I can. This is controlled from Protection => Firewall => Settings by the "Use passive detection mode".

In short, bdntwrk.exe (Network helper and detector) is looking, among other things, for DHCP packets for detecting devices arriving on home network and ethernet connection.

This is done by listening on UDP port 67 as shown in the previous picture, and there are two modes:

- Active mode, which binds on the UDP port 67, but allowing reusing the address for other programs (and here is, probably, where the BOOTp hardware attempts to use e the port for its reasons)

- Passive mode, which does not bind on that port and listen only the broadcasted DHCP packets.

In this case, the solution would be to set the passive mode to ON, which will set bdntwrk.exe in broadcast packet mode and will unbind from the UDP port 67. There is no need to restart anything, bdntwrk.exe will get this on the fly and readjust itself.

See the attached images and the differences between these modes using Sysinternals TCPView.

Let me know if this solves the problem.

Edit: the second image "bdntwrk.exe not using port 67 anymore" is not technically 100% correct; a more accurate text is "bdntwrk.exe not binding to port 67 anymore". It will still get DHCP broadcast packets (unless the BOOTp software will not bind itself exclusively to UDP 67 and prevent packets to reach bdntwrk.exe, which is normal if that is the BOOTp software intention).

Any time. I think Use Passive default setting that maybe should be set to ON by default instead of OFF, I will ask the team if is not better to use a conservative approach.

Thank you for the feedback!

bdntwrk.exe is a Bitdefender process listening for DHCP connections.

The setting is in Firewall > Settings > Use passive detection mode, which, from the fact it is listening on 0.0.0.0, is set to OFF as opposed to active, which will bind to the DHCP server port 67 and might interfere with existing DHCP server software.

bdntwrk.exe is not a service, but rather is controller via a service plugin (specifically, bdservicehost.exe instance running as Virus Shield service; this one loads bdntwrksp.dll - SP = service plugin - and launches bdntwrk.exe during the service startup and and controls the running instance).

I suppose your application performs a bind on the port 67 for the application reasons, and I suppose this prevents bdntwrk.exe from port listening.

When you say '"bdntwrk.exe" is back again' do you mean it does not appear anymore in the netstat -ano | findstr :67 output, or bdntwrk.exe is not running at all?

Well, the binding is happening anyways.
bdntwrk.exe binds on port 67, the difference being

• in passive mode is using RAW sockets and binds on broadcast IP 255.255.255.255:67
• in active mode is using UDP socket and binds on 0.0.0.0:67, which is less consuming but interferes with bootp software.

Having firewall allows the changing of the setting, but you do not have one. The setting can be changed manually, but it requires opening of a support ticket, schedule of a remote, the intervention of a support colleague - the whole stuff.

But this is indeed a problem, since the setting might revert inadverdently due to an error, an update process etc.

What I am going to do is to talk to the guys and open an internal issue for this, since obviously this is not correct to have a setting that needs to be changed, but placed in a module which is not available. Let me check with the team and come up with a fix.

Meanwhile, please continue to stress me about this, since I want it to get it fixed.

Appreciate. Issue opened, noticed everyone about this issue.
In this very moment we are in the middle on an update and probably until the next week I won't be able to bring this up. But I'm on to it.

It is on my next todo list. I understand you need this done, I asked the support guys if there is an alternate solution until a fix would be released.

True, it is not ideal. That is why I want to come up with a fix.