BitDefender's "Disninfect file"

Recently learned something about BitDefender AV's "Disinfect file" setting that important to know if anyone else (like myself) thought the "Disinfect file" meant only to clean the file -- not automatically delete file(s) without a prompt to confirm.

1. BD's Help file for "Disinfect file" has "Disinfects the infected file".
2. BD's Real-time (Default) settings:
Action to take when an infected file is found
First Action: Disinfect file
Second action: Deny access and continue

Hence based upon the above two items I've assumed that if BD found an infected file DB would perform the "First action" try to disinfect (clean) the file, and if it could not disinfect (clean) file, then DB would perform the "Seection action" Deny access and continue".

Due to a FP by BD AV v10, last Friday had a pop-up from BD noting that spywareblaster.exe was infected with the Trojan.Agent.AIZM. Was not until later I noted the SpywareBlaster desktop icon had changed because spywareblaster.exe had been deleted from the system without any type of prompt.

Did a post at the BD forum about the FP and BD deleting the file.

Chris (Moderator) posted the following on how BD's "Disinfect file" functions:
"... when you set BD to Disinfect an infection, it will call a disinfection routine specific for the found infection (which includes, if needed, deleting auxiliary files, cleaning registry keys, undo-ing changes to the system and other things like that). Most times, the cleaning routine involves deletion of the found file, and the only exception from this is when a FILE INFECTOR infected a file (and that infection can, sometimes, be cleaned without actually deleting the host-file). In other words, Disinfect doesn't mean that it disinfects the file, it means it disinfects the system (and that means also deleting the threats).

Because the FP was included in the Trojan category, the disinfection routine involves deletion and that's why the file was deleted from your computer without prompt.

If you want to prevent this behavior, the solution is simple: instead of Disinfect you can set BitDefender to:
- either Move to quarantine
- or Deny access and continue, which will leave the file where it is, but block all access to it, allowing you to make a manual scan over it and take the necessary action.

Also, I suggest you to change the actions for the OnDemand scans as suggested above.

Given that BD known for FPs, if do not want BD to automatically delete file(s) without asking first then be sure to make the changes to BD's settings noted above by Chris' post under "If you want to prevent this behavior ...".

 

Thanks for the hint, I've been wondering myself and thought it was a bug.