Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (3)

Resolved Bitdefender Problems

  1. Misc
0
Votes
Undo
  1. John Murphy
    John Murphy
  2. PowerBuilder
  3. Wednesday, 6 October 2021 13:35 PM UTC

Suddenly last week Bitdefender decided our application was evil.  It quarantined our main application but did not seem to mind a few other PB applications. It also quarantined a test application I downloaded from TopWiz to see how to send SMTP emails (emailsmtp64). We are using the Bitdefender GarvityZone version and we got around it by adding the path to the file on the users machines "C:\WH_v2019\code\WH32.exe" to the Bitdefender AntiMalware Settings. I also uploaded the .exe file to Bitdefender support.  We seemed to be ok for a min.  Then users that were not local "NJ" in "VA", "MD", and "NV" could not connect to the database in "NJ".  The Bitdefender Firewall was blocking the connections. We added the same file to the firewall exceptions and we we off and running.

Yesterday I released a new version of the .exe and it all started over.  Least week the problem was "Gen:Variant.Zusy.401967" but this week the problem is "AI:Tofsee.45787.414A72D917". Adding weird facts the Bitdefender "Security" report does not report the errors and the "Threat xplorer" also does not report the errors. We only see them in the "Quarantine" section. There is an option to restore the file and mark it as safe that does not work. It does restore the file but as soon as the user runs it, boom, it gets quarantined again.

It turns out that a "file" exclusion does not include an "ATC/ITS" exclusion. We added a folder exception "C:\WH_v2019" and could include "ATC/ITS" and so far it seems to be working.

It was also trashing the file from my source folders and the backup folders on the network. I did not have this problem yesterday as I have put those in as folders last week. That was the clue that helped yesterday as Bitdefender support has been less than useful.

Does anyone actually know what is going on so I can be sure to prevent this in the future.  I will need to release changes to this program every few days as it is in active development?

 

  1. PowerBuilder
SaveAs with encoding UTF8 with/wihout BOM
Making a plan bord / graph
Responses (3)
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 6 October 2021 15:48 PM UTC
  2. PowerBuilder
  3. # 1

Hi John,

I recommend to do the following things:

1. Sign your application .EXE with a trusted certificate.

2. Sign all external DLLs with at trusted certificate.

3. Include built-in manifest file.

4. Upgrade to PB 2019 R3 or newer.

5. Report the false positive to the A/V vendor.

6. If problem keeps happening switch to different A/V vendor.

Best regards,
Armeen

Comment
There are no comments made yet.
Roland Smith
Roland Smith Accepted Answer Pending Moderation
  1. Wednesday, 6 October 2021 15:11 PM UTC
  2. PowerBuilder
  3. # 2

I think that you should just use the anti-virus built into Windows. The biggest threat comes from employees clicking links in emails that they shouldn't. You need to have a robust training program to make sure all employees know how to identify email threats. Where I work we have a banner that displays at the top of all emails from an external source. That way we can't be tricked that it came from an employee.

Comment
John Murphy
  1. John Murphy
  2. Wednesday, 6 October 2021 15:43 PM UTC
Roland, I do agree with you but this client suffered a ransom where attack recently and there is no talking him out of Bitdefender as it is rated best for that. We did not pay and it took us a week before everything was backup.
  1. Helpful
There are no comments made yet.
Miguel Leeuwe
Miguel Leeuwe Accepted Answer Pending Moderation
  1. Wednesday, 6 October 2021 14:00 PM UTC
  2. PowerBuilder
  3. # 3

I'm really starting to get annoyed by "all of the anti virus problems". (not blaming Appeon, though it does seem to happen frequently to Appeon apps).

We have some executables, and even when having Avast being setup to exclude the folder where my executable is located, we've seen it being silently quarantined or with antivirus alerts. But ... not all the time, so it's kinda crazy and most probably that's an Avast problem). When running it from a folder without exclusion folders, Avast will kick in the first time and report no problems. But ... my colleague did get a virus warning the other day.... and of course not all the time. Pretty weird. Personally I really dislike Avast, but that's what the company decided to go with.

I know this is not very helpful, but I don't think the solution is us constantly reporting to anti virus companies about false positives. Especially since we now have new versions like every 6 months. I'm not an expert, but I know that for example in C#, there are certain operations that will trigger anti virus).

Just hoping things will get better some day.

best regards,

MiguelL

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.