Is BitDefender GravityZone Endpoint Protection usable by software developers?

InvaderZim
edited January 2022 in Enterprise Security

I am a software developer (Windows c/c++/c#) and have BitDefender GravityZone Endpoint protection, the BitDefender business solution on my home network. It's been nothing but trouble for development on my dev machine (works fine on my server, which is one reason I chose it). I purchased it to replace Symantec Endpoint Protection after that product was taken over by Broadcom. SEP never gave me any trouble.

There are three files in my build that are deleted by "on access scanning" as soon as they are produced by the linker with this logged error:

\tools\Debug\what.exe is malware of type Gen:Variant.Fugrafa.92832

There is something in the debug builds that it dislikes, as the release builds are not flagged and deleted.

But what's worse is that BitDefender then locks my registry so I can't register the COM components that I build: OLEAUT32.DLL returns "access denied" while trying to register a type library even while running elevated. I have to reboot and then the registration works fine.

BitDefender only seems to dislike DEBUG builds -- builds with symbol tables -- and not every file, just three particular ones along with a particular C# program.

I tried excluding my development directories in the Gravity Zone control panel and that seems to have no effect. It's not clear it covers only the selected directory or that directory and all subdirectories. It does look like excluding detection of this particular "malware" works but I don't know yet if it fixes the registry access problem. I haven't yet rebooted to find out but will shortly.

I have no idea why BitDefender GravityZone Endpoint protection doesn't have an "off switch" that I can enable on the client -- like, designate my development machine as a trusted client that is end-user configurable, or allow me to configure specific files or extensions as being ignored.

Since these reports go back to 2016, unless I missed something in the control panel, I'm going to have to give up on BitDefender and switch to something more developer-friendly, that provides much more control.

Again, this is the late 2020 BitDefender business solution, not the consumer product.

Is anyone successfully using this on a development machine with Visual Studio? I'm also seeing a lot of complaints with the GO language executables being deleted upon generation.

Tagged:

Answers

  • Whilst not a developer I work extensively with software.

    My solutions was to create custom exclusions.

    To do this you would first require a Policy, copy default if you don't already have one copy the default and rename it.

    Open your new Policy and edit under Antimalware, Settings.


    Create your custom exclusions, folders and or files and save.

    Now locate your machine name under Networks, right click and push out the Policy.

    From experience Policy updates take less than a minute and you can always view the endpoint to verify that new settings have been applied.

    Note: I have seen it when the policy has been created but not pushed out to the endpoint as a result nothing changed.

    Philip

  • Thanks for replying and the help! I did that for the root of my development tree, but there are far too many output directories to list each one (there would be about 400). It looks like excluding directories only excludes the actual directory and not subdirectories. Symantec Endpoint Protection had a checkbox to include subdirectories, and you could also specify wildcard patterns to not scan.

    I tried excluding the directory, and then the directory with a wildcard specification. Neither was recursive.

    I was able to get through a complete build with this exclusion:

    These are the two threats that BitDefender said my built executables contained. One was for a specific C# program, and two were for relatively small C programs. Only Debug-mode builds (with symbols and no optimization) were flagged as malware. Release builds were always fine.

    Once BitDefender stopped flagging these executables, it also stopped locking my registry and I was then able to use RegisterTypeLib() in OLEAUT32.DLL to register my DCOM components without getting "access denied" errors. It appears that once malware is detected, the registry is locked until the next reboot. At that point, during the boot, a message flashed on the screen -- something like "Your Antivirus solution is cleaning your machine".

    Since I was able to get through an entire build of the 110 or so projects, I think I'm ok for now. Still an annoyance that cost me several hours of time. I suggest BitDefender add the Microsoft tools (C/C++ compiler, linker, resource compiler, manifest tool, c# compiler, etc -- -- anything that creates or writes to an executable) to the whitelist. Then the problem wouldn't occur until I actually executed the mistyped program.

    Thanks again for taking the time to reply.