BD Episode 2: The Return of the Forced Scans

2

Comments

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    @camarie There are updates? 

    When will the new version come out that will fix the problem?

    Thanks!

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • I'm afraid I'm going to have to go to another antivirus solution after being with bitdefender from 2008.

    bitdefender still keeps thrashing my mechanical hard drives with background scans, even after setting up exceptions and turning off advanced threat defense, the only option is completely turning off bitdefender, which is obviously not ideal, so I have no choice but to go somewhere else.

  • This is a bit of a joke right? I just moved to bitdefender and am seriously regretting doing so. This should not be hard to diagnose and fix for the technical team.

  • TireofBit
    TireofBit
    edited August 2022

    This problem makes me think, if its to hard for them diagnose and fix this issue, how can we trust them with protecting our divices, who knows what back doors they may have and they don't even realize it or worst care enough to fix?

  • DrR0Ck
    DrR0Ck
    edited September 2022

    Hello all! So I appear to be affected by this issue as well. Searched for similar occurrences and found this thread. In my case, it definitely appears to be some sort of startup scan that is hitting all of my drives after every boot. I have about 30 TB of local storage in my rig across four hard drives; one SSD and three mechanical. The drives get scanned in order as listed in task manager on the performance tab. Unfortunately, it is taking around 30 minutes to an hour to get through them all after logging in (30 TB is quite a lot). I have tried turning the Early Boot Scan option off in Antivirus > Advanced settings, but the scan is still occurring. It's the bdservicehost > Bitdefender Virus Shield process that is causing the spiked disk activity - I can tell since it's still top of the processes list sorted by Disk utilization after the early post-login processes have settled down.

    Would love to know how I can prevent this from occurring, and I am happy to help with any troubleshooting steps I can perform. Please let me know.

    Thanks!

  • The processor involved (probably I7-1065G7) isnt that bad, so I dont think it is the same issue. I dont see a very high hit in CPU during the scans, not to memory either. It's all about the drive usage which BD lets hit 100%. Interesting bit of info if people arent aware: This scan 100% issue doesnt seem to happen with other AV software. The one Im using now doesnt max out drive usage during scans. Implying there must be some way to code so the scans leave some space for the rest of the system to function. Dont know why BD doesnt work like this, bad coders I guess.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • I can confirm I did not see the unwanted scan performed after boot today. Thanks for this!

  • Thanks, do Your words help me back buying my phone and 💻 and data, nope , it's a discrimination between the freedom of you and us, because I'm a poor Iranian who you believe that people are not law for life and by political perspective .Kaspersky and Bitdefender are responsible for this situation and are now because live in Iran. it's a good reason for telling me your laws. I'm just a health promotion officer and by the way you told me what do better, sit and cry

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    @camarie How can I see if I have received the update?

    Is the Bitdefender version always the same?

    Thanks!

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • >>How can I see if I have received the update?

    I see a minor update in the build number: Update 26.0.25.84 --> 26.0.25.86

    Also make sure you have got the latest signature updates.

    For me, boot-up is back to normal. But keep in mind: It's just a rollback, not yet a fix.

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    This morning it updated to the latest version and I rebooted afterwards and the problem never occurred again. So with this update the problem seems solved.

    In my opinion, the Bitdefender update process, which takes a long time, should also be speeded up / improved and, furthermore, deactivating and reactivating the protection, activates the Windows Security System notification that warns that protection is missing. So a non-expert user could go into alarm.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • camarie
    camarie Principal Software Developer ✭✭✭

    @Nunzio d'Abbruzzo We want the update to be quick as well, but it involves a huge number of moving parts and we must ensure there are no loose ends. It might end up fixing an issue and entering another if the update is not tested by multiple engineers, multiple times, on all platforms - and this done for all the affected components, regressions, and more. This is why it is so tedious and appears time consuming.

  • @camarie As this forced scan issue has now occurred twice, can I make the suggestion that you somehow hard code the drive exclusion settings into the client's scanning functions? At least in that way, should this occur again, a customer can just exclude drives and stop the issue immediately without waiting for an update weeks or months later.

