I’ve been trying out bitdefender but on my desktop PC I keep running into an issue where at some time period after installing bitdefender, I will lose the ability to reach sites in the browser, discord will not reach the servers, and generally nothing can get out of the network. The computer even disappears on the SMB network.
What I find is that google properties will still have their cached SSL cert, but not connect.
Non main properties, like a small local forum I visit typically will get it’s SSL cert replaced by bitdefender.
When this is happening, those sites that get the Bitdefender SSL. don’t have any SSL. It shows the page as I can’t reach it, and it’s insecure.
Rebooting will fix it for a moment, then something starts up and it’s blocked again. Turning everything off you can turn off in the UI of bitdefender, and the problem persists. Uninstall bitdefender, it’s fixed.
I’m working with support but they haven’t really been a help. What’s going on?
*** UPDATE ***
Support said to do the following
- Open Bitdefender and click on Protection on the left-hand side of the main interface.
- In the Online Threat Prevention module, click on Settings.
- In the Settings tab, switch OFF the Encrypted web scan option.
That seemed to help. I had to wait a long time for the computer to quit trying to talk to everything when it reboot and I’m just tired of messing around with bitdefender. I think I’ll uninstall and get something else.
Try this article to locate the culprint module that is causing this and reach to support with that info to assist you further
Do you by chance have a Firewalla or other network security device/router that does port or vulnerability scans on your network?
I love when vendors say that. Yeah, turn off the paid feature
Support said this
Open Bitdefender and click on Protection on the left-hand side of the main interface.
In the Online Threat Prevention module, click on Settings.
In the Settings tab, switch OFF the Encrypted web scan option.
I have Opnsense running on a hardware device between my cable router and my home network. Only port 80 makes it to my internal network from the internet. no other vulnerability scans are setup.
Follow up with them if it works with this option disabled, sounds like a bug
Wondering if you have port forwarding open to the Internet and the noise of the Internet someone is scanning port 80. Bitdefender detects ports scans and kills Internet from the offending IP for 2 hours or until next reboot. To BD it looks like your OpnSense router is port scanning. My Firewalla has a Vuln Scanner and will cause BD to kill my Internet. Disabling Port Scan protection in the Firewall module if I recall was how I fixed it.
Could try the same or close the firewall port on your router for a bit and see if that stops. I’ve never seen issues with SSL decryption cause an issue in BD.
I just gave up on it. I think the software is poorly written and don’t have the type of time necessary to be their test subject. Maybe someone else has the time but I don’t.
Here is how it is related to SSL.
When everything is working, I can look at a SSL cert for a local forum I follow and I see the Cert Issued to the site, and issued by Bitdefender Personal CA.Net-Defender
When it doesn’t work, that cert now shows your connection to this site is not secure.
I believe this is their Encrypted Web Scan feature. I think they essentially create a man in the middle exploit in memory on the computer, issuing their cert that routes traffic through their sniffer. This is likely why if a problem develops with it, I lose all network connectivity.
I can’t trust the software.
Is it only specific websites that could possibly be using certificate pinning? Like if you create an exclusion in the web scanner does everything work?
Not sure what you mean by man in the middle memory exploit in memory. Every antivirus on the market and most enterprise firewalls are all doing SSL/TLS inspection and that requires using their own cert to break the encryption so that can ensure malware or an attack/exploit isn’t coming through an encrypted channel and going unnoticed. Of course as cert pinning, TLS1.3, QUIC, etc pick up steam it becomes much harder for any vender to do.
Correct, if they are using their cert, they are essentially a man in the middle… a piece of software between the browser .
It’s not just web traffic that gets blocked. I can no longer reach that machine on my network, either. All network traffic gets blocked.