Real-Time Protection: Modification And Locking Of Some Values In Registry. Any Explanation?

hi,

following any new real-time protection activity, I encountered an annoying (and not easily explained) activities by Bitdefender Total Security, with the modification and consequent locking, of some WIndows registry settings:

hkey:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

values:

1.Hidden

2. ShowSuperHidden

Both are, not only, automatically set to "0", but also systematically locked for a long period, forcing me to no longer be able to view any hidden and system files.

I can also understand that this behavior can be normal during the phase of detection of a threat, but what I don't understand is why I have to keep it, then, later in the same manner, when the threat was quarantined too.

Thanks in advance.

Answers

  • Hello @Totocellux and welcome to the Community!

    Regarding this, check the below article, especially Step 2:

    Let us know if the information is helpful.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • hi Alexandru :-)

    thank you for your interest: those options that you sent and that can be set from the relative dialog box, correspond to those two registry values I mentioned: obviously it is impossible for me to restore the values even in that way.

    My system is safe. I am a developer, also of VBScript code: in the last period it has happened that "only some sources" of these (which I have directly developed myself and which I can verify) are recognized as harmful, probably due to a series of checks on the activities of the system tasks they perform.

    Inserting the directory containing the scripts in the appropriate exclusion list was USELESS: at the moment that I need to move them to another storage, Bitdefender activates by informing me that these files are harmful.

    In these circumstances, after viewing the history of the alleged attack and quarantining the file, Bitdefender Total Security not only "every time" replaces that registry values (from "1" to "0"), but also locks access to that values, not letting me restore them in that session.

    In order to restore them, and therefore be able to view hidden and system folders and files again, I am therefore forced to restart Windows.

    After the reboot, without doing anything else, i am again allowed to access those registry values and restore them to the value "1" without any problem

    This is, imho, a very unacceptable double forcing,

    Just as it's unacceptable that I am prevented from uploading screenshots to show what happens and receive the message:

    "You have to be around for a little while longer before you can post links."


    Salvatore Campolo

  • Gjoksi
    Gjoksi Defender of the month mod

    @Totocellux

    Hello.

    I promoted you to Level 2.

    You can now post screenshot(s).

    Regards.

  • hi Gjoksi,

    Thanks for your participation :-)

    Perhaps, however, there is a propagation time to wait (I don't know how long): the same message, white text on a red background, is still shown at the top of the comment window, and prevents me from uploading the images.

    I will wait.

  • Gjoksi
    Gjoksi Defender of the month mod

    And finally, here are the screenshots:


  • I publicly thank Gjoksi :-)

    for intervening directly and personally to eliminate this "huge"

    (and, for me, inconceivable) obstacle of the forbidden upload.


    p.s.

    it will cost me, at least, a beer ;-)