- Content source
- https://youtu.be/sQYe3SYA0kQ
Bitdefender's challenge.
- Thread starter Andy Ful
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I created this video as the continuation of the AVs challenge to show that Antimalware kernel drivers and protected services of popular AVs can be tampered with (from Userland with high privileges), assuming that they are not protected by VBS.
The presented method could be used in the wild because the most important part of it is documented. If so, it was used rarely because I did not see any reference on the web.
It does not use vulnerable drivers and does not abuse PPL.
The presented method is not a full attack, and it is not probable that it can affect home users. However, it can probably be used as a part of targeted attacks in businesses.
Bitdefender is taken only as an example. The presented method was tested by the author on several well-known Antiviruses, with similar effects.
The presented method could be used in the wild because the most important part of it is documented. If so, it was used rarely because I did not see any reference on the web.
It does not use vulnerable drivers and does not abuse PPL.
The presented method is not a full attack, and it is not probable that it can affect home users. However, it can probably be used as a part of targeted attacks in businesses.
Bitdefender is taken only as an example. The presented method was tested by the author on several well-known Antiviruses, with similar effects.
App Review - The Comodo's challenge.
App Review - Comodo's challenge part 2.
App Review - Eset's challenge.
App Review - Microsoft Defender's challenge.
Last edited:
Nice test.
I wonder how Emsisoft holds up to this. I read somewhere on their website that it's self protected, particularly if a password is set.
I wonder how Emsisoft holds up to this. I read somewhere on their website that it's self protected, particularly if a password is set.
The password is probably to protect the current settings and not to protect kernel drivers.
It would be strange to leave the choice of protecting kernel drivers with a password to the customers.
Last edited:
@Andy Ful At this point my brother... You have found a serious flaw. I hope you are compensated well for this.
In all honesty... I've seen fleets of machines get hijacked via MS OTA. There is a reason NiST and CIS configs benchmark it to off (p2p ms update). 
MS also recently flipped it off by default. To many undisclosed RCE's lol
MS also recently flipped it off by default. To many undisclosed RCE's lol
I also opened a thread in the Bitdefender Expert Community:
community.bitdefender.com
Bitdefender's challenge.
Hi, Here is a video test from the MalwaeTips forum about tampering with Bitdefender's drivers and protected services:
community.bitdefender.com
You may also like...
-
-
Bitdefender Total Security 2026- Started by Shadowra
- Replies: 60
-
iDefender Pro (Présentation & Reviews)
- Started by Shadowra
- Replies: 8
-
Video... Windows Hardening Guide 2025 Edition- Started by annaegorov
- Replies: 3
-
Osprey Browser Protection Reviews
- Started by Shadowra
- Replies: 86