    I would post this over on the suggestions section of the forum, but really all I’m asking is for the client to work how it should by default anyway. It should be impossible for a scan to run on a drive which has been manually added to the drive exclusions list for scans.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • camarie
    camarie Principal Software Developer ✭✭✭

    @Ironbuket This is, in fact, the fix that will be released in the next version - skip the pre-scanning alltogether in the Windows desktop product, although not in the form you suggested; the reason is that the operation affecting the disk is not a part under our control, but intended as a pre-caching internal operation. Which, on a business environment server, makes sense, but integrated into a consumer product produced this unwanted effect.

    More frankly, we should not introduce unwanted/unnecessary effects, period. This was a perfect storm - business customers pushed for a quicker find of *.log4j files, the feature got integrated in the CTC libraries as a result, our team integrated did not knew about it since it was not a feature but an internal optimization, its unwanted effects escaped our observation, and it took a while to notice the cause.

    I will stress myself this to the testing team to incorporate in the test suite checking out very large source code projects, such as Chromium, or to generate very large directory structures on the order of tens of thousands so we can defend against such behaviors.

  • Thanks to Ironbuket and Camarie for getting this issue resolved.

    Camarie. I have two questions:

    If the fix is to respect user exclusions, why have they been ignored up to now? It doesn't make sense to me that Bitdefender has exclusion settings but the program ignores them? Clearly I'm not understanding something here?

    Is the cause the same as the cause last time this happened? See the previous thread, or a different cause this time?

    https://community.bitdefender.com/en/discussion/90757/unscheduled-scan-runs-1hr-after-system-start-up-every-time#latest

  • camarie
    camarie Principal Software Developer ✭✭✭
    edited September 2022

    @lechiffre

    If the fix is to respect user exclusions, why have they been ignored up to now? It doesn't make sense to me that Bitdefender has exclusion settings but the program ignores them? Clearly I'm not understanding something here?

    It was not about settings or exclusions. The way of this works is this:

    • we are integrating a set of libraries that performs various scan routines, including the log4j scan
    • these are started/enabled conforming with our product settings (ex.: enable UAC scan, disable log4j scan etc.)
    • but during startup the integrated library performed a pre-optimization by scanning in advance for log4j.

    This last step was intended as an optimization, so when the scan for log4j files would have arrived, the results were already in place and served back immediately. But the optimization become time consuming when the number of directories and files are very large. It did not matter we did not perform any scan for those files because they were searched already without our product intervention.


    Is the cause the same as the cause last time this happened? See the previous thread, or a different cause this time?

    The same routines were involved - the time consuming log4j scan routines - but not the same cause.

    What happened in the first thread was an unalignment between product release and a signature update. In short, we have this set of scan routines, from 1 to N, default scan with all; the product scans with, say, 5,6,9,10 (without the ones for log4j) so we excluded all the others 1-4,7-8,11-300 to let only those 4 run. But an update of signatures published more than N routines and there are N+m, the product did not "know" about [1 .. N+m] set of routines, but still as [1 .. N], so the scan now performed with 5,6,9,10 and [N+1 .. N+m], which contained the newly added log4j routines. This was the unalignment between the product and the signatures.

    When I detected this, I corrected this by excluding those as well (and next up to the nearest rounded to 50, in case more routines will arrive via signature update).

    Since then I am specifically stressing to the team delivering the scan engine to stress me directly every time they touch something, no matter how insignificant might look, so me and the test guys I work with can retest thoroughly this specific part each and every time. But the optimization startup pre-scan was out of our control, since it did not represented a direct change in the routines. I asked them specifically to exclude it from consumer product. This is the modification that will arrive in the next update (for now the libraries in ctc2 product subdirectory are reverted back to 2.3.0.284 to remove the problem until the fix will be released, I assume it will be 2.3.0.236).

  • Thanks for the information Camarie. It is interesting hearing how things work behind the scenes. It also gives confidence when a company replies to issues.

    Just out of curiosity how does an anti-virus company deal with the life cycle of threats?

    Take log4j as an example. When it was discovered it was a huge threat. Large actions needed to be taken immediately. A lot of pressure to put log4j as top priority. But as time passes this will become less urgent. Say a year from now, 2 years, 5 years. Anti-virus should still be able to pick up log4j, but computers owners who are not dealing with the vulnerability it becomes more and more the owner's fault for not updating and dealing with the known weakness. It feels like as time passes that AV products should move new threats up the priority list. When log5j and log8j threats turn up you guys will be prioritising those. Does log4j get pushed down the priority list as time moves on? Will the AV products becomes les aggressive in CPU and Disk access as the threat becomes older?

