Caution using BitDefender

Hi all,
I would like to share an experience I had with BitDefender Total Security 2011.
The program was running fine for a while on my PC, which had a fresh install of Windows 7 64-bit on it.

Then out of the blue IDS detected a malicious file, it then deleted the Windows file mcupdate.exe.
This was a false positive.

I received a windows error message every time media center tried to update.

What is disturbing is that the file was not placed in quarantine nor was I given the opportunity to allow or deny this action. In my opinion a very dangerous flaw in their software.
I was forced to restore to an earlier snapshot.

I have reported this issue on their forum.

When AV's start deleting legitimate windows files and you are unable to stop this from happening then they become dangerous.

 

Did u ever looked in the settings area to see if its possible to activate that option, and i mean to ask you before delete a file? Well i did, and surprise...it works! Don't blame the product if u dont know how to use it!

 

Why should I
Out of the box, should I have to make changes to my AV. If anything it should be more stable with default settigs.
And you bet, I BLAME THE PRODUCT

 

As Qlimax wrote,indeed in the settings you have to change to ask when a malicious file is detected,because the default option is delete.I found this very disturbing too,because a regular user usually don't mess with the settings and he/she could have a lot of problems in a FP situation,as OP wrote.The default action must be ASK,or DELETE,but in this case the file must be automatically copied and quarantined.

 

I just said what to do...maybe u have a bit right, but i have too

 

You're right,ok....but not from a regular user point of view.The default actions and settings of an AV must be user friendly for all users,as a geeky user can mess with the advanced settings at any time.And if i'm thinking twice,BitDefender is the only AV as far as i know with this default action on detection.And they must change this IMHO.

 

Agree... average users, that doesn't understand security, won't mess with settings

 

Bitdefender must give clear details before acting on a suspicious file. GData which uses bitdefender engine infact warns that choosing a repair option may corrupt the file.

 

It should be set to ask or quarantine by default..... Period. Yes there may be a setting to do this, but not all users are Wilders members, and they never even open their GUI after installing an AV. Wrong default setting by BD.

 

One of reasons to drop BIS 2012 beta was a lack of option to keep copy of deleted files in quarantine. It was annoying to see how your files (fp's) are just vanishing from hdd

 

This is the main reason for my post, to make those of you who are not familiar with BitDefender aware of this, in my opinion, appalling default behaviour.

Yes I did, I am by no means an export user, I do however tinker with the setting of the AV's I have installed.
But I did overlook this In hindsight, maybe one of the first stops I should have made.

You are right, yes this can be changed in the settings.
But surely you must agree, no AV that is set by default to remove/delete a file, should do this without giving its user a chance of recovering that file
At the very least, BitDefender should have quarantined that file.

 

Quarantine should be the default setting, never delete. Most people will
not know what to do if the antivirus is set to "ask".

Bo

 

fwiw, IDS isn't enabled by default. if it was enabled on your install, it was either enabled manually or something occurred with setup that caused it to turn on. also, iirc, quarantine is the default action for threats detected by the product.

 

I assumed It was detected by IDS.
Whatever real-time monitoring was used, it caused damage by deleting a system file.

Their forums have many, many people complaining about these or similar issues where files have been deleted.
The file was not quarantined, files cannot always be quarantined

I have removed BitDefender from my system and cannot verify any settings.

DannyDan BitDefender(technical help)

DannyDan Quote:
Hello,

Depends on the type of file and its location, also depends on how exactly was the file detected. Not all files can be moved to quarantine. Some of the threats found must be deleted directly. To provide you with more details I need to know what type of files are you referring to when you mention "I have Bitdefender Antivirus Pro 2011 and it deleted some files".

Regards,

DannyDan Quote:
That is why I am trying to explain Mortis. Some files can't be send to quarantine, you can only delete them. I can't yet provide you with an answer why BitDefender deletes the files until you do not provide me with the files name and extension.

Are the files you are referring to system files ? What was the location of those files when BitDefender deleted them ? Was the delete process part of a scan or triggered by the Real Time Protection when you downloaded these files ?

Entire post here:
http://forum.bitdefender.com/index.php?showtopic=27137

The poster was talking about system scans, technical help thought he was talking about real-time monitoring, so it is relevant.

 

Well done BitDefender It's better to use common sense these days, it shouldn't delete your system files

 

Bitdefender 2012 products are to be launched in 28th July. The main website is showing the countdown.

 

I'm a former user of BD and I always liked it. May use it again!


BUT ALL vendors SHOULD IMHO set all the defaults to safest settings ie quarantine to protect the end user from themselves.

In this forum we know how to do these things and research these actions in advance of use BUT "joe user" has no clue thus helping my security support business.

 

will the 2012 rascal accept 2011 keys? I still have like 545 days on my other computer

 

Its important for every user to create regular system restore points. If the users have the know-how then doing a monthly image of a computer's files is important too.

I didn't test out the beta for BD 2012 but I'll give the final version of it a go since I've got a few months left on my BD 2011 TS license.

 

it's always been their policy to accept keys from previous versions to activate new versions, i'd hope they wouldn't change it for this product line with all the improvements they've made.

 

What happened to windows file protection?

 

Yes they will, I specifically asked customer service this before I purchased 2011.