Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 29 subscribers
  • Views 7884 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone else having issues with Bitdefender updates?

Casual_User

I used to have issues with Bitdefender updating on my Macs at home.  That has worked fine once I got past the initial download (I had to exempt my computer from scanning the Bitdefender installation file).

Now, the Windows 10 machine cannot update.  I created an exemption for the Bitdefender domain under Protect -> Web -> Exemptions.  I exempted the domain from all scanning and filtering.  That did nothing. Bitdefender still would not update.  Interestingly, it would get as far as 98% before it quit.  The ONLY way I could get it to work was to create a new firewall rule for that particular computer that allowed all access to WAN without any filtering.  On the face of it, this would seem to be the same thing as creating an exemption rule.  I have the feeling that the exemption rules don't exempt all the things that are requested...

At the moment, it is a pain to create a firewall rule each time we need to update Bitdefender on the Win10 box...



This thread was automatically locked due to age.
Parents
  • 0

    Could be IPS or ATP? Did you check the livelog ? 

  • 0 in reply to LuCar Toni

    Hello,

    The ATP log is completely empty.  The IPS log shows blocked connections with the destination IP that of the affected machine but nothing with the affected machine as the source IP.  So, it appears that the logs are not capturing the cause of the issue.

    Regarding the IPS logs of the affected machine as the destination, there are a handful of entries but they are dated July of this year.  So, they would not be related to the Bitdefender issue.

    Thank you for your assistance.

  • 0 in reply to Casual_User

    I still have the same problem.

    Update works fine until 98% and then it stops.

    Didn't find any solution yet.

  • 0 in reply to FNP

    Did you already open a Support Case for this? 

    There should be something dropping in this scenario...

    You could perform a drppkt (Drop packet capture) on Advanced Shell. 

    Advanced Shell: drppkt | grep IP_of_Client

  • 0 in reply to LuCar Toni

    I ran that in advanced shell.  The following are the more interesting of the dropped packets.  The majority of the dropped packets were going from the affected IP to 192.168.2.255 (which is nowhere):

     

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52884 > 13.107.18.254.443 : proto TCP: R 2128588112:2128588112(0) checksum : 48985

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=13.107.18.254 l4_protocol=TCP source_port=52884 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52881 > 204.79.197.222.443 : proto TCP: R 2458821135:2458821135(0) checksum : 47874

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=204.79.197.222 l4_protocol=TCP source_port=52881 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52885 > 13.107.3.254.443 : proto TCP: R 1996296469:1996296469(0) checksum : 26225

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=13.107.3.254 l4_protocol=TCP source_port=52885 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52868 > 13.107.6.158.443 : proto TCP: R 3589661263:3589661263(0) checksum : 65137

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=13.107.6.158 l4_protocol=TCP source_port=52868 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52870 > 13.107.6.158.443 : proto TCP: R 2710062173:2710062173(0) checksum : 13773

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=13.107.6.158 l4_protocol=TCP source_port=52870 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52865 > 13.107.21.200.443 : proto TCP: R 2004988789:2004988789(0) checksum : 48436

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=13.107.21.200 l4_protocol=TCP source_port=52865 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:48 010202130 IP 192.168.2.1.52869 > 72.21.91.29.80 : proto TCP: R 2822347668:2822347668(0) checksum : 13240

    Date=2018-12-08 Time=10:29:48 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.2.1 dest_ip=72.21.91.29 l4_protocol=TCP source_port=52869 dest_port=80 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2018-12-08 10:29:49 0103021 IP 192.168.2.1.138 > 192.168.2.255.138 : proto UDP: packet len: 206 checksum : 64698

    Date=2018-12-08 Time=10:29:49 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=4 source_mac=xx:xx:xx:xx:xx:xx dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=192.168.2.1 dest_ip=192.168.2.255 l4_protocol=UDP source_port=138 dest_port=138 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1027263936 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    I made only one alteration in the last packet where I crossed-out the source MAC address.  The last packet was repeated a number of times for a variety of LAN IPs.

    Thank you for any assistance.

  • 0 in reply to Casual_User

    Only RESET Packets. 

    https://community.sophos.com/kb/en-us/131754

    Seems like the application has some issues, do not know how, but we are only dropping RST Packets.

    https://stackoverflow.com/questions/251243/what-causes-a-tcp-ip-reset-rst-flag-to-be-sent

  • 0 in reply to LuCar Toni

    Thanks,

    I increased tcp-eat-idle-timeout to 21600 (doubling it) and it made no difference.  Looks like I'll have to create a temporary firewall rule to allow traffic from that LAN IP so that the update can install...

Reply Children
  • +2 in reply to Casual_User

    I`ve got it.

    Web -> Exception -> New Entry "Bitdefender Updates"

    URL Pattern-Match

    ^([A-Za-z0-9.-]*\.)?bitdefender\.com\.?/

    ^([A-Za-z0-9.-]*\.)?bitdefender\.net\.?/

    ^([A-Za-z0-9.-]*\.)?bitdefender\.de\.?/

    And check all buttons on the right side.

    That's it. Works fine for me.