    The hard coding of the log4j optimization seems counter to this. When log4j is 5 years old will your corporate customers till be burning CPU and Disk access treating it as a top priority pre-optimization by scanning in advance for log4j? Will the pre-optimization be removed and log4j treated as a normal priority virus in 2 or 4 years from now?

    I am not asking out of frustration, or trying to be difficult. You have fully dealt with problem that made me frustrated and I am grateful to you for that. I'm considering waiting a month or two just to be safe then re-installing Bitdefender. I am more asking the question above out of my own curiosity. Not often do we get to engage with AV professionals, and learning a little bit about the process is interesting.

  • camarie
    camarie Principal Software Developer ✭✭✭

    @lechiffre

    Just out of curiosity how does an anti-virus company deal with the life cycle of threats?

    Well, I can't speak for every team. But at least in the areas where I am involved, if an implementation is not deprecated for various reasons (OS deprecation, lack of users and alikes), it stays for good or gets improved.

    For the times when log8j will appear, most likely the log4j will still remain, but it might be lowered in priority, executed on larger time periods etc. But from what I know, in this Indicators of Risk (IOR) area, there are no deprecation policy. Well, it is a relatively new technology, so it will remain for a long time. But for my 0.02 there will be no deprecation and the routine will remain. As far as I know, a threat becoming older does not reduce the "intensity" of execution - at most, the interval of execution.

    Does this answer to your question?

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    @camarie Beware of the Bitdefender Updater process ... I noticed that it uses a lot of resources and works a lot on the hard disk. On my PC it was working for over 10 minutes using 100% hard drive with high CPU usage ... I reckon BD AV is not very generous in using PC resources.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • camarie
    camarie Principal Software Developer ✭✭✭

    Update: ctc2 signatures will be on update shortly (version 2.3.0.347 or later) and will contain the final fix for log4j issue as well as other improvements.

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    @camarie and all, with upcoming releases, please work to make Bitdefender AV lighter in terms of resource usage especially for less powerful PCs and when Windows is booting and updating Bitdefender AV. 

    My PC with Bitdefender AV installed takes about 1 minute for the icons to appear in the system tray, while without Bitdefender AV it takes a few seconds. Also after starting the Bitdefender Update process uses a lot of CPU and Hard Disk percentage. 

    Thank you.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Scott
    Scott ✭✭✭✭✭

    @Nunzio d'Abbruzzo

    With the less powerful PC's would it help by disabling some of the "optional" high resource programs from startup in MSConfig or Task Manager?

    An intelligent person will open your mind, a beautiful person will open your eyes, and a loving person will open your heart.

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Why BD? WHY????

    I just reinstalled the client to give it a go and see if the forced scans are really gone. I havent even entred my login details yet, the install window is still up and my mechanical drives are being scanned with 100% usage

    Why is your client so obsessed with these forced scans? Where is the 'would you like to perform a full scan after installation' dialog?

    I cant believe how you can get such a simple thing so wrong

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • I don't see it as a laughing matter, I see it as both disappointing and frustrating

  • camarie
    camarie Principal Software Developer ✭✭✭
    edited September 2022

    @Ironbuket Maybe you installed the version where the bug was present, and it will fix it only after update? It can either be the log4j scan or the other issue fixed as well by a revert.

    Can you check the ctc2 version? To do this: C:\Program Files\Bitdefender\Bitdefender Security\ctc2\ctc2.json, open the file with a text editor, look on what is on "stable" (should be something like "stable": "_001_001"), and with this information check what version of ctc.dll is in that corresponding subdirectory (so in this example it would be C:\Program Files\Bitdefender\Bitdefender Security\ctc2\ctc2_001_001\ctc.dll).

  • It only did it the once, but it was a fresh download from the BD website. It may or may not have been the same scan. What I find disappointing though, is that at some point someone must have changed the client and they didnt even bother to perform a fresh installation of the new version to see how it behaves? I can (kind of) understand how a change in the client which causes forced scans could be missed if you are only updating test machines and never performing a fresh install. However, why arent you performing a fresh install on your test machines after a client change as well?

