Community


BitDefender antivirus free edition false positive

Links used in this discussion
john kumpf, User (Posts: 85)
Feb 02, 2022 8:05:13 pm EST
Support level: Free or trial
bitdefender antivirus free edition is hitting this hard. It prevents the download. Then when I exclude the website, it prevents the temp file it's downloading into (which has a random string--so it's impossible to categorically exclude from bitdefender).

Then it prevents execution of, say, agent.exe.

Then if I exclude that, it prevents execution of the rutserve.exe in %localappdata% (which also has a random component making impossible to categorically exclude).

I'm close to uninstalling BitDefender.
gsk, User (Posts: 4)
Feb 03, 2022 6:23:54 am EST
Bitdefender Endpoint Security tools going crazy too.
Conrad Sallian, Support (Posts: 3013)
Feb 03, 2022 6:35:45 am EST
Hello Everyone,

We have already contacted BitDefender. Here is what they answered:

Hello Conrad,

Thank you for your patience!

We have received an answer from our Virus Analysis Labs. The file is PUA and currently detected by our engines. As such, the detection will remain. If an user would like to keep the app from being blocked on their machine they can always add a manual exception.

Kindly let us know if we can be of any further assistance.

Have a nice day!

He who has eyes to see, let him see. Yes, if you control hundreds of remote computers and you happened to be a customer of BitDefender - go ahead and add Remote Utilities to exceptions manually just because there is a virus analyst at BitDefender who thinks that the program MIGHT cause a threat.

I don't even know to comment on this. By the way, the BitDefender detection spawned a whole lot of detections from other a/v programs because they re-use the same engines and signature databases.
Conrad Sallian, Support (Posts: 3013)
Feb 03, 2022 6:49:55 am EST
BitDefender antivirus free edition false positive - 03 Feb 2022 06:49:50
john kumpf, User (Posts: 85)
Feb 03, 2022 9:56:01 am EST
Support level: Free or trial
FAKE NEWS!

PUA stands for potentially unwanted application.
So there's no signature, nor application process that you can appeal.
It's a unilateral decision, judgement call, by BitDefender.

"Potentially" is a misnomer. Even the Windows 10 installer is, technically, "potentially" unwanted. I know plenty of people who would say, "I don't want that crap anywhere near my system."

The REAL definition is "almost certainly unwanted" as in, <1% of people ever use it, and 99% of people have it installed unintentionally, and 99% of people when they discover it and have the opportunity, uninstall it.

Also of note: when I restored the file from quarantine, somehow it now has security permissions that I can not access it. I've spend 2 hours on the web, but it's clearly something deeply behind the scenes that none of these posts even address. It looks like it's owned by me and and I have full permissions, but when I try to run it, I get still access denied. It looks like I can change permissions, but when I try, everything's grayed out.

I submitted a false positive for the agent to their website: https://www.bitdefender.com/consumer/support/answer/29358/

Everybody should do that.

If I have to choose between BitDefender and Remote Utilities, it's Remote Utilities hands down!

Now I feel like I'm on a crusade for Truth and Justice.
Edited:john kumpf - Feb 03, 2022 9:59:08 am EST
Conrad Sallian, Support (Posts: 3013)
Feb 03, 2022 10:05:54 am EST
Hi John,

Thank you for your support!

Also of note: when I restored the file from quarantine, somehow it now has security permissions that I can not access it. I've spend 2 hours on the web, but it's clearly something deeply behind the scenes that none of these posts even address. It looks like it's owned by me and and I have full permissions, but when I try to run it, I get still access denied. It looks like I can change permissions, but when I try, everything's grayed out.

Could it possibly be that BitDefender changes the permissions on a quarantined file? Unfortunately, their restoring guide doesn't mention anything of the sort.
john kumpf, User (Posts: 85)
Feb 03, 2022 11:22:27 am EST
Support level: Free or trial
Yeah, something. But it's not in right click file -> Properties -> Security tab -> Advanced.

There it looks owned by my username, and my username and Administrators have full rights. But if I try to change any of that, it's grayed out.

I've tried command line takeown.exe and icacls.exe and nothing works. Always access denied.

And tried all of these on the parent dir, with and without inheritance and down propagation. Nothing.

I suspect they have like locked the codepage inside the file or something like that.
Edited:john kumpf - Feb 03, 2022 11:24:39 am EST
Pauline, Support (Posts: 2848)
Feb 03, 2022 4:32:00 pm EST
Hello John,

Thank you for the update on this.

Have you tried contacting Bitdefender and asking them what might've happened to the file's permission after it was restored from quarantine?

Please feel free to let us know if you have any updates on this.

* Website time zone: America/New_York (UTC -4)