Recent BD version now produces "You are safe" when Windows Media Center extender sessions start

Well, this is a brand new symptom from what must be some very recent changes in BD, running on a Win7 system because it runs Windows Media Center. There are four "extenders" around the house supporting TVs at those locations.

WMC extenders actually are Windows "remote desktop" users, so when you start up an extender to watch TV at that location it's conceptually the same as an RDP user connecting to the host Win7 WMC server (i.e. WMC running on the Win7 system). Previously the extender session would simply start, and there was no interference from BD in any way whatsoever (at least that was obvious on the remote TV screen).

Well, now just starting in the past few days, when the extender session is launched there is the "You are safe" opening screen produced by BD, as if "show" had been selected from a right-click on the BD icon in the system tray, or as if the program had been freshly launched. Unfortunately this prevents the WMC remote from operating correctly out at the extender session. It's not really a Windows desktop... it is Windows Media Center!

So pressing OK doesn't actually get into WMC. It appears to be passed on to BD, which disappears the "You are safe" window. But then a second followup screen is also presented, which again requires it to be disappeared. And every time the BD window is disappeared the RDP extender session is terminated, presenting "do you want to reconnect or cancel?" screen from the extender software.

This annoying multi-handshake interaction goes on for many cycles. Eventually it seems "cancel" is the most successful action, after which a cold full reconnect finally seems to bypass BD sending out any screens. And now the extender session finally is operating normally.

Most annoying. Happens on all four of my extenders. Never happened before a few days ago. Obviously some very significant change was made to the latest BD engine which is unfortunately having this very unfriendly result out at begining and RDP signin of the WMC extender session.

BD Total Security Build: 27.0.14.77, last product update 7/7/2023.

Threat Database Properties: last engine update 7/7/2023

Comments

  • Generate bitdefender BDsysLog: https://www.bitdefender.com/consumer/support/answer/1922/

    Generate bitdefender support tool logs: https://www.bitdefender.com/consumer/support/answer/1733/

    Generate bitdefender connectivity logs: https://www.bitdefender.com/consumer/support/answer/9689/

    Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com

    If the generated logs are larger in size, you can upload the logs to google drive or we.tl (7days link validity for free users) or ask the support team to provide you with the online link & password of bitdefender cloud where you can upload the logs and share the upload link with the support team.

    The support team will reply back to your query within next 24-48 hours excluding weekends.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • DSperber
    DSperber ✭✭✭

    I understand and appreciate both of your suggestions to actually submit a ticket to Support, along with the expected additional diagnostic information. But the unique characteristics of this particular symptom make me wonder if whether everything that would be useful and helpful and of value would, in fact, get captured in the generated logs, etc. Maybe it will, and I'm just a bit skeptical.


    First, there is no "screenshot" possible. The symptom is not something seen on the host PC and appearing on one of its monitors. The symptom appears on one of the TVs around my house, as presented to that TV by the Windows Media Center Linksys DMA2100 "extender" at that TV location. The extender has just been launched, and has started a Windows "Remote Desktop Protocol (RDP)" session and connected to the host Win7 PC, as a "Windows RDP user". So conceptually the TV connected to that extender is really functioning as the "monitor" for that RDP session, but which has has no associated physical keyboard.

    In other words it's not an actual remote PC connecting via RDP and signing in to a host PC to start a remote Windows session usng standard RDP. But in reality that is exactly how a WMC "extender" does connect to WMC running on the host PC, in order to deliver TV to the television connected via HDMI cable to the extender.

    Bottom line: the only "screenshot" possible would be for me to take a photo with my phone of the screen of the TV right when the "You are safe" screen coming from BD gets presented on the TV screen. I will have to be quick, because the message only lasts about 5 seconds before going away. Same with the second message about "your passwords are protected" or something like that that also appears briefly and then also goes away. Nevertheless I could be prepared to take these two photos with my camera.


    Second, that really is the entire story about the "event" I'm creating the ticket about. So what is really needed for BD support to understand what is occurring would be if these logs I submit provide a "trace" of what went on back at the host when the RDP user (i.e. the "WMC extender") connected, along with why and how BD even got involved as is now verbalizing and externalizing that connection. By all clues, BD never did this before now, as of the past few days. I've been using BD for at least 6 years now and it NEVER BEFORE PRESENTED "YOU ARE SAFE" on the TV screen of the remote extender session when it started.

    If this same awareness of the new RDP session was always detected in the past, but BD was just silent and never actually sent out "you are safe" when the session started, I am reporting that BD now does send out "you are safe" when that very same RDP session that started silently for the past 7 years has now started doing it in the past few days.

    And that "you are safe" output is really bothersome and annoying and negatively impacting the normal startup of that WMC extender session. Takes me a minute or two to fight with the screens, get the flashes to appear, disappear, re-appear, re-disappear, and then finally stop, and normal operation now continue. But if I eventually close the RDP session (i.e. power off the extender, so that it disconnects the RDP session with the host Win7 PC), and wait 10 minutes, and then start it up again, well I then have to fight through this whole "you are safe" message story all over again.