    As some other people have mentioned, I too feel like the client is using more resources over time compared to the past. I think monitoring changes in CPU, RAM and Drive Activity should be part of your testing of client changes. It seems at the moment, that BDs detection method for performance hits as a result of client changes is to wait for customers to complain.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    Lately I'm noticing that in some moments it is a bit heavy in resource usage ... the RAM is over 300Mb and the update download process is very long using a few minutes high resources ... Make it lighter ... we don't all have the latest generation PCs ... I'm sorry because the protection is excellent but in some moments it slows down the PC especially during the PC startup phase and during the download of updates.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Bitdefender is not ideal for an old system like yours. It's not going to be any lighter. Bitdefender is very fast on a decent system with SSD. Your system config is simply not strong enough for BD to perform properly without having the impact that you're having.

    There are one or two other free AV that might do a better job on your PC. Since it's a Bitdefender forum and not related to the topic, I'm not mentioning the names here.

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    So do I have to abandon Bitdefender Free?

    In my opinion it would be enough to reduce the percentage of RAM usage a little, improve the update download process and the PC startup phase ... Because afterwards you don't feel the "weight" of Bitedefender AV very much.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Hi, I can confirm that this happens to me too, the same problem as Ironbuket, today I reinstalled the Antivirus, because I did not see the options to scan folders, and when I did the reinstallation, I realized that again this bug, reappeared.

    Previously in the past it had happened to me, but reinstalling it, seemed to be the solution, and unchecking the box for disk scans at startup, I think.

    I have again made the uninstallation and installation, and to uninstall , i used Revo Uninstaller programs, deleting and scanning registry keys that could not be deleted, after an uninstallation.

    I also used other programs to scan possible files that could be left and check that there were no traces of the folders and files, and so have everything clean for a new installation.

    Well after this and without leaving any unwanted files, when reinstalling the program for 3-4 times, all doing the same steps, the error is still there after so many attempts, bdservicehost.exe using 100% of the disk (HDD), obsessed with secondary hard disks...

    There will be a solution to this? as quickly as possible? very frustrating and exhausting, and worse, it affects the units and degrades them, which is terrible.

  • Bagira
    edited September 2022

    Ok, I'm back to report something, after reinstalling it again today, I saw that the same thing happened again, so I had to turn off the HDD's hard disks from Win11, to prevent it from scanning one after the other, but then, on the main disk C: SSD NVME, it kept scanning it, for no reason at startup.

    I have found that the product installed updates every time I reinstalled it, and today it notified me of a product update just after, having finished the annoying service task.

    Apparently, after updating the antivirus, I restarted and this did not happen again. But, my question is, when you download from your account, and bitdefender central, when assigning a device, and download the installer.

    Shouldn't the product come with all the updated libraries and files? to prevent this from happening? I mean if the fix is applied or has been applied in my case, after installing an update, when checking for updates.

    I am sorry if I speak from a lack of knowledge, or the correct function of how this works, but as I said, I noticed that every time I completely uninstalled the antivirus and re-downloaded it and ran the tests, these updates were installed later, in my case, the fix seems to have been applied, after 2-3 update notifications, one of which was the last one and was for the product in general.

  • Im finding the choice to post that massive gif slightly misplaced and a bit weird. It may not be the case here, but I find that people often dont update their hardware lists in their forum tags. Hopefully people arent just assuming that is their current system, though of course it could be.

    Anyway, I notice it on my 5800x so are you going to tell me to upgrade?

    Developers telling customers to buy better hardware is a result of lazy programming. It isnt just BD, they all do this but it doesn’t make it right. If we all ran 200MHz 256K computers, someone would work out how to get a real-time AV client running on it.

    The reason I first switched to using BD year ago was because it had one of the lowest system impacts of any of the AV clients and at the same time have a good detection rate. Maybe it is just me, but I dont want my AV slowing my computer down, at least not any more than is absolutely necessary and certainly not just because the coders are lazy and feel that their customers should just upgrade to support their continued sloppiness.

    As a result of this forced scan debacle, I have had a chance to try out some other AV brands. I have found an alternative, which appears to do as good a job or better than BD and uses less resources in doing so. Im only sticking with BD for now, because Ive still got another 3yrs on the licence I already paid for. If BD want me as a customer after that, they better start taking customer comments about demands on system resources seriously.

