Jump to content


Photo

[solved] Question About Intrusion Detection


  • This topic is locked This topic is locked
6 replies to this topic

#1 Viscon

Viscon

    Regular Poster

  • Regular Bitdefender Poster
  • PipPip
  • 115 posts

Posted 01 October 2009 - 09:34 AM

Situation: Intrusion Detection alerts about possible threat and asks whether to allow or block some process execution.
Now if I choose to allow and tell IDS to remember that, IDS adds a process to trusted list.
On a contrary, if I tell IDS to block the process and check to remember that, IDS adds process to untrusted list.
In both cases IDS will never ask about that process again.
What if I make a mistake?
How can I remove a process from one or another list mistakenly put on?

Appreciate any help...

#2 Alex Stanciu

Alex Stanciu

    Technical Support

  • Regular Bitdefender Poster
  • PipPipPipPipPip
  • 1,834 posts
  • Gender:Male
  • Location:Bucharest, Romania

Posted 01 October 2009 - 04:03 PM

Hello Viscon,

You cannot tell IDS what process to allow or block. It will check the Firewall white list for the processes that belongs to trusted application, or it will check if the processes are digitally signed and it will automatically allow the corespondent application to connect to the Internet . It is a feature that have common components with BitDefender Active Control and it will add extra protection against any attempts to access your network, attempts to stop the BitDefender processes and any attempts from a malware application to inject into processes.

Thank you .

#3 Viscon

Viscon

    Regular Poster

  • Regular Bitdefender Poster
  • PipPip
  • 115 posts

Posted 01 October 2009 - 06:00 PM

Hmm... sorry but I don't quite get it then.
Let's see an example.
I start Sandboxie, and the process SbieSvc.exe is automatically caught by IDS



I scanned the whole Sandboxie folder before and BDIS didn't detect anything suspicious.
But what do those Allow and Block buttons mean?
If I click Allow, Sandboxie starts.
And every next time IDS alerts me with the same pop-up, unless I check Remember this action... box.

However, what if I check Remember this action... box, and click OK?
Will IDS stop this service from running for good?
If yes, how can I unblock it?

TIA


#4 Alex Stanciu

Alex Stanciu

    Technical Support

  • Regular Bitdefender Poster
  • PipPipPipPipPip
  • 1,834 posts
  • Gender:Male
  • Location:Bucharest, Romania

Posted 06 October 2009 - 03:57 PM

Hello Viscon,

Usually, if BitDefender detects a program through the Intrusion Detection System and you choose to block the program, a new rule will be created in the Active Virus Control Exclusion list and it will have the action Blocked. From that moment you will not be able to execute this program. If you change its action to Allow, you should be able to work with that program without any problems.

Unfortuantely, it seems that there is an incompatibility between the Sandboxie program and the BitDefender Intrusion Detection System. If you choose to block the program, you will not be able to use it after that, even if you change its action to Allow. We are currently investigating this issue and a fix should be released soon .

Thank you .

#5 Viscon

Viscon

    Regular Poster

  • Regular Bitdefender Poster
  • PipPip
  • 115 posts

Posted 06 October 2009 - 04:07 PM

Thnx Alex,
I'll keep this in mind.

#6 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 12 February 2010 - 11:33 AM

I am also facing this issue and put forward this issue against "Ticket ID:200911241004892", but get no response yet.

And now the issue becomes more "Severe" and Bitdefender detects legitimate applications which are even listed in its "Whitelist".


Regards

#7 Cris

Cris

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,360 posts
  • Gender:Male
  • Location:Galați/Iași, România
  • Interests:- Programming and scripting (C/C++, ASM, Java, Haskell, a little PHP, JS and XSL for the moment...hope for more)<br />- Biking trips

Posted 12 February 2010 - 12:15 PM

Futher questions about AVC and IDS should be psoted here: http://forum.bitdefe...showtopic=16865
This topic will be closed, since the original question (from the first oost) has been answered.

Cris.

== CLOSED ==
== Solved issue ==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users