    I will create the support logs and submit a ticket. Hopefully a "trace" of the starting of the RDP session and its corresponding BD actions will be captured in the logs.

  • Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • DSperber
    DSperber ✭✭✭

    I will produce those logs later today.

    But just to be sure I am explaining my thoughts properly, I believe that the TV connected to the WMC extender is actually just like the monitor of a remotely connecting PC would be, if it were to connect using standard Windows RDP to a host Windows PC. WMC extenders are, actually Windows "users" for RDP connections.

    And as such, they are assumed to probably have a display screen and keyboard and mouse, just like a real computer would. But in the case of the WMC extender with its own special purpose and function it doesn't actually need a keyboard or mouse. Only a display, which is actually the TV. And then the "desktop output" of the extender gets sent to the display, i.e. to the TV screen. Normally, it sends live/recorded TV from Windows Media Center, the onscreen Guide, the DVR recordings list, etc. But actually it is really the "Windows Desktop" of this remotely connected Windows "user" that connected using RDP.

    Hence why I believe BitDefender believes that when it is now newly sending out "You are safe" opening messages to the TV screen, it really thinks it is sending that message to the display Windows Desktop of whatever real computer user person was doing this "remote connection via RDP" to the host Windows. It apparently doesn't notice or realize or care that it is actually a Windows Media Center Extender RDP session, with its own unique characteristics and requirements.

    In other words, BD should NOT SEND OUT THESE MESSAGES when the extender connects through RDP and signs in, to start the extender RDP session. BD never sent these messages for the past 7 years, but now it has started doing it just in the past few days. Clearly a change was made to BD that tells "all RDP-connecting users that they are safe and protected", which is something that never got done previously until the last few days.

    There obviously HAS been a new and significant update brought out for BD in the past few days. And inside of this update is a new change, that now tells RDP-connecting users that "they are safe". That may be wonderful for real RDP-connecting human beings who are using a real remote computer with mouse, keyboard, display screen, etc., genuinely connecting through RDP to the host Windows in order to launch a new "user session". But it is NOT THE CASE FOR A WMC EXTENDER SESSION LAUNCHING!

    That is what this story is all about. Whatever you are now newly doing for regular RDP sessions getting launched (i.e now sending out "you are safe" to their desktop screen), it needs to be suppressed when the RDP session is a Windows Media Center Extender doing the session launching. There should be NO MESSAGES SENT to the TV being managed by the WMC extender when the RDP session gets launched.

  • DSperber
    DSperber ✭✭✭

    I have now generated all the requested outputs, and submitted an email to bitsy@bitdefender.com opening a ticket to which 2 of the 3 requested items are attached. The supporttool log is 24MB and is too large to attach to the email. So I've uploaded it to my personal cloud site and provided the URL in the email.

    Just one note: the location of supporttool.exe is NOT in the folder described in that article, which is incorrectly shown as:

    C:\Program Files\Bitdefender\Bitdefender Security\

    This may have been the previous location of the program but it no longer is with the current product. In truth it is now located in:

    C:\Program Files\Bitdefender\Bitdefender Security App

    I've also attached a series of screenshots to that email, showing the actual series of outputs that now appear on the TV screen when the extender session is launched. This begins with the usual POWER ON, and the resulting screen output of the sofware running in the Linksys DMA2100 extender, that initializes things. Then I would normally press the ENTER key to begin the communication between the extender and WMC running on the host Win7 PC. This is the action that would normally begin the RDP connection, with the extender acting as a "user" connecting and logging in to the Win7 host PC to begin the RDP session. This produces several screens advising of the progress of the connection getting established. Eventually there is a final screen that indicates the extender session is now established.

    And this is where I would normally press ENTER, which would normally cause the extender to contact WMC and then receive the normal opening screen of WMC:

    However this is NOT what is returned when I press ENTER, at least not the first 2-3 times I do the POWER ON sequence. Instead I am receiving the "you are safe" message from BD, the first 2-3 times:

    At this point I now have to POWER OFF, and then POWER ON and repeat the entire initial startup sequence. The second time I go through the sequence I still am receiving "You are safe". And I once again have to POWER OFF and then POWER ON.

    And now, finally, after this third initialization sequence and ENTER now finally BD no longer sends "You are safe". And now everything is normal.

    In fact I can now repeat POWER OFF and POWER ON as many times as I want, and no longer see "You are safe". But if I wait a few hours, or a day, and then do another POWER ON, well now once again I see "You are safe" and this whole story must be repeated.

  • Kindly share your support ticket number with @Alexandru_BD or @Mike_BD so that they can escalate your issue and try to get it resolved as soon as possible.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • DSperber
    DSperber ✭✭✭

    I would gladly share my support ticket number, but I don't have one!

    I followed the instructions provided above, and sent the email as requested to bitsy. I expected this to result in a reply email confirming receipt, and providing a newly assigned ticket number for my reference. I have not received such an email.

    So I have no idea if a ticket was actually created as a result of my actions, including running the support programs to generate all the logs and perform 53 steps of which the final one was to upload whatever got generated to your cloud (which did get done). Certainly everything ran normally.

