Bitdefender Internet Security 2008

NL71
NL71
in General talk

I have experienced nothing of value from Bitdefender Internet Security 2008's generic virus/trojan detection system.


A couple of days ago, during the night (I leave my system turned on 24/7) while it performed a daily scan, it deleted the executable of my BitTorrent installation, having suddenly identified it as a generic trojan.


This isn't the first time I've lost applications and downloads to its' overly aggressive heuristic scanning.


I don't rely solely on Bitdefender and I am also aware that the nature of some software makes it appear a risk to heuristic analysis.


Is anyone aware of a way to disable the application of heuristic scanning by Bitdefender or should I seek an alternative solution when I renew my AV product?

Comments

  • alexcrist
    alexcrist

    You can report all false positives on the False Positive Reporting board. They will be fixed as soon as possible.


    Cris.

  • NL71
    NL71
    You can report all false positives on the False Positive Reporting board. They will be fixed as soon as possible.


    Cris.


    So there is really no way to disable heuristic analysis or at least prevent it immediately deleting programs?


    It's hardly a convenient solution - wait until I lose software - report it on the forum - wait for the appropriate update to BitDefender - then reinstall the crippled application.


    Very poor. Unless a more realistic approach is adopted before my current licence expires I will be seriously considering switching to an alternative security solution.

  • Niels
    Niels
    edited September 2008

    Hello NL71,


    The only thing that you can do is changing the actions that should be taken on detected threats. To do that first open BitDefender by right clicking on the red BitDefender icon near the system tray press on show go to the antivirus section be sure that shield tab is highlighted press on custom level now go to the section action to be taken when infected file is found select for both move file to quarantine, the same for second action do that also for when a suspected file is found. During an on demand scan you need to right click on the type of scan and also choose properties,custom level and change the same thing (move to quarantine)don't forget to click on ok. No, heuristic can't be disabled.


    Kind regards,


    Niels

  • NL71
    NL71
    Hello NL71,


    The only thing that you can do is changing the actions that should be taken on detected threats. To do that first open BitDefender by right clicking on the red BitDefender icon near the system tray press on show go to the antivirus section be sure that shield tab is highlighted press on custom level now go to the section action to be taken when infected file is found select for both move file to quarantine, the same for second action do that also for when a suspected file is found. During an on demand scan you need to right click on the type of scan and also choose properties,custom level and change the same thing (move to quarantine)don't forget to click on ok. No, heuristic can't be disabled.


    Kind regards,


    Niels


    Thanks Niels, but I would have thought my existing configuration would have achieved the desired result -


    Under the menu AV -> Shield -> Custom Level, I have "Action to take when an infected file is found" - "First action" is set to "<Disinfect files>" and "Second action" is set to "<Move file to quarantine>". For the section "Action to take when a suspect file is found" I have "First action" set to "<Deny access and continue>" and "Second action" also set to "<Deny access and continue>".


    For the on demand (scheduled) scan I also have the properties set through the Custom Level to "Action to take when an infected file is found" - "Action" is set to "<Disinfect files>" (No second action option available for this) and the "Action to take when a suspect file is found" I have "Action" set to "<Take No Action>" , again there is no second action option available for this.


    I believe these options exclude the apparently default action of deleting suspect files identified by the heuristic analysis.


    If I'm missing something please let me know.

  • Niels
    Niels

    Hello NL71,


    To inform you you can upgrade for free to BitDefender Internet Security 2009 for the remaining days of your current license key.


    What you also can do is exclude a folder so it will not being detected during the on-access scanner or on-demand scanner. But if you are using the English or another language version exception don't work for build 11.0.17 That was a faulty update. To check the build number please right click on the red BitDefender icon near the system tray and press on info. If you see build 11.0.17. you need to install the new BitDefender version. To do that open BitDefender go to the antivirus section and press on the exceptions tab now follow the wizard steps. This you should do until the false positiv is removed. But you should upload false positivs in this forum section. You need to archive the samples see here ( the 2nd post) for how to do that. Don't forget to mention the password. There is a 2 MB file upload limit.


    Your settings are good. With disinfecting can sometimes mean deleting a file. It can happen but normally it shouldn't. Because if it fails the second action will be taken.


    Kind regards,


    Niels

  • NL71
    NL71
    Hello NL71,


    To inform you you can upgrade for free to BitDefender Internet Security 2009 for the remaining days of your current license key.


