Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> [solved] Question About Intrusion Detection
Viscon
post Oct 1 2009, 08:34 AM
Post #1


Regular Poster
**

Group: Regular Bitdefender Poster
Posts: 115
Joined: 4-September 08
Member No.: 16,365



Situation: Intrusion Detection alerts about possible threat and asks whether to allow or block some process execution.
Now if I choose to allow and tell IDS to remember that, IDS adds a process to trusted list.
On a contrary, if I tell IDS to block the process and check to remember that, IDS adds process to untrusted list.
In both cases IDS will never ask about that process again.
What if I make a mistake?
How can I remove a process from one or another list mistakenly put on?

Appreciate any help...
Go to the top of the page
 
+Quote Post
Alex Stanciu
post Oct 1 2009, 03:03 PM
Post #2


Technical Support
*****

Group: Regular Bitdefender Poster
Posts: 1,834
Joined: 17-June 09
From: Bucharest, Romania
Member No.: 24,948



Hello Viscon,

You cannot tell IDS what process to allow or block. It will check the Firewall white list for the processes that belongs to trusted application, or it will check if the processes are digitally signed and it will automatically allow the corespondent application to connect to the Internet . It is a feature that have common components with BitDefender Active Control and it will add extra protection against any attempts to access your network, attempts to stop the BitDefender processes and any attempts from a malware application to inject into processes.

Thank you .
Go to the top of the page
 
+Quote Post
Viscon
post Oct 1 2009, 05:00 PM
Post #3


Regular Poster
**

Group: Regular Bitdefender Poster
Posts: 115
Joined: 4-September 08
Member No.: 16,365



Hmm... sorry but I don't quite get it then.
Let's see an example.
I start Sandboxie, and the process SbieSvc.exe is automatically caught by IDS

(IMG:http://i196.photobucket.com/albums/aa170/Viscon/sandb-alert.jpg)

I scanned the whole Sandboxie folder before and BDIS didn't detect anything suspicious.
But what do those Allow and Block buttons mean?
If I click Allow, Sandboxie starts.
And every next time IDS alerts me with the same pop-up, unless I check Remember this action... box.

However, what if I check Remember this action... box, and click OK?
Will IDS stop this service from running for good?
If yes, how can I unblock it?

TIA
Go to the top of the page
 
+Quote Post
Alex Stanciu
post Oct 6 2009, 02:57 PM
Post #4


Technical Support
*****

Group: Regular Bitdefender Poster
Posts: 1,834
Joined: 17-June 09
From: Bucharest, Romania
Member No.: 24,948



Hello Viscon,

Usually, if BitDefender detects a program through the Intrusion Detection System and you choose to block the program, a new rule will be created in the Active Virus Control Exclusion list and it will have the action Blocked. From that moment you will not be able to execute this program. If you change its action to Allow, you should be able to work with that program without any problems.

Unfortuantely, it seems that there is an incompatibility between the Sandboxie program and the BitDefender Intrusion Detection System. If you choose to block the program, you will not be able to use it after that, even if you change its action to Allow. We are currently investigating this issue and a fix should be released soon .

Thank you .
Go to the top of the page
 
+Quote Post
Viscon
post Oct 6 2009, 03:07 PM
Post #5


Regular Poster
**

Group: Regular Bitdefender Poster
Posts: 115
Joined: 4-September 08
Member No.: 16,365



Thnx Alex,
I'll keep this in mind.
Go to the top of the page
 
+Quote Post
ONT
post Feb 12 2010, 10:33 AM
Post #6


Guru Poster
******

Group: Banned
Posts: 2,223
Joined: 11-February 10
Member No.: 31,288



I am also facing this issue and put forward this issue against "Ticket ID:200911241004892", but get no response yet.

And now the issue becomes more "Severe" and Bitdefender detects legitimate applications which are even listed in its "Whitelist".


Regards
Go to the top of the page
 
+Quote Post
Cris
post Feb 12 2010, 11:15 AM
Post #7


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



Futher questions about AVC and IDS should be psoted here: http://forum.bitdefender.com/index.php?showtopic=16865
This topic will be closed, since the original question (from the first oost) has been answered.

Cris.

== CLOSED ==
== Solved issue ==
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 20th April 2014 - 07:59 AM