    Bottom line: I have no idea what, if any, ticket number corresponds to my actions.

  • Wait for @Alexandru_BD or @Mike_BD reply. They will be available tomorrow and will check if there is any ticket associated with your email that bitdefender support may have received. @Alexandru_BD and @Mike_BD work for bitdefender and are the administrator of this bitdefender community forum and work only on weekdays.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hello,

    Yes, there is a ticket and I have asked our technical teams to have a look asap.

    Thank you for your patience.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • DSperber
    DSperber ✭✭✭

    Well, things are deterioriating.

    Over the past week I have started seeing a new symptom, again tied to Bitdefender running on this same Win7 machine that also runs Windows Media Center with the Ceton TV tuner card in it. The new symptom is that there is what looks like a "memory leak" from Bitdefender that accumulates over 2-3 days, until the system becomes unusable due to memory usage exceeding 70% (of the 16GB in this machine). Normally right after booting the memory usage is around 30% with not much running aside from the auto-start programs.

    Memory usage can increase if WMC gets going, recording programs or supporting extender sessions. But it's just minor.

    At this moment, having been forced to re-boot just this morning (so that it is now about 12 hours later) I see that Bitdefender has accumulated almost 7GB of memory!!

    Andrei M. responded to the support ticket, asking me to do a complete full absolute uninstall (using instructions provided), and then a brand new from-scratch clean reinstall. I will do that, but I'm not sure that is really going to accomplish anything.

    In my opinion these brand new symptoms ("You are safe" message going out to all of my WMC extender session TV screens when those sessions are launched, and now "memory leak" that causes Windows to eventually become inoperative) are the result of the recently rolled out new version of the product. Before the past two weeks I never had either of these symptoms on this machine, and I've been using Bitdefender on it for 7 years.

    Nevertheless, I will do the full uninstall, reinstall, and see what happens. If there is no improvement I will be forced to uninstall Bitdefender permantenly on this machine and revert to Microsoft Security Essentials and Malwarebytes Premium.

  • DSperber
    DSperber ✭✭✭

    It's now about 90 minutes later. Here is memory now (getting worse)

    I will be uninstalling Bitdefender in 45 minutes, as soon as a current TV recording completes.

  • DSperber
    DSperber ✭✭✭

    And 30 minutes later:

    I believe this is completely related to what's been going on with this WMC machine over the past two weeks: I have been doing an excessive amount of DVR recording, of both Wimbledon tennis (about 13 hours per day) and Tour de France bike race (about 5 hours per day), plus other normal daily recordings etc.

    All of these recordings produce very large WTV files (say 15GB - 30GB) in the \Recorded TV folder (managed by WMC). These WTV recordings are all "encrypted" (by DRM) because the channels are copy-protected by my Spectrum cable service. So this folder is growing enormously, and constantly, over the past 2 weeks. They cannot actually be "read" and understood, except by WMC during playback using DRM-decryption.

    I am very suspicious that these very large encrypted WTV files in this one \Recorded TV folder are the "culprit" that is responsible for the "memory leak" of Bitdefender.

    I have now added ""exceptions" to Bitdefender, for \Recorded TV. I am going to reboot (as I have to anyway) and see if anything improves.

    I am also going to add exceptions for the "RDP session users" folders in \Users:


  • DSperber
    DSperber ✭✭✭

    I have now rebooted, but have not yet uninstalled/reinstalled Bitdefender. I want to first see if my newly added exceptions make any difference for both of my issues ("you are safe" sent out when RDP extender sessions get launched, and "memory leak" most likely tied to weeks of 12-20 hours of new DVR recordings per day through WMC).

    Here's what memory looks like right after the reboot.


  • Kindly check on below stated link provided by bitdefender support

    https://www.bitdefender.com/consumer/support/answer/87461/

    If issue persists,

    Generate bitdefender BDsysLog: https://www.bitdefender.com/consumer/support/answer/1922/

    Generate bitdefender support tool logs: https://www.bitdefender.com/consumer/support/answer/1733/

    Generate bitdefender connectivity logs: https://www.bitdefender.com/consumer/support/answer/9689/

    Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com

    If the generated logs are larger in size, you can upload the logs to google drive or we.tl (7days link validity for free users) or ask the support team to provide you with the online link & password of bitdefender cloud where you can upload the logs and share the upload link with the support team.

    The support team will reply back to your query within next 24-48 hours excluding weekends.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • DSperber
    DSperber ✭✭✭

    So the night's over, it's 9 hours later, and I had only one overnight DVR recording, of 4 hours.

    Apparently, despite my new "exceptions" for the WMC-related folders (both \My Recordings as well as the four RDP-users for extender sessions) NOTHING HAS BEEN ACCOMPLISHED!!

    (1) "You are safe" message is still being sent out, when an extender session starts. My typical "workaround" is to try to outlast it. I first "disconnect" and then "relaunch" the extender session. Typically it takes maybe 2-3 times of this repetitive behavior to achieve success, and the "You are safe" message finally stops and the OK button on the remote now resumes its normal usability. Last night, it took me 11 tries before finally achieving this "success".