    What you also can do is exclude a folder so it will not being detected during the on-access scanner or on-demand scanner. But if you are using the English or another language version exception don't work for build 11.0.17 That was a faulty update. To check the build number please right click on the red BitDefender icon near the system tray and press on info. If you see build 11.0.17. you need to install the new BitDefender version. To do that open BitDefender go to the antivirus section and press on the exceptions tab now follow the wizard steps. This you should do until the false positiv is removed. But you should upload false positivs in this forum section. You need to archive the samples see here ( the 2nd post) for how to do that. Don't forget to mention the password. There is a 2 MB file upload limit.


    Your settings are good. With disinfecting can sometimes mean deleting a file. It can happen but normally it shouldn't. Because if it fails the second action will be taken.


    Kind regards,


    Niels


    Thanks again Niels.


    I have a feeling we're clutching a straws regarding a solution to this significant problem but I will try updating to the beta of BitDefender Internet Security 2009 and see if it helps.


    I don't won't to be forced to start escluding items from scans as this defeats the principle of complete security. It's also an inconvenience that relies on first experiencing problems with the heuristic analysis deleting software before knowing what items are false positives and need to be excluded.

  • Niels
    Niels

    Hello NL71,


    Excluding I only mentioned that if you don't want to get the false positiv quarantined again. That was only a temporary measure if the false positiv wasn't fixed by and definition update. The main purpose is for excluding large folders to increase scan time.


    But before upgrading you need to first exit BitDefender by right clicking on the tray icon and choose exit. Download this removal tool. Double click on it to run it choose uninstall. You will be asked to reboot please do so. Ran the removal tool one more time and install now BD 2009.


    You are welcome. Glad that you appreciate my help.


    Kind regards,


    Niels

  • NL71
    NL71
    Hello NL71,


    Excluding I only mentioned that if you don't want to get the false positiv quarantined again. That was only a temporary measure if the false positiv wasn't fixed by and definition update. The main purpose is for excluding large folders to increase scan time.


    But before upgrading you need to first exit BitDefender by right clicking on the tray icon and choose exit. Download this removal tool. Double click on it to run it choose uninstall. You will be asked to reboot please do so. Ran the removal tool one more time and install now BD 2009.


    You are welcome. Glad that you appreciate my help.


    Kind regards,


    Niels


    I'll do that and give it a shot Niels, thanks for the extra info. :)

  • alexcrist
    alexcrist
    Under the menu AV -> Shield -> Custom Level, I have "Action to take when an infected file is found" - "First action" is set to "<Disinfect files>" and "Second action" is set to "<Move file to quarantine>". For the section "Action to take when a suspect file is found" I have "First action" set to "<Deny access and continue>" and "Second action" also set to "<Deny access and continue>".


    For the on demand (scheduled) scan I also have the properties set through the Custom Level to "Action to take when an infected file is found" - "Action" is set to "<Disinfect files>" (No second action option available for this) and the "Action to take when a suspect file is found" I have "Action" set to "<Take No Action>" , again there is no second action option available for this.


    I believe these options exclude the apparently default action of deleting suspect files identified by the heuristic analysis.


    Hello NL71,


    First of all, I believe that you confuse heuristic detection with generic signatures.


    IF you are talking about signatures like Trojan.Generic.<number> or Adware.Generic.<number>, these aren't heuristic detections. There a big difference between heuristic and generic detections.


    Heuristic detections are made by analyzing what the file does and compare it with other known types of malware. If the file is close enough of malware behavior, it is flagged as suspected.


    On the other hand, generic detections (like the ones above), they are signatures which are specially designed to detect a broader spectrum of malware (which have some identical parts). But because this broad detection, this detection can sometimes cause false positives. Of course that BD Labs try to minimize the FP rates when adding such a generic signature, but when/if it happens, you can report the wrongly detected file and detection will be removed.


    I wanted to clarify the confusion about generic/heuristic detections, which you clearly made (because you constantly used heuristic and generic as synonyms).


    As for the settings... "Disinfect" actually means to disinfect the system, not the file. The real "file" disinfection can only be made for some File Infectors. For the rest malware category, "Disinfect" means deleting the infected files.


    So what you have to do to prevent automatic deletion is to set BitDefender to either Move to quarantine, either to Deny access and continue (both options will guarantee that no files will be deleted, but also prevent known infections from spreading).


    Cris.

All Time Leaders

Categories

Defenders of the month