BitDefender blocks RunCPL.exe

Started by Sergiu FUNIERU, February 18, 2010, 09:41:36 PM

Previous topic - Next topic

Sergiu FUNIERU

I think highly of BitDefender, although it sometimes gets overzealous. :)

I prefer to have false alerts, than to be infected. I started using BitDefender in 2004. I wasn't infected since.

The solution I use is to add a certain file to the exception list.

I attached an actual snapshot, generated by my BitDefender Internet Security 2008.


hutch--

Sergiu,

There is a not a lot you can do about lousy heuristic scanning. The source for runcpl is included so the AV scanner is obviously defective. If you can put them on a list to exclude the scanner then its probably the best you can do.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

Sergiu FUNIERU

Quote from: hutch-- on February 18, 2010, 10:12:46 PMThe source for runcpl is included so the AV scanner is obviously defective.
Even if the source of runcpl hadn't been included, it would have been your word against the opinion of the antivirus. And I didn't question your word even for a clock cycle.

My antivirus is like a dog that sometimes bites my mother-in-law. As long as the dog keeps my home safe, I will forgive it.  :bg


oex

Defective works both ways.... If it finds stuff to be defective it shouldnt it will potentially not find things it should.... Finding stuff to be defective using sweeping gestures is like saying a whale is a fish.... Be afraid, very afraid :lol
We are all of us insane, just to varying degrees and intelligently balanced through networking

http://www.hereford.tv

BlackVortex

Oh nonono, BitDefender is very bad, trust me on this.

Even though I'm a stranger on the internet, you should trusts me and uninstall that. Better use the free MS Security Essentials.

MichaelW

QuoteDefective works both ways.... If it finds stuff to be defective it shouldnt it will potentially not find things it should.

Your logic is faulty IMO. One does not necessarily imply the other; it depends on the specific defect.
eschew obfuscation

oex

My logic is misleading but not faulty :bg.... False positives in AV code show either lack of completeness of logic or lack of logic, most probably the former which potentially means defects and much less likely the latter which almost definately means defects.

The best security measure is not relying on 3rd party software last line of defense wherever possible.

Having said this I do have great respect for the job these AV coders do, I just prefer to talk down unverifyable security statements for the sake of the less experienced user.

I think I read that MS protected against 85% of threats in some test run when it was released.... If BitDefender protects against 99% of known and unknown threats I would still be carefull what I installed and where I got it from
We are all of us insane, just to varying degrees and intelligently balanced through networking

http://www.hereford.tv

jj2007

False positives are created by heuristic scanners. The reason why they use heuristic scanners is that virus writers are always a step ahead - once the AV has included the new highly specific signature in the gigabyte database, you are safe, but between virus release and discovery you aren't. In that short period, a routine that says "can't find any specific signature, but a proggie under 10 kBytes is suspicious" has a certain limited value.

My masm32\examples folder has 333 *.asm files, my other folders have over 1,000 sources, and my AV (Avira) does not complain about any of these files, except on rare occasions; which means their heuristic scanners are much better than "a proggie under 10 kBytes is a virus".

Still, they could do better than that. I hope some AV authors are hanging around in this forum trying desperate to find the rules that distinguish an innocent 2k proggie (99% of all executables posted here) from an evil 2k proggie
:bg