    (2) "Memory leak" continues to exist. Yes, after boot the memory associated with Bitdefender was right in line with my previous experience, and the article you pointed me to, i.e. about 500MB. Perfectly normal. But now, 9 hours later, things once again are OUT OF CONTROL:

    I have previously submitted all the logs and diagnostic materials you asked for. You have started a ticket (1008499007) and both Mihai and Andrei have sent me emails in response. Suggestions first for total uninstall/reinstall (which I have not yet done, but will later today).

    Today I also received an email from Andrei requesting that we set up a scheduled "remote connection" session so that he can examine my system remotely. I will fill out my scheduling request shortly. Perhaps we can arrange this for the next day or two.

    In the meantime I will have no alternative except to re-boot every day, as my way of avoiding the inevitable fatal condition of the "memory leak" symptom, that eventually makes my Windows system inoperative and requires a re-boot anyway.

  • DSperber
    DSperber ✭✭✭

    It's now about 3 hours later. And there has been ZERO activity for WMC on the machine. So if it's related to this new and MAJOR MEMORY LEAK shown by Bitdefender, I would think it's not relevant for the past 3 hours.

    And yet, Bitdefender continues to hemorrhage/consume memory like a madman!!

    Now the above machine is my "production" Windows Media Center Win7 machine, and it has 16GB of RAM. I do have a second "backup" machine which has 32GB of RAM. Same Ceton TV tuner card in it, same WMC setup and configuration and capability, including talking to a whole duplicate set of an additional four extenders around the house. But normally this backup system is not used. It's just there as a backup, in case I need it should some disaster strike my primary WMC machine.

    Well, I just decided to take a look at memory on the backup system, where Bitdefender (latest version pushed out over the past few weeks) is also installed. And, shockingly (but perhaps not surprisingly) THERE IS ALSO AN EXTRAORDINARY MEMORY LEAK ON THAT SECOND WIN7 MACHINE AS WELL!!

    So at this moment over 13GB of memory is tied up by BDSERVICEHOST!! This second machine was rebooted yesterday, just over 28 hours ago. And it's now sucked up 13GB of memory!!!

    I've had it. Apparently the product is no longer usable with a Win7 machine. I will almost certainly uninstall it on both of those machines.

    I am now going to investigate its memory usage on the other 18 machines on my account, which are mostly Win10 and two Win11.

    This is a seriously unacceptable DEFECT IN THE PRODUCT!!!

  • Hello @DSperber,

    The normal memory usage for bdservicehost is around 500 MB. Bdservicehost doesn’t use any CPU when the computer is idle if Bitdefender is not scanning or performing other automatic tasks in the background.

    During an on-demand or background scan performed by Bitdefender it is normal for CPU, RAM, and disk usage to increase. Scanning involves intensive processes that require significant resources to analyze files, folders, and system areas for threats. The temporary increase in resource usage that occurs during the Bitdefender system scan and quick scan is normal. It does not significantly slow down Windows and should not be interpreted as an issue.

    To find out the actual used memory displayed in percentages in Task Manager, you need to consider the memory usage of all applications listed under the bdservicehost process. To calculate bdservicehost’s memory usage percentage, right-click on bdservicehost in Task Manager > select Resource values > Memory > Percents.

    This action shows exactly how much memory bdservicehost is utilizing in relation to other running processes.

    Although bdservicehost is designed to operate efficiently, some users have encountered higher than expected CPU and memory usage. Below there are some steps you can take to resolve abnormally high CPU and memory usage related to bdservicehost.exe:

    Update Bitdefender. Make sure you have the latest version of your Bitdefender security solution for optimal performance. The newest build version often includes bug fixes, new features, and performance improvements.

    Uninstall other security solutions. Conflicts between multiple antivirus programs can lead to high CPU usage and even prevent proper malware detection. Remove the other antivirus software and observe if the CPU usage returns to normal.

    Run a System File Checker (SFC) to make sure the issue is not system related. The SFC scan is a built-in Windows utility that checks for and repairs corrupted or damaged system files. To run an SFC scan: Click the Windows Start menu, type cmd then right-click on Command Prompt in the results and select Run as administrator.

    In the Command Prompt window, type sfc /scannow and press Enter on your keyboard.

    Adjust the Bitdefender scanning options to reduce their impact on system resources. For example, you could schedule scans during periods of low computer usage or decrease the scanning frequency.

    Exclude non-critical files and folders from being scanned by Bitdefender to reduce the scanning workload and improve performance. For example, if the problem appears only when using a certain program or when compiling software into a particular directory, etc. add those specific apps and the folders they are accessing to the exceptions list in Bitdefender.

    If none of the above help, you can ask the Bitdefender engineers to assist further.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • DSperber
    DSperber ✭✭✭

    Alexandru,

    I think you are missing my point. I fully appreciate and understand what you've quoted above from the FAQ article regarding BDSERVICEHOST and memory usage, etc. However the screenshots I've posted are evidence THAT THIS IS ABNORMAL MEMORY CONSUMPTION!