    At the very least BD, could put in configuration options like they do in games, where the app detects the power of your system and adjusts accordingly on installation to how much it thinks the system can tolerate. The user can then turn up the options to a higher level, if they don’t mind stressing their system.

    It doesn’t take a genius to realise that deciding to run a full system scan on start-up is going to be a disaster on a slower system which is likely already stressed just after starting up. And before you reply, this has been fixed, scroll back and look at the comments from the developers. This was put in on purpose to run at start-up with no consideration of system impact as a result. See my other comments above about BD not seeming to consider system impact during development.

    Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Agreed.

    Can you DM your alternative please? I too have a 3 year license, but given it's not even installed that makes it irrelevant. I'd like to know what you settled on please Ironbuket.

  • Mike_BD
    Mike_BD admin
    edited September 2022

    Guys, I believe we've proven transparency is one of the fundaments of this community. Feel free to express your opinions, even if that means suggesting a competitor. We aim to be better, not hide stuff under the rug.

    Q6600 power in a non-conspicuous Antec Fusion Remote Max, silently cooled by Scythe Ninja 2 and a whispering Enermax Modu82+.

  • Scott
    Scott ✭✭✭✭✭

    Winner. I love that attitude on this forum. We are not going to troubleshoot another vendor's AV, but at least they can be mentioned here. There is a forum, Kaspersky, where even if you mention a competitor's name in a thread, gets replaced with ****. I know they're trying to keep their support solely based on their product, but what are they afraid of?!

    An intelligent person will open your mind, a beautiful person will open your eyes, and a loving person will open your heart.

  • @Ironbuket well, gifs are part of the forum culture and this is a forum, after all. I'm sorry if this offended you in any way. We have a different approach here and you may find gifs and memes occasionally, because we are not the black-suit-and-tie kind of admins around here. We are real people with a good sense of humor and lots of appreciation for the members of this community and starting from the very beginning, we wanted to do something that stands apart from other forums in this niche and build a welcoming and inclusive virtual environment, where people can express themselves freely and get closer to our teams. Because in the technological era we live in nowadays, the human touch is paramount to a real and satisfying customer experience.. Surely, there are areas of improvement and if we make sure to listen, not only hear, we can put the feedback to good use and improve.

    Of course, there are certain limits and moderation is part of our job. But if someone posts a picture, or a gif that may put a smile on someone's face in times of trouble, I see nothing wrong with that and I encourage it. You have noticed that we do keep things professional and tidy around here, but that doesn't mean we cannot have a good time on these pages, even if we are confrunted with an issue, or frustrated because of something that doesn't work as expected, having a nice atmosphere and meaningful, quality conversations from which all parties can benefit, will help clear the air and also difuse unpleasant situations.

    In regards to the competition, we respect all cybersecurity, IT solutions out there and I believe we are not racing or competing against each other, but share a common goal: to protect people's sensitive and personal information, defend against malicious threats and become the best version of ourselves. I don't know how many of you know this, but apart from the home and enterprise solutions, our detection technologies are also being licensed to about 30 percent of our competitors in the anti-virus space. So, you can mention anyone you wish, as long as it's in a decent form of expression.

    Here you will find more transparency than anywhere else, this I can assure you.

    Cheers!

  • Scott
    Scott ✭✭✭✭✭

    @Alexandru_BD you mean, real devices, real people? ;) :)

    An intelligent person will open your mind, a beautiful person will open your eyes, and a loving person will open your heart.

  • Nunzio d'Abbruzzo
    Nunzio d'Abbruzzo Defender of the Month ✭✭✭✭

    Anyway I like this community and you are fantastic for the support you give to me as a free user too ... 😃 I hope the problems with BD free will be solved soon so I can reinstall it on my old PC ... 😅

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb, ATI Mobile Radeon HD 2400

  • Did the final fix ever roll out for the startup scan issue? Or are we still on the rolled back version?

  • camarie
    camarie Principal Software Developer ✭✭✭

    @DrR0Ck Yes, the fix has been released with ctc2 version 2.3.0.355.

  • @camarie, thank you for confirming, and thank you and your team very much for the support!

This discussion has been closed.