McMcbrad

Level 1

Hello everyone,​


I saw something interesting in Bitdefender this morning, which I've not seen before.

Apparently it's got some IPS-like functionality for real. They do advertise it on the website, but I never saw it in action till now.

It has blocked 4 interesting attacks coming from my router. This totally makes sense, as I was testing Avast on one of my devices. Avast performs some sort of router check-up, by attacking it.
1603003956297.png
1603004031050.png
1603004073963.png
1603004100773.png
1603004144711.png
 

McMcbrad

Level 1
Was the test you did with Avast just a network scan, and did you have both active on the same computer when Bitdefender blocked ?or just another computer using same router?The reason I ask is to duplicate your test and see if Kaspersky cloud has this
That’s actually a great idea, I was going to ask if someone can duplicate the test with Kaspersky. It was tested on another computer, connected to the same router. I ran the Avast Smart Scan which automatically checks the router as well.
 
  • Like
Reactions: Protomartyr

SeriousHoax

Level 29
Verified
Malware Tester
Is the blocking related to port scanning? In that case I have seen this from Bitdefender before. Even in Kaspersky I think. Most AV with Firewall if not all blocks port scanning. If it's not related to port scanning then I don't know.
 
  • Like
Reactions: Protomartyr

McMcbrad

Level 1
I believe KIS have similar features:

View attachment 247504
It’s got similar features for sure, just didn’t know Bitdefender has it as well.
Hi, What is Bitdefender IPS-Like Function, please do tell?:confused:


The IPS functionality in Bitdefender’s aimed at blocking intrusions. Bitdefender has it since 2019, but I never saw an alert, mainly because Bitdefender always blocks malicious URLs before they got the chance to instantiate an exploit attempt.

Intrusion can be every attempt to compromise your security over the internet - might be malware that tries to self-propagate, might be a hacker trying to gain access, or it simply might be a compromised website, trying to use holes in your browser to infect you.
I’ve seen Bitdefender blocking sites because of their expired certificate, but never saw any other IPS features in action.
 

McMcbrad

Level 1
Is the blocking related to port scanning? In that case I have seen this from Bitdefender before. Even in Kaspersky I think. Most AV with Firewall if not all blocks port scanning. If it's not related to port scanning then I don't know.
It’s not port scanning, Avast uses known exploits to check your router security. I’ve seen alerts from other systems, like Symantec Endpoint Protection and I know for sure it’s not a port scan. Furthermore, a portscan won’t attempt to use injection? Whatever the injection they mean, I am thinking SQL injection most likley, neither will it try gaining access to files. This is some sort of UPNP vulnerability most likely.

I got no idea how Bitdefender blocks these attacks, but it’s not signature-based IPS like Symantec, it’s probably behaviour or policy-based like in McAfee ENS.
 
Last edited:
Top