    My "production" WMC Win7 machine (16GB) starts off as "normal" memory usage for BDSERVICEHOST, i.e. around 500MB. Exactly as your article suggests. But then it just grows and grows and grows and grows and grows... until eventually all of memory is consumed and Windows becomes inoperable. No scans are going on, nothing is scheduled, its just a machine running normally.

    For example I was required to reboot this machine 11 hours ago, and it started off with 500MB memory in use. So it is not 11 hours later, and memory usage is now up to 6GB!!!! That is 6GB of the 16GB in the machine, tied up by BDSERVICEHOST.

    As a second example, my "backup" WMC Win7 machine (32GB) also starts off as "normal" with the same 500MB memory used by BDSERVICEHOST. And it, too, was also rebooted 11 hours ago. I had discovered that there was the same "memory leak" on that machine, and it was up to 13GB in use by BDSERVICEHOST!!!!! That is 13GB!!!! So I rebooted, 11 hours ago, starting memory usage at the normal 500MB. And not surprisingly, after the same 11 hours of operation as my "production" machine has been up, the "backup machine" is also now up to 6.2GB of memory tied up by BDSERVICEHOST!!!

    So BOTH machines have seen memory consumptoin grown from 500MB to 6GB in the same 11 hours since being rebooted. Surely you cannot believe this is "normal"??? This is obviously some kine of serious problem.

    NOTE: I have checked all of my other Win10 machines (that are not Win7 running Windows Media Center with Ceton TV tuner cards). All Win10 machines are TOTALLY NORMAL!! Memory usage by Bitdefender on all of them is your "normal" value of 500MB.

    This should PROVE that something is absolutely broken with the latest Bitdefender version that got rolled out in the past 2 weeks, as it runs on both of my Win7 machines that both run Windows Media Center. They both show a MEMORY LEAK that does not stop leaking until all of memory is consumded by BDSERVICEHOST. That is just a fact. Obviously a problem.


    NOTE I have a scheduled remote connectivity session scheduled with Andrei, for Thursday morning. Hopefully he may have some kind of insight and ideas from poking around in both of my Win7 machines. We shall see.

  • Alexandru_BD
    Alexandru_BD admin
    edited July 2023

    I understand. Definitely something going on for that Windows 7 device..

    Have you considered updating to Windows 10/11? Things might get better.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Scott
    Scott ✭✭✭✭✭
    edited July 2023

    Along the same line as I was thinking this morning, that even though Windows 7 is "supported" by Bitdefender, that OS is a bit "outdated" for the updates and builds of Bitdefender for Windows 10 and 11, maybe and especially for WMC on those Windows 7 devices. Plenty of others are still running 7, without any issues that we know of, other than this.

    I don't mean to steer anyone away from Bitdefender, but @DSperber maybe try Avast free, as you wouldn't have to buy it and could see if it will give you want you're looking for on those Windows 7 PCs?

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Although plenty of users are still running Windows 7 without any issues, @DSperber has a rather special setup going on there and there is obviously something that doesn't work as expected.

    There's also the matter of supporting Windows 7 for future reference. Microsoft officially ended support for Windows 7 on January 14, 2020 and Bitdefender will continue to provide antimalware support for Windows 7 until January 14, 2024, so that's a few months away from now.. So, even if the situation gets resolved for now, there are no guarantees it won't resurface later on.

    In any case, I'm curious to find out what is causing this behavior on your device so please feel free to share the outcome of the remote session with us.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • DSperber
    DSperber ✭✭✭


    Windows Media Center along with the Ceton drivers for the Ceton InfiniTV tuner card only run on Win7. MS discontinued WMC in Win10. There is no option but to continue running Win7 if WMC is desired. I have chosen this option, just for this "production" machine (and the "backup").

    I have been running WMC since 2010, as my "whole home" solution (with infinite recording storage capability) to TV watching and DVR record/playback. WMC supports both my Ceton cablecard-enabled TV 6-tuner card as well as my Hauppauge OTA/ATSC 4-tuner card. I have four extenders/TVs around the house. I do not have to pay Spectrum Cable for 4x multi-box equipment rental, DVR service and box fees, all with limited storage capacity, etc. Instead I pay a grand total of $3/month x2 for the 2 cablecards I required, inserted into the Ceton tuner cards in each of my win7 WMC machines. Saves probably $60/month at least, for the past 13 years. Not to mention the extreme superiority of the WMC user interface and functionality.

    All the other 18 of the 20 machines on my BD license run Win10 or Win11. None of them involve Windows Media Center. My reason for remaining on Win7/WMC for these specific two machines is simply that: WMC.

  • DSperber
    DSperber ✭✭✭

    I understand fully that continuing to run Win7 means I maintain it myself, and take full self-responsibility for any problem solving. I also recognize that manufacturers, software vendors, etc., have zero obligation to maintain their hardware/software/drivers for an OS that MS hasn't officially supported for over 3 years.

