Question Bitdefender service blocked by ASR rule

Please provide comments and solutions that are helpful to the author of this topic.

Zartarra

Zartarra

Level 7
Thread author
Verified
Well-known
May 9, 2019
314
Hello,

I am testing Bitdefender Total. I used local GPO's to config my system including MS Defender policies. This morning I got an interesting warning from a MS Defender ASR rule. It seems that a Bitdefender service is blocked because it use a signed driver that is being exploited.

1710493700839.png


I contacted Bitdefender support. So I am waiting what the have to say.

Anyone else with the same error?

Kind regards,

Zartarra
 
  • Like
Reactions: simmerskool, Dave Russo, Trident and 3 others
L

LennyFox

Level 7
Jan 18, 2024
307
@Zartarra thanks for sharing

As far as I know, the ASR rules only apply when Microsoft Defender still is your active antivirus. Probably your group policy settings prevent MD from being deactivated.

I just installed BitDefender Free without problems with Malware Defender on MAX (using Configure Defender to enable all ASR rules).

On a site note: the Online Protection part checking on misused certificates and certificates of non trustworthy issuers (or issuers with misused certificates) is very chatty. I disabled that setting (has a few false positives because it also blocks websites connections of web services using certificates of issuers with a past problem, e.g. Github). Browsers have sufficient (HTTPS) certificate protection.
 
Last edited:
  • Like
Reactions: simmerskool, Ville, Zartarra and 6 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
LennyFox said:
@Zartarra thanks for sharing

As far as I know, the ASR rules only apply when Microsoft Defender still is your active antivirus. Probably your group policy settings prevent MD from being deactivated.

I just installed BitDefender Free without problems with Malware Defender on MAX (using Configure Defender to enable all ASR rules).

On a site note: the Online Protection part checking on misused certificates and certificates of non trustworthy issuers (or issuers with misused certificates) is very chatty. I disabled that setting (has a few false positives because it also blocks websites connections of web services using certificates of issuers with a past problem, e.g. Github). Browsers have sufficient (HTTPS) certificate protection.
Click to expand...
User WHHL or H_C to enable ASR rules and not Configure Defender since your not using Microsoft Defender as your AV. You can then Whitelist if needed inside WHHL or H_C.
 
  • Like
Reactions: simmerskool, Zartarra and LennyFox

Similar threads

Victor M
    • +Reputation
    • Like
    • Hundred Points
  • Suggestion
Setup Idea Default Deny Windows Firewall setup How To
Replies
7
Views
2,533
PC Setup Ideas
Victor M
Victor M
Bot
    • Like
Releasing Windows 11 Build 22000.1879 to the Release Preview Channel
Replies
0
Views
425
Windows 11
Bot
Bot
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,843
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top