report.bitdefender.com

Why would ZA Pro be connecting to a site as in the topic title? Does BD know anything about this site using their product name? What is happening here?


The full site name is report.bitdefender.com, ip is 80.86.106.67 (the site name got bleeped out at ZA user forum)


I have recommend that users add this ip to blocked sites in FW zones ASAP. Since I blocked it after 1 attempt by zlclient then 5 attempts in rapid order with a switch to winlog as access program. All Alerts continues to be turned off on any change in settings or on reboots.


My ASW, product updates and SmartDefense on manual all work fine with selected blocks and "optimized" settings.

Comments

  • alexcrist
    alexcrist
    edited May 2007

    Hi Escalader,


    I might be wrong, but that could be BitDefender trying to send/receive data about viruses as a result of the options Send virus reports and Enable BitDefender Outbreak Detection (General -> Settings)


    Try to disable these options, and see if you have any more attempts.


    Cris.

  • Hi Escalader,


    I might be wrong, but that could be BitDefender trying to send/receive data about viruses as a result of the options Send virus reports and Enable BitDefender Outbreak Detection (General -> Settings)


    Try to disable these options, and see if you have any more attempts.


    Cris.


    Hi Chris:


    I will try your idea, what puzzled me was I didn't change any BD options lately and it was zlclient that connected first. Now it is WINLOGON.exe that is attempting the connect. I have it blocked until I know what's happening here.

  • Here is the latest information I have on this:


    1) As Chris suggested I turned off the "Send virus reports and Enable BitDefender Outbreak Detection" options in BD setup. The repeated connections to 80.86.106.67 continue unabated.


    2) I ran a Whois Server Version 1.3 here is the result.


    Domain names in the .com and .net domains can now be registered


    with many different competing registrars. Go to http://www.internic.net


    for detailed information.


    No match for domain "REPORT.BITDEFENDER.COM".


    Conclusion, it is another case of phone home by ZA.

  • Did a reverse DNS and the ip comes up as Bucerest Romania. No information on organization owning it.


    The whois data base lists this country with a high fraud profile?

  • Unknown
    edited May 2007
    Did a reverse DNS and the ip comes up as Bucerest Romania. No information on organization owning it.


    The whois data base lists this country with a high fraud profile?


    Hello,


    Nobody except Bitdefender can register sub-domains of BitDefender.com ,the Head Quarters of BitDefender are in Romania. Once you own a Domain name you can register as many sub-domains as you want for free, that can be done just by the main owner of the domain.The report.bitdefender.com could be a server in the HQ so it's not dangerous at all.


    Have a nice day.

  • Hello,


    Nobody except Bitdefender can register sub-domains of BitDefender.com ,the Head Quarters of BitDefender are in Romania. Once you own a Domain name you can register as many sub-domains as you want for free, that can be done just by the main owner of the domain.The report.bitdefender.com could be a server in the HQ so it's not dangerous at all.


    Have a nice day.


    Hello Rudy:


    Just to be clear I trust BitDefender or I wouldn't use the product.


    But the way this came to light was very strange.


    First as mentioned a few posts back zlclient was the program that first accessed report.bitdefender.com.


    Next the id of the program attempting access switched to WINLOGON.exe.


    Is report.bitdefender.com a server in HQ? The city and country are right but the whois data base don't confirm BD's ownership of this site.


    Could be a server is not the same as is a server.


    I'm not trying to be difficult, I just want clarity.

  • Unknown
    edited May 2007

    The owner you see there is INES , that is one of our Internet Providers. The connection is leading to our internal server.Over this connection are virus and spam statistics send.


    Real Time Virus Report (RTVR) & Real Time Spam Report (RTSR)


    RTVR/RTSR is a system included in BitDefender products deployed all over the Internet that reports virus and spam activity to the BitDefender Labs(report.bitdefender.com) to help isolate and prevent the spreading of malware and spam in an efficient and timely manner.


    So it is our server.

  • The owner you see there is INES , that is one of our Internet Providers. The connection is leading to our internal server.Over this connection are virus and spam statistics send.


    Real Time Virus Report (RTVR) & Real Time Spam Report (RTSR)


    RTVR/RTSR is a system included in BitDefender products deployed all over the Internet that reports virus and spam activity to the BitDefender Labs(report.bitdefender.com) to help isolate and prevent the spreading of malware and spam in an efficient and timely manner.


    So it is our server.


    Hi Rudy:


    Thank you very much for tracking this down for me. Best to be clear!


    I currently have followed the following idea:


    "....turned off the "Send virus reports and Enable BitDefender Outbreak Detection" options in BD setup"


    The repeated connections attempts to 80.86.106.67 continue anyway.


    This seems to me to mean that the RTVR and RTSR connects occur even if the options are turned off.


    In my set up I have the address blocked, yet updates of the product continue ok as do the attempts to send reports back.


    So updates must use one server and reports on virus and spam must use another?


    Have I described all this correctly?

  • The update servers are different from the one with statistic reports. Why?


    Beacuse we need to have good connection to all the users from the World. That's why you will have servers scattered all over the World and only one server that gathers information about viruses and spam in Romania.


    If you are concerned about your security just block report.bitdefender.com although is our server and everything is secured.

  • The update servers are different from the one with statistic reports. Why?


    Beacuse we need to have good connection to all the users from the World. That's why you will have servers scattered all over the World and only one server that gathers information about viruses and spam in Romania.


    If you are concerned about your security just block report.bitdefender.com although is our server and everything is secured.


    Hi Florin:


    Well of course I'm concerned about my security and everybody's!


    If we could learn why the options turned off don't work is a known bug to be fixed due to still trying the access it would increase the users confidence. I may even turn on the service if I knew.


    Take care