hmm...fishy. exploit.http.empireHTTPListener detected. Or maybe not fishy. UI3

Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
I know there are tons of false alarms and false detections out there for virus scanners and all that. I'm 98% sure this is such a circumstance.
When I pulled up my UI3 from my computer (192.168.1.100), Bitdefender quickly popped up with threat notification of the HTTP listener detected from 192.168.100 port 81 (which is UI3).
Did a google search of what a HTTP Listener is... and already lost :) Some kind of exploit. I have used UI3 for months with same IP so pretty sure false detection. Just wanted to run it past the folks here. Never know in today's hacky world.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,007
Location
USA
192.168.1.100 is your Blue Iris server's LAN address?


That certainly does sound like a false alarm. I did some googling and it sounds like an "empire http listener" is something a hacker might install on their own server to help them control computers they have infected. Why Bitdefender would think Blue Iris is one of these, I have no idea.
 

CCTVCam

Known around here
Joined
Sep 25, 2017
Messages
2,660
Reaction score
3,480
Bitdefender is one of the best for virus detection but as with anything that's sensitive it can be prone to false alarms. That said I've not had one for a long time on mine. Last time was when installing a legitimate program. This does sound a bit like a generic code identification which is what most false alarms tend to be. The maker in my case had to contact Bitdefender to get his program white listed. You can submit a file for analysis to Bitdefender, however the size is very limited so you probably couldn't just submit the UI. You'd need to identify the exact location and affected file from the logs and then copy and submit that. You may think why submit a file if you'r pretty confident it's a false alarm - the advantages are it may help it get white listed and you know 100% it's clean when checked. You can exclude the file from scanning manually. However, it's risky to do this without being 100% confident it is totally safe as once done, if there was a virus, it's free to run riot. It' very rare to get a virus from a legitimate source. However, infections have happened without vendors knowing. Personally I'd be a bit cautious whilst quietly confident it most likely is a false positive.
 

essjay

Getting the hang of it
Joined
May 12, 2016
Messages
264
Reaction score
75
Location
Eire
There must have been an update to Bitdefender as I also got an alert today for UI3. No alerts previous to today.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
I no longer use Bitdefender. It requires to much work and gives too many false alarms. On the BI computer I use Microsoft security essential Defender, The BI machine is not used for web browsing, I see no need for an antivirus.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I no longer use Bitdefender. It requires to much work and gives too many false alarms. On the BI computer I use Microsoft security essential Defender, The BI machine is not used for web browsing, I see no need for an antivirus.
In the last several months defender has scored at the top.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
I know bitdefender scores tops i used it for three years. It is just a PIA to manage, I have a simple network and very simple usage requirements. I now use defender and Malwarebytes Pro, on my browser PC.
I normally do not trust reviews, as the advertisers pay for the reviews. Remember the review is free, so you get what you pay for.
 
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
I too have a simple network at home. Nothing too fancy. Have used Bitdefender for years. Even after their HUGE snafu a couple years ago, I stick with them. My big like about them is the small footprint/cpu usage while getting the job done. This is my first false notification in years.
Will continue to use them (especially the free version).
I remember back in the day when I ran Norton.... oh boy :)
BTW: this notification was with my Main PC (192.168.1.100), not from BI computer.
 

CCTVCam

Known around here
Joined
Sep 25, 2017
Messages
2,660
Reaction score
3,480
In the last several months defender has scored at the top.
I'm not sure whose reports you're looking at but Bitdefender is still near the top on the AV-Test Org website, a German Testing Organisation, with Defender in 13th position when sorted by Protection


I agree in the past Bitdefender was prone to false alarms. It's not as bad now. However, in my opinion, any AV with a high rate of detection will also give false positives because a major part of high rate detection is powerful heuristics that look for similarities between program code and known virus code, and that's bound to lead to some false detections. Personally I'd rather have a higher rate of false positives and very good protection than a lower rate of false positives and more leaky detection. That said, I wouldn't know what the best AV for BI was. However, given that a dedicated server for BI isn't really going to be exposed to dodgy websites, email attachments or downloaded files from unknown sources, I'd have thought that Intrusion Detection would be the most important aspect along side the detection of root code and backdoors. So it's probably not necessary to have the best AV, just one that's good for those aspects or one used in conjunction with a good root utility.
 
Top