Question Bitdefender service blocked by ASR rule

Please provide comments and solutions that are helpful to the author of this topic.
Zartarra

Zartarra

Level 8
Thread author
Verified
Well-known
Forum Veteran
May 9, 2019
396
2,279
670
-_-
Hello,

I am testing Bitdefender Total. I used local GPO's to config my system including MS Defender policies. This morning I got an interesting warning from a MS Defender ASR rule. It seems that a Bitdefender service is blocked because it use a signed driver that is being exploited.

1710493700839.png


I contacted Bitdefender support. So I am waiting what the have to say.

Anyone else with the same error?

Kind regards,

Zartarra
 
  • Like
Reactions: simmerskool, Dave Russo, Trident and 3 others
@Zartarra thanks for sharing

As far as I know, the ASR rules only apply when Microsoft Defender still is your active antivirus. Probably your group policy settings prevent MD from being deactivated.

I just installed BitDefender Free without problems with Malware Defender on MAX (using Configure Defender to enable all ASR rules).

On a site note: the Online Protection part checking on misused certificates and certificates of non trustworthy issuers (or issuers with misused certificates) is very chatty. I disabled that setting (has a few false positives because it also blocks websites connections of web services using certificates of issuers with a past problem, e.g. Github). Browsers have sufficient (HTTPS) certificate protection.
 
Last edited by a moderator:
  • Like
Reactions: simmerskool, Ville, Zartarra and 6 others
LennyFox said:
@Zartarra thanks for sharing

As far as I know, the ASR rules only apply when Microsoft Defender still is your active antivirus. Probably your group policy settings prevent MD from being deactivated.

I just installed BitDefender Free without problems with Malware Defender on MAX (using Configure Defender to enable all ASR rules).

On a site note: the Online Protection part checking on misused certificates and certificates of non trustworthy issuers (or issuers with misused certificates) is very chatty. I disabled that setting (has a few false positives because it also blocks websites connections of web services using certificates of issuers with a past problem, e.g. Github). Browsers have sufficient (HTTPS) certificate protection.
Click to expand...
User WHHL or H_C to enable ASR rules and not Configure Defender since your not using Microsoft Defender as your AV. You can then Whitelist if needed inside WHHL or H_C.
 
  • Like
Reactions: simmerskool, Zartarra and ForgottenSeer 107474
The answer from Bitdefender was rather poor. The suggestion was to remove the other anti-virus product (MS Defender in my case).
 
  • Wow
Reactions: ErzCrz and upnorth

You may also like...