    If Bitdefender announced that they no longer supported Win7 I would almost certainly (initially at least) revert to Microsoft Security Essentials, which continues to function and receive anti-virus updates from MS. Also I would install Malwarebytes Premium (which I also run on my other 18 Win10/Win11 machines, and have "open seats" available in my bulk license). Together this should provide all that I need for these two Win7/WMC machines.

    But I still maintain these two problems have been caused by whatever Bitdefender did in the updates related to the latest version of the product, which was just pushed out in the past two weeks. I have been running BD on these two Win7/WMC machines since 2017, happily and without incident and certainly without these two issues. These two problems have only appeared IN THE PAST TWO WEEKS!!!

    It should be obvious that whatever BD did in the latest changes to the product engine... that is what is has caused the product to (a) send out "You are safe" screen when I launch extender sessions, as each of these sessions is an official RDP remote connection session, and (b) gradually consume all available memory through BDSERVICEHOST and never give it back, until Windows dies and I have to reboot.

    Again, BOTH OF THESE SYMPTOMS NEVER OCCURRED BEFORE THE PAST TWO WEEKS... on these very same two Win7/WMC machines!! Obviously Bitdefender was quite happy with my specific two Win7/WMC... UNTIL SOMETHING THAT CHANGED IN THE PRODUCT WHICH GOT PUSHED OUT TWO WEEKS AGO!

    How hard could it be to review those changes, look at a memory dump of my machines to see what is using up 6GB of memory in 11 hours and continuing to eat up more memory as time goes on, and figure out what it is that is failing to release that memory. How hard could that be, if you really wanted to diagnose this huge new defect in your own software product?

  • DSperber
    DSperber ✭✭✭

    So it's been another three hours since my last observation of memory usage by BDSERVICEHOST, on both machines which were both rebooted 14 hours ago now.

    Note that one machine is "production", and I have been watching playback of tennis all day, plus doing perhaps 5 hours of new recording. The "backup" machine has done nothing. It is simply sitting idle all day long, with zero recording and zero watching.

    And yet, BOTH MACHINES HAVE CONSUMED ALMOST THE IDENTICAL AMOUNT OF MEMORY THROUGH BDSERVICEHOST running on each machine! So the rate of memory consumption on each machine is essentially identical, pointing to what must be an inherent problem both are exhibiting... very likely specicically because of the Win7 environment. Again, my other 18 Win10/Win11 machines are sitting at 500MB of memory and never increasing.

    (1) Here is the 16GB Win7 "production" machine right now, 14 hours after reboot.

    (2) Here is the 32GB Win7 "backup" machine right now, 14 hours after reboot.


  • Scott
    Scott ✭✭✭✭✭
    edited July 2023

    @DSperber you're providing some incredibly detailed and helpful information. Hopefully, this will also help with your Thursday morning session, especially since you can trace it back to the recent (two weeks ago) update.

    As with you, as well as Alexandru, I am curious about this one, too. I hope Andrei can figure this out for you.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • DSperber
    DSperber ✭✭✭

    Since I was already up to 72% memory consumed by BD on my "production" machine, and thus had to re-boot today anyway, I decided to go ahead with the FULL AND COMPLETE uninstall/reinstall that was requested by Mihai (of BD support) last Monday. This involves using the Bitdefender_2022-Uninstall-tool, etc.

    It also involves removing my device from Bitdefender Central protected devices on my account. Note that this involves an even older still-unfixed problem (originally reported back in 2019 and still unfixed) with Bitdefender Central and the registration of a protected device. Turns out the technique used here for identifying devices is to use the presumed unique MAC address of THE FIRST NETWORK ADAPTER (in Device Manager). Well, on my Win7/WMC machines it turns out the first network adapter is the Ceton TV tuner card

    which is actually a "gateway" with an IP address of 192.168.200.1, to its own network:

    DFW: 192.168.200.1, true MAC 00:22:2c:80:87:19

    Z170: 192.168.200.1, true MAC 00:22:2c:80:94:80

    with the 6 tuners accessed using 6 port numbers:

     tuner 1:   192.168.200.2:8000

       tuner 2:   192,168,200.2:8001

       tuner 3:   192.168.200.2:8002

       tuner 4:   192.168.200.2:8003

       tuner 4:   192.168,200.2:8004

       tuner 6:   192.168.200.2:8005

    This problem here is that while each Ceton InfiniTV tuner card on my two machines (DFW "production" and Z170 "backup") actually DOES have its own unique MAC address as shown above, they actually appear to have identical MAC addresses as returned from IPCONFIG /ALL, where the last three bytes of the MAC address are "masked" as "FF FF FF".

    So instead of using a REAL network adapter from device manager (e.g. my Intel I219-LM) which truly does have a full genuuine 6-byte MAC address, Bitdefender Central simply grabs the first NIC in Device Manager and its "masked" MAC address:

    Well, now we're in trouble. Because when I install Bitdefender on my second "backup" Win7/WMC machine (i.e. Z170), the MAC address on that machine's first network adapter is a duplicate of the "masked" MAC address as found on DFW machine. All Ceton cards have a MAC address that is 00:22:2C, and apparently with a final 3 bytes of FF:FF:FF, making them all "identical" to Bitdefender Central.

