New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bitdefender Ransomware Positive Detection, hopefully "False" #9675

Open
Quoddity opened this Issue Oct 10, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@Quoddity

Quoddity commented Oct 10, 2018

qBittorrent version and Operating System

qBittorrent version v4.1.3
Windows 7 Home, 64x, SP1
Bitdefender Total Security 2019. Build 23.0.10.31 (up-to-date as of today)

What is the problem

Bitdefender Ransomware Module is currently yielding a positive detection to certain actions in qBittorrent. It does not detect ransomware behavior when I use uTorrent 2.2.1. In my examples, it has always been a false positive, but I am wondering if there is a possible security hole here.

What is the expected behavior

qBittorrent is halted by the Ransomware detection module, and must be restarted until another positive detection halts qBittorrent.

Steps to reproduce

Any one of three separate actions seem to cause the ransomware module to halt qBittorrent. There are possible other actions which also cause it.

  1. When a torrent completes downloading;
  2. When I delete both torrent & file after completion from within qBittorrent (right click);
  3. When I deselect one file (I think it's usually 100% downloaded, not sure) from multiple files from within one incomplete torrent. eg., deselecting the txt file which usually designates where the file was downloaded from.

Extra info(if any)

This is not urgent, since I can exclude qBittorrent from the Ransomware Detection module, but my concern is a possible security hole (or a faulty detection method on BitDefender's side).
I suspect the false positive is being caused by how qBittorrent is moving files in all of the above reproducible steps. (In example #3, qBittorrent will create a subfolder entitled ".unwanted" and move the file in there.)
I have configured my system to keep incomplete torrents in a separate folder. Both folders are located on a secondary internal HD.
I have the same setup with uTorrent 2.2.1 and it does not cause the Ransomware detection module to detect anything suspicious.
For reasons independent of this problem, I reinstalled my OS and this behavior has repeated itself.

@FranciscoPombal

This comment has been minimized.

Show comment
Hide comment
@FranciscoPombal

FranciscoPombal Oct 13, 2018

Contributor

This is 100% not an issue with qBittorrent.
Either:
a) Btidefender is issuing a false positive;
b) A torrent you downloaded via qBittorrent contains actual ransomware.

Contributor

FranciscoPombal commented Oct 13, 2018

This is 100% not an issue with qBittorrent.
Either:
a) Btidefender is issuing a false positive;
b) A torrent you downloaded via qBittorrent contains actual ransomware.

@Piccirello

This comment has been minimized.

Show comment
Hide comment
@Piccirello

Piccirello Oct 14, 2018

Contributor

From where did you download and install qBittorrent?

Contributor

Piccirello commented Oct 14, 2018

From where did you download and install qBittorrent?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment