[solved] Question About Intrusion Detection
Posted 01 October 2009 - 09:34 AM
Now if I choose to allow and tell IDS to remember that, IDS adds a process to trusted list.
On a contrary, if I tell IDS to block the process and check to remember that, IDS adds process to untrusted list.
In both cases IDS will never ask about that process again.
What if I make a mistake?
How can I remove a process from one or another list mistakenly put on?
Appreciate any help...
Posted 01 October 2009 - 04:03 PM
You cannot tell IDS what process to allow or block. It will check the Firewall white list for the processes that belongs to trusted application, or it will check if the processes are digitally signed and it will automatically allow the corespondent application to connect to the Internet . It is a feature that have common components with BitDefender Active Control and it will add extra protection against any attempts to access your network, attempts to stop the BitDefender processes and any attempts from a malware application to inject into processes.
Thank you .
Posted 01 October 2009 - 06:00 PM
Let's see an example.
I start Sandboxie, and the process SbieSvc.exe is automatically caught by IDS
I scanned the whole Sandboxie folder before and BDIS didn't detect anything suspicious.
But what do those Allow and Block buttons mean?
If I click Allow, Sandboxie starts.
And every next time IDS alerts me with the same pop-up, unless I check Remember this action... box.
However, what if I check Remember this action... box, and click OK?
Will IDS stop this service from running for good?
If yes, how can I unblock it?
Posted 06 October 2009 - 03:57 PM
Usually, if BitDefender detects a program through the Intrusion Detection System and you choose to block the program, a new rule will be created in the Active Virus Control Exclusion list and it will have the action Blocked. From that moment you will not be able to execute this program. If you change its action to Allow, you should be able to work with that program without any problems.
Unfortuantely, it seems that there is an incompatibility between the Sandboxie program and the BitDefender Intrusion Detection System. If you choose to block the program, you will not be able to use it after that, even if you change its action to Allow. We are currently investigating this issue and a fix should be released soon .
Thank you .
Posted 12 February 2010 - 11:33 AM
And now the issue becomes more "Severe" and Bitdefender detects legitimate applications which are even listed in its "Whitelist".
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users