    So instead of ending up with TWO UNIQUE DEVICES PROTECTED, I only get one device shown, with the device name (DFW) of the FIRST MACHINE INSTALLED. The subsequent installs don't do anything, because the apparently identical MAC address tells Bitdefender Central is it is the same machine as was already installed and protected.

    Back in 2019 I first reported this issue, and suggested that they simply "black list" the Ceton MAC address which will ALWAYS SHOW UP AS 00:22:2C:FF:FF:FF, and cause problems. Just ignore it and get the next network adapater and use it instead (e.g. my Intel NIC, which would absolutely be unique on every machine). But this has never been done, and so to this day despite having two different machines I only show one device protected.


    Anyway, as requested by Mihai I've now followed the instructions for the complete uninstall/reinstall of BD on my DFW "production" machine. And of course the deletion of the device previously shown at Bitdefender Central and the new reinstall, now results in DFW being my one-and-only device. I just wanted to give that part of this story as well, since that problem goes back to 2019 when I first reported it (and got a ticket number: Integrated Support 2019032221420003) and remains unfixed. And of course it starts anew today, with my uninstall/reinstall procedure for DFW. Z170 must necessarily come next, with the resulting duplication story.

    The install did also bring in a product update, which necessitated a machine reboot. So I had a chance to look at memory usage right after reboot again, on this brand new clean install. Looks perfectly normal right now, using only 550MB:

    And just for the sake of completeness, in the 30 minutes it's taken me to compose this post, BDSERVICEHOST has consumed 300KB of memory (even though I've done nothing but use Firefox):

    I think it's apparent that the uninstall/reinstall has accomplished nothing.

  • DSperber
    DSperber ✭✭✭

    Ok. Last update until tomorrow.

    (1) DFW (16GB) Win7/WMC "production" after 6 hours: 3+GB RAM used

    (2) Z170 (32GB) Win7/WMC "backup" after 20 hours: 10.6GB RAM used

    (3) P70 (16GB) Win10 laptop after 5 days: 600KB RAM used

    (4) T495t2 (16GB) Win10 laptop after 6 days : 750KB RAM used


    More news tomorrow after the remote session with BD..

  • DSperber
    DSperber ✭✭✭

    Oh... and "Your are safe" still is sent out to the WMC extender sessions when they launch, from the brand newly installed BD on DFW.

    So that didn't change either from the full uninstall/reinstall.

  • DSperber
    DSperber ✭✭✭

    Oops... mental slip. It's not TONIGHT, Wednesday 1AM. It's TOMORROW, Thursday 1AM. So we have a day more to go before the session. Sorry for my confusion.

    In the meantime I thought I might as well post the current status of things. I probably will have to reboot both machines pretty soon.

    (1) DFW after 19 hours (now almost 10GB used, about 81% utilization of 16GB RAM):

    (2) Z170 after 34 hours (now over 17GB used, about 76% utilization of 32GB RAM):

    More after TOMORROW night's session.

  • DSperber
    DSperber ✭✭✭

    So, it all seemed quite productive. Andrei remoted into my DFW "production" Win7 WMC machine right on schedule, and we proceeded to work together for the next 2 hours. The objective really was for him to look around of course, but primarily to generate a complete system memory dump as well as producing a complete set of system logs from BD support tool, etc. And then to upload all of this to their support site for the engineers in Romania to investigate, hopefully to have an epiphany and realize what is generating millions of entries in memory that is consuming all of both my Win7 machines.

    I hadn't rebooted all day, and by the time the "dump tool" was invoked overnight we were almost out of RAM. The dump tool failed twice to complete the dump, complaining of "invalid data". So we had to reboot (thus starting BD from scratch, with the noreml 550MB initially tied up). We then waited an hour for the "memory leak" to proceed, until it reached 1GB of storage used at which time we once again attempted to take the memory dump. And this time it was successful.

    Andrei packaged up everything to be looked into in a ZIP file that I uploaded to their support site. We shall see what becomes of it. My expectation is that the engineers will have an "epiphany" once they see the millions of repeated entries in memory, that clearly point to the "culprit" bug code which they can then correct.

    In the meantime I have now completely uninstalled BD from both my Win7 systems. I cannot tolerate the defective product condition on my normally reliable WMC machines. in the interim I have reverted both Win7 machines back to Windows Defender (i.e. Microsoft Security Essentials) plus Malwarebytes Premium.

    If/when the BD support team comes up with a beta fix they'd like me to try (hopefully in a few days) I will reinstall the product. Until then, it's been banished from my Win7 world.

    Nevertheless, a very productive session. Andrei is a pro.

  • Yes, I know Andrei personally, he really is one of the best. Keep us updated, I'm very curious how the case evolves.

