Then why BD is showing four vulnerabilities (weak settings) for IE? That's weird.
No. Genuine MSDN ISO
BD Online Threat Prevention Critical Warning
- Thread starter Divine_Barakah
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Well some of those IE settings still matter to MsEdge I think. What are they ?
It adds up to basically to allowing malicious downloads. But BD is not giving out their gpedit path. And as I remember IE got a ton of them. Could be a downgrade attack where the attacker sets up low security to enable future move.
So I count 3 problems.
1. Unexpected change to non-ISP DNS server allows BD to connect.
2. IE vulnerabilities discovered, BD says they were modified.
3. MsEdge connecting outbound without permission or interaction to a non-MS site
I don't know, I've got a suspicious mindset. You set the threshold to make this an incident.
So I count 3 problems.
1. Unexpected change to non-ISP DNS server allows BD to connect.
2. IE vulnerabilities discovered, BD says they were modified.
3. MsEdge connecting outbound without permission or interaction to a non-MS site
I don't know, I've got a suspicious mindset. You set the threshold to make this an incident.
Last edited:
I'm now more concerned. Any suggestions? This is a clean install of Windows 11 Enterprise LTSC 2024.
I would re-install LTSC offline ( using BypassNRO=1 DWORD registry key at HKLM>Software>Microsoft>Windows>CurrentVersion>OOBE ), Use the ISP's DNS. install BD while offline if possible. Then go online and immediately activating BD. And see if the same problems re-occur. If nothing then good. Then if BD doesn't report those same vulnerabilities better. And if BD doesn't alert you to the same outgoing MsEdge connection, then I would say you had an intrusion.
Last edited:
Do you think it is BD that caused the issue because it tries to scan encrypted traffic and it failed to install it's certificate?
Ive seen many issues caused by Encrypted Traffic Scan on BD Community and on Reddit, so my problem might be related?
As for the detected vulnerabilities, I hope one of BD users here could confirm if the same vulnerabilities were detected by BD on their devices.
But even if BD couldn't install it's own cert, that doesn't explain why MsEdge was connecting to that site, which is non-MS.
If you are willing to wait a day for BD users to chime in regarding those vulnerabilities then go ahead and wait. But re-installing LTSC and BD only takes 45 mins.
If you are willing to wait a day for BD users to chime in regarding those vulnerabilities then go ahead and wait. But re-installing LTSC and BD only takes 45 mins.
Turn off your machine if you are going to bed. It's 1am in Egypt.
I see your point here, but I don't want to reinstall Windows because I need to understand what happened, so I'm waiting for BD support because they might ask me to provide them with other logs.
Regarding Edge attempting to connect, this user on Reddit experienced the same warning to the exact connection. Thus, @Parkinsond has a point about the possibility of this being a FPs
Post in thread 'BD Online Threat Prevention Critical Warning' Advice Request - BD Online Threat Prevention Critical Warning
You have official LTSC .ISO right? But how do you activate it? Cheap bought key then fine, but if it's KMS or what ever pirated activator is in fashion that may be your problem?
I downloaded the iso and check the hash to verify it. I activated it with a product key.
Well then you shouldn't have a problem, Windows is always calling out that's the problem, sometimes its fine and then sometimes maybe malicious.
If concerned you probably have to reinstall Windows and try again.
Not saying that you definitely have an intrusion, but in incident response, quick decisive mitigation is best. You can't let it linger - you won't know what they'll do to ensure persistence, maybe add a rootkit, maybe add another backdoor, maybe add a boot sector infection, maybe leap onto other machines in the LAN ...
If you want to wait for BD tech support to explain things, then add network segmentation and confine your machine. Network containment is the first thing to do when you suspect an intrusion. Then do a second opinion scan ( Norton Pencil, KVR ...) Then you can afford to wait.
Or simply re-install and you will have a definite answer.
If you want to wait for BD tech support to explain things, then add network segmentation and confine your machine. Network containment is the first thing to do when you suspect an intrusion. Then do a second opinion scan ( Norton Pencil, KVR ...) Then you can afford to wait.
Or simply re-install and you will have a definite answer.
Last edited:
Dude Ur freaking me out
I've just sent BD support more logs.
Btw I installed Kerish Doctor and ran a full scan and I did not see anything special. It's either a FP by Bitdefender or their root certificate caused the warnings.
Update
I tried to reproduce what happened.
1- I reverted to ISP provided DNS everywhere
2- Bitdefender after a while threw some warnings.
Then I went to online Threat Prevention and turned off "Encrypted web scan" ta da issue disappeared.
Now waiting for BD to confirm that so that I can rest in peace.
Edit:
I found this which is the exact issue I experienced.
I tried to reproduce what happened.
1- I reverted to ISP provided DNS everywhere
2- Bitdefender after a while threw some warnings.
Then I went to online Threat Prevention and turned off "Encrypted web scan" ta da issue disappeared.
Now waiting for BD to confirm that so that I can rest in peace.
Edit:
I found this which is the exact issue I experienced.
Last edited:
As for the vulnerabilities in IE that were detected by BD, it seems that a lot of Microsoft components still use IE. The default settings are considered "unsafe" that's why BD reported them.
So IE is still present in the system, but hidden.
So IE is still present in the system, but hidden.
The issue is an ongoing one since ages. I've just found this on Google Chrome Help
This dates back to Feb 2020 and now I'm quite sure that the issue is caused by Encrypted web scan in BD's Online Threat Prevention component.
This dates back to Feb 2020 and now I'm quite sure that the issue is caused by Encrypted web scan in BD's Online Threat Prevention component.
How is it the same? You got a cert warning to moneytize something dot live. And your quoted example was for google.
And this one is another different url.
The problem is not the "connection relying on an expired certificate ". The problem is that MsEdge is connecting outbound without any interaction on your part navigating to the site moneytize.
You may also like...
-
Windows 11 KB5083769 April 2026 Patch Tuesday update- Started by Gandalf_The_Grey
- Replies: 5
-
Analysis of system protection against active online malware – July 2025- Started by Adrian Ścibor
- Replies: 165
-
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts- Started by Brownie2019
- Replies: 4
-
FCloudflare tracked 230 billion daily threats and here is what it found
- Started by ForgottenSeer 116559
- Replies: 3
-
Three Unpatched Vulnerabilities Plague Comodo. Documented Online.- Started by Trident
- Replies: 348