Bitdefender support fail

Status
Not open for further replies.
L

likeastar20

Level 8
Thread author
Verified
Mar 24, 2016
361
Sent the file to BD, they said "We have received an update from our laboratory in which we are informed that the file is clean and currently not detected by our engines.
File 16890524015540_Setup_exe[7a7728a6ed63717026afc70d90780d54] declared CLEAN"

This also contradicts their sandbox behavior. This is the first failure I've seen from BD business support. How did they check the file?:D

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

shurk | 9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a | Triage

Check this shurk report malware sample 9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a, with a score of 10 out of 10.
tria.ge tria.ge

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com

1.PNG
 
Last edited:
  • Like
  • Wow
Reactions: MindaugasJ, Nevi, piquiteco and 4 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,635
Did you choose false positives instead of false negative by mistake?
Besides that, I had a couple of situations where I got a wrong reply like this one while they actually created a signature. The replies are written by support staff and they sometimes make mistakes.
I'll check if BD detects it. Btw, you can reply to that email, add details like why it's a malware, include Virustotal links, etc details like that. The support staff will forward that to the malware analysts and they will check the sample again. I have done this in the past.
Or contact chat as @RansomwareRemediation suggested.
 
  • Like
  • Applause
  • +Reputation
Reactions: Nevi, piquiteco, Trident and 8 others
L

likeastar20

Level 8
Thread author
Verified
Mar 24, 2016
361
SeriousHoax said:
Did you choose false positives instead of false negative by mistake?
Besides that, I had a couple of situations where I got a wrong reply like this one while they actually created a signature. The replies are written by support staff and they sometimes make mistakes.
I'll check if BD detects it. Btw, you can reply to that email, add details like why it's a malware, include Virustotal links, etc details like that. The support staff will forward that to the malware analysts and they will check the sample again. I have done this in the past.
Or contact chat as @RansomwareRemediation suggested.
Click to expand...
I replied to their email, let's see what they say. I still don't see any detection by BD on VT. Maybe you can try to send them the sample?
 
  • Like
Reactions: piquiteco, Dave Russo and simmerskool
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,178
likeastar20 said:
Still not a proper signature, just the behavior blocker doing it's job.
Click to expand...
I haven't said otherwise ;) as usual called "suspicious behavior" or similar one "generic...." always at first when the ATP (Advanced Threat Defense) does block unknown samples.
I have seen that for more than 100 times while testing BD Free. We will see if Bitdefender's professional analysts does add a more "proper detection name"
 
  • Like
  • Hundred Points
Reactions: Sunshine-boy, Nevi, piquiteco and 7 others
L

likeastar20

Level 8
Thread author
Verified
Mar 24, 2016
361
silversurfer said:
I haven't said otherwise ;) as usual called "suspicious behavior" or similar one "generic...." always at first when the ATP (Advanced Threat Defense) does block unknown samples.
I have seen that for more than 100 times while testing BD Free. We will see if Bitdefender's professional analysts does add a more "proper detection name"
Click to expand...
Did you send the sample?
 
  • Like
Reactions: silversurfer
L

likeastar20

Level 8
Thread author
Verified
Mar 24, 2016
361
Trident said:
You may have chosen by mistake “false positive” on the submission form. Support scanned the file quickly, saw there is no definition and closed the case.
Click to expand...
Could be a possibility, that's why I'm waiting for someone else to send the sample and see
 
  • Like
Reactions: silversurfer
Status
Not open for further replies.

Similar threads

L
    • Like
    • +Reputation
  • Locked
Malware Analysis Capcut fake stealer
Replies
76
Views
5,954
Malware Analysis Archive
silversurfer
silversurfer
Sandbox Breaker
    • Like
    • +Reputation
Signed Sample - Very Suspect
Replies
5
Views
783
Malware Analysis Archive
harlan4096
harlan4096
Sandbox Breaker
    • Like
  • Locked
Evasive VBS with very low VT
Replies
74
Views
4,301
Malware Analysis Archive
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top