    Cheers and thanks for following up with the community! 👍️

    Premium Security & Bitdefender Endpoint Security Tools user

  • DSperber
    DSperber ✭✭✭

    Just a status update, now about 3 weeks since my remote connection session with Andrei, during which a complete system dump was transferred to Bitdefender's upload site that reflected the new "memory leak in Win7" symptom (which had progressed post-boot up to the 1GB point, but which would have gone on forever and eventually consumed all free memory in the machine).

    Presumably the dump would have shown many hundreds of thousands or more of some kind of "table entries", generated in some endless loop of defective logic in the latest version of Bitdefender engine pushed out in the past month or so. Anybody who knows the internal design of the software and who looked at the hundreds of thousands of "duplicate" (or endless) entries would/should have instantly seen the "giant clue", and opened the page of code to where these entries are being generated, and would then have now been on the diagnostic trail to TRUE DEBUGGING!

    In other words, I would have assumed that since this bug makes Bitdefender NO LONGER USABLE ON WIN7 SYSTEMS (or perhaps with some caveats that explained why both of my own Win7 systems, both of which have Ceton TV tuner cards and drivers in them, perhaps making them unique but at least understandable as to why the "memory leak" is occurring) it might have been ELEVATED to some "red flag high-priority" for the debugging geniuses at Bitdefender. I would have expected that, especially since they now had the forensic full-memory dump and all other needed diagnostic logs in thier possession.

    Well, you would be wrong. So far in the past 3 weeks I have only heard back from Bitdefender in just one single email, containing the same BOILERPLATE response to my own query a week later asking for an update on any breakthroughs that might have been discovered (and generated automatically, same as to EVERY bug report after 1-2 weeks), with the following USELESS TEXT that I have seem MANY TIMES OVER THE YEARS, anytime I submit a bug report:

    "Thank you for your follow-up e-mail.

    As mentioned previously on the ticket, a fix for this Bitdefender behavior is still undergoing development. We do not have an estimated time for the release of the fix yet, but we will contact you as soon as it's implemented by an automatic update of Bitdefender. Please keep in mind that all reported bugs require investigation time.

    Thank you for your patience and understanding. Rest assured that we will contact you again as soon as the fix is released."

    Honestly, I wanted a bit more personal interaction from Andrei or someone on the debugging team... assuming anybody is actually analyzing the memory dump and seeing hundreds of thousands of "giant clues" duplicate entries in some table or something. Yes, of course the actual "fix/solution" will take some time to develop. And maybe I would be asked to pre-test a beta version of the code, on my two Win7 machines which are BOTH EXHIBITING THE FATAL MEMORY LEAK NOW IN BITDEFENDER ON BOTH WIN7 SYSTEMS! If I was willing to let Andrei have a remote connection to my system in order to gather the dump, surely I would be willing to dedicate one or both machines to his team to pre-test a beta version of the fix... BEFORE YOU JUST SEND IT OUT AS YOU PROMISE IN THE EMAIL. I'm more than willing to help in any way I can.

    In the meantime, as I previously reported, Bitdefender has been UNINSTALLED AND REMOVED from both of my Win7 systems. I am now operating solely with MS Windows Defender along with Malwarebytes Premium. And I am perfectly fine to run that way forever now, if Bitdefender cannot correct the FATAL MEMORY LEAK which was born last month in the latest engine version pushed out.

    Again, I have/had been using Bitdefender on both Win7 systems for the past 7 years and never saw this FATAL MEMORY LEAK until last month's product update. Surely that should focus your diagnostic efforts to that portion of code which is NEW/UPDATED. And the "giant clues" in the memory dump (which you've had for 3 weeks now) should certainly have zeroes in on the obviously "new code" which is generating the "hundreds of thousands of table entries" revealed in the memory dump.

    Surely SOME PROGRESS MUST HAVE BEEN MADE BY NOW, no??? And if so, I've heard nothing about it.

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    Hi @DSperber

    It may be what you're doing now, in running Windows Defender and MBAM, is going to be the best option. I'm starting to think, as with you, that the main focus will be on Windows 10 and 11 for Bitdefender, as what may have broke for you in an BD update for Windows 10 and 11 with WMC extender on Windows 7, may not be the laser focus (one member, one issue in this case) of the engineers at this time. Even if they were to figure it out, as Alexandru mentioned, the EOL for Bitdefender support for Windows 7 is right around the corner anyway:

    There's also the matter of supporting Windows 7 for future reference. Microsoft officially ended support for Windows 7 on January 14, 2020 and Bitdefender will continue to provide antimalware support for Windows 7 until January 14, 2024, so that's a few months away from now.. So, even if the situation gets resolved for now, there are no guarantees it won't resurface later on.

    If @Alexandru_BD wants to comment on where you're at, it won't be until later next week.

    Regards,

    Scott

    edit: just a FYI, DSperber, there are 3 work PCs I uninstalled Bitdefender from, 2 Windows 10 PCs and one Windows 11 PC. The software I was running (CAD/CAM) and BD did not get along, so I went with a different AV subscription I had, and have had no problems since. I probably could have reached out to BD support, created log files etc, and made it work, but I didn't want to do that as I knew the other AV would work. So I just cut my losses on those PCs and moved on.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/