please mark it as accepted/agree.

  • Jayakrishnan:

    Thanks very much for your response. You provided the exact reassurance I needed. I especially appreciate the malware detection resource you referenced for me. Excellent. Superb.

    Happy night, week, etc. to you, Jayakrishnan.

    Thanks again.

    --jjb

  • Hello @janet jb ,

    Happy to hear that the issue is resolved.

    If you find my response helpful, kindly mark the answer as accepted.

    Have a great day, stay safe.


    Thanks and regards,