Browser executable "blacklisted" after Bitdefender deleted it

[Mayonnaise]

I use Bitdefender Internet Security on Windows 11, and some time ago it happened to detect a threat while I browsed a site with the Librewolf browser. As a part of the disinfection, Bitdefender decided to delete the browser's executable file. After that, I simply have not been able to re-install the browser in the same path as before, since any attempts to write LibreWolf.exe in the same file path are simply denied, and an error message saying the system wasn't able to copy the file is shown. I have tried adding the folder to bitdefender's exclusions, but it didn't seem to help. It seems to have maybe altered something with the operating system itself?

I have ran out of ideas of what to do, and haven't found this exact case searching around, so I decided to ask here in hopes of clues of what might have happened.

 

[Steevo]

Can you browse to the folder location, after going to View in File Explorer and making sure Show Hidden files and File extensions are checked, take a screen shot and post it?

 

[ThrashZone]

Hi,
What path exactly ?

Seems you should be asking bitdefender support I mean you do pay for it right :/

 

[95Viper]

Bing AI recommends:

It appears that Bitdefender has taken action against a browser executable, causing it to be blacklisted. Let’s explore some steps to address this issue:

1. Add an Exception:
   • Bitdefender allows you to exclude specific files or folders from antivirus scans. To add an exception for the browser executable, follow these steps:
     1. Click Protection in the Bitdefender interface.
     2. In the Antivirus pane, click Open.
     3. Access the Settings tab and click Manage Exceptions.
     4. Click + Add an Exception.
     5. Enter the path of the browser’s executable file (with the .EXE extension) in the corresponding field.
     6. Alternatively, use the magnifying glass icon to browse your computer and select the executable file.
     7. Turn on the switch next to Antivirus and click Save1.
2. Submit a Request to Bitdefender Labs:
   • If the browser is safe but still blocked, consider submitting a request to Bitdefender Labs to correct the incorrect blocking. Provide the URL of the blocked website in the Notifications section of your Bitdefender Central account2.
3. Temporary Access:
   • When encountering the warning, you can click “I understand the risks, take me there anyway” at the bottom. This will allow you to access the site once, but subsequent visits may still trigger the block2.

Remember to exercise caution when adding exceptions, ensuring that you trust the website or application. If you encounter any issues, consider reaching out to Bitdefender support for further assistance. ️

I am not big on AI, however, it gave some sound advice...

 

[Mayonnaise]

Can you browse to the folder location, after going to View in File Explorer and making sure Show Hidden files and File extensions are checked, take a screen shot and post it?

In my attempt to recover my browsing session I ended up completely erasing the original folder, now I have LibreWolf installed in a folder at the drive root as C:/LibreWolf. The original folder was inside ProgramFiles, and even attempting to drag the librewolf executable file inside the folder (which still contained all the other files apparently) would result in the same error

Bing AI recommends:

It appears that Bitdefender has taken action against a browser executable, causing it to be blacklisted. Let’s explore some steps to address this issue:

1. Add an Exception:
   • Bitdefender allows you to exclude specific files or folders from antivirus scans. To add an exception for the browser executable, follow these steps:
     1. Click Protection in the Bitdefender interface.
     2. In the Antivirus pane, click Open.
     3. Access the Settings tab and click Manage Exceptions.
     4. Click + Add an Exception.
     5. Enter the path of the browser’s executable file (with the .EXE extension) in the corresponding field.
     6. Alternatively, use the magnifying glass icon to browse your computer and select the executable file.
     7. Turn on the switch next to Antivirus and click Save1.
2. Submit a Request to Bitdefender Labs:
   • If the browser is safe but still blocked, consider submitting a request to Bitdefender Labs to correct the incorrect blocking. Provide the URL of the blocked website in the Notifications section of your Bitdefender Central account2.
3. Temporary Access:
   • When encountering the warning, you can click “I understand the risks, take me there anyway” at the bottom. This will allow you to access the site once, but subsequent visits may still trigger the block2.

Remember to exercise caution when adding exceptions, ensuring that you trust the website or application. If you encounter any issues, consider reaching out to Bitdefender support for further assistance. ️

I am not big on AI, however, it gave some sound advice...

I tried adding the folder as an exception and that did not work. If it did, it wouldn't be a good idea to run the browser with it being in the exceptions list either, since it would prevent antivirus action on any kind of attack happening while browsing or downloading files. Which ironically is what got me into this situation, I guess.
As for points 2 and 3, the ai seems to have misunderstood the issue, as it's not a problem i'm having with acessing any specific website.

 

[ThrashZone]

Hi,
Ever think to uninstall and reinstall in a normal fashion yeah program files or program files x86 would be normal

You're acting like this browser is a portable in that you can put the browser.exe anywhere you want to and it just doesn't need to installed anything

Or it's installed and you want to Move the exe file somewhere else instead of a shortcuts from program files ... :/

 

[evernessince]

Well there's a simple way to determine if Bitdefender altered something in the OS or not, uninstall the program, shut down and cold start the PC, and see if the issue persists. If you don't get the issue after the uninstall then bitdefender didn't alter anything in the OS. If the issue persists after uninstall it could still be lingering files left by bitdefender (unlikely) or it could be a windows or file system corruption error.

Bitdefender and other anti-virus software use a kernel level driver that operates at the same security privilege level as the windows kernel. This means it can act outside of windows observation and controls. Your error message may be caused by Bitdefender intercepting and deleting the file before windows ever gets it's hands on it. It's a protection feature to prevent viruses and malware from spreading but can be a problem if not properly disclosed to the end user as often windows has no idea the anti-virus has done anything.

That including the folder in the exclusion list didn't help is problematic. You may want to try excluding the exe as well: https://www.bitdefender.com/consumer/support/answer/2393/

Also, I'm not sure if Bitdefender let's you reverse actions from it's action log but that's a good place to check to see what exactly bitdefender did, assuming their logging is robust.

 

[Vya Domus]

Unpopular opinion, third part anti virus software is not needed and will only cause you headaches, windows defender is enough.

 

[ThrashZone]

Unpopular opinion, third part anti virus software is not needed and will only cause you headaches, windows defender is enough.

Hi,
Seems more like the op is doing something they should not be doing hehe

 

[LabRat 891]

While it is possibly 'falsely flagging' the 'fresh' executable...
Years of 'Tech Services' work tells me to suspect a rootkit.

At least XP-7 era, it was very common for rootkits, trojans, etc. to immediately re-infect a browser .exe upon reinstall.

Скачать бесплатную пробную версию для защиты от вирусов | Лаборатория Касперского

Получите максимальную защиту от вирусов с нашими решениями. Загрузите бесплатные или пробные версии и защитите себя от новейших кибератак и угроз.

usa.kaspersky.com

Rootkit Scanner

Rootkits are one of the most malevolent and hardest types of malware to detect and remove from your device. Learn how Malwarebytes removes rootkits before they cause damage.

www.malwarebytes.com

IMO, if there is a rootkit involved
"write-off" everything on the drives, use a CD/DVD Read-Only Media OS installer and run DiskPart "CLEAN ALL" on the disks. Note: there are better bootable tools for such; I merely prefer '1st party' options, if workable
(It will take awhile, it's a full format + single-pass 0-write.)
These days, I'm not sure if a rootkit can infect more hidden places on a SSD/HDD or in UEFI. So, further mitigations may be required.

If there is an actual rootkit, worm, etc. involved, you'll need to go over every other device on your LAN w/ a fine-toothed comb, too.