hmm...fishy. exploit.http.empireHTTPListener detected. Or maybe not fishy. UI3

Holbs

Holbs

IPCT+ Member
May 1, 2019
2,254
3,563
Reno, NV
I know there are tons of false alarms and false detections out there for virus scanners and all that. I'm 98% sure this is such a circumstance.
When I pulled up my UI3 from my computer (192.168.1.100), Bitdefender quickly popped up with threat notification of the HTTP listener detected from 192.168.100 port 81 (which is UI3).
Did a google search of what a HTTP Listener is... and already lost :) Some kind of exploit. I have used UI3 for months with same IP so pretty sure false detection. Just wanted to run it past the folks here. Never know in today's hacky world.
 
192.168.1.100 is your Blue Iris server's LAN address?


That certainly does sound like a false alarm. I did some googling and it sounds like an "empire http listener" is something a hacker might install on their own server to help them control computers they have infected. Why Bitdefender would think Blue Iris is one of these, I have no idea.
 
  • Like
Reactions: fenderman
Bitdefender is one of the best for virus detection but as with anything that's sensitive it can be prone to false alarms. That said I've not had one for a long time on mine. Last time was when installing a legitimate program. This does sound a bit like a generic code identification which is what most false alarms tend to be. The maker in my case had to contact Bitdefender to get his program white listed. You can submit a file for analysis to Bitdefender, however the size is very limited so you probably couldn't just submit the UI. You'd need to identify the exact location and affected file from the logs and then copy and submit that. You may think why submit a file if you'r pretty confident it's a false alarm - the advantages are it may help it get white listed and you know 100% it's clean when checked. You can exclude the file from scanning manually. However, it's risky to do this without being 100% confident it is totally safe as once done, if there was a virus, it's free to run riot. It' very rare to get a virus from a legitimate source. However, infections have happened without vendors knowing. Personally I'd be a bit cautious whilst quietly confident it most likely is a false positive.
 
  • Like
Reactions: bp2008
There must have been an update to Bitdefender as I also got an alert today for UI3. No alerts previous to today.
 
I no longer use Bitdefender. It requires to much work and gives too many false alarms. On the BI computer I use Microsoft security essential Defender, The BI machine is not used for web browsing, I see no need for an antivirus.
 
SouthernYankee said:
I no longer use Bitdefender. It requires to much work and gives too many false alarms. On the BI computer I use Microsoft security essential Defender, The BI machine is not used for web browsing, I see no need for an antivirus.
Click to expand...
In the last several months defender has scored at the top.
 
I know bitdefender scores tops i used it for three years. It is just a PIA to manage, I have a simple network and very simple usage requirements. I now use defender and Malwarebytes Pro, on my browser PC.
I normally do not trust reviews, as the advertisers pay for the reviews. Remember the review is free, so you get what you pay for.
 
I too have a simple network at home. Nothing too fancy. Have used Bitdefender for years. Even after their HUGE snafu a couple years ago, I stick with them. My big like about them is the small footprint/cpu usage while getting the job done. This is my first false notification in years.
Will continue to use them (especially the free version).
I remember back in the day when I ran Norton.... oh boy :)
BTW: this notification was with my Main PC (192.168.1.100), not from BI computer.
 
fenderman said:
In the last several months defender has scored at the top.
Click to expand...

I'm not sure whose reports you're looking at but Bitdefender is still near the top on the AV-Test Org website, a German Testing Organisation, with Defender in 13th position when sorted by Protection

www.av-test.org

Test antivirus software for Windows 10 - December 2024

The current tests of antivirus software for Windows 10 from December 2024 of AV-TEST, the leading international and independent service provider for antivirus software and malware.
www.av-test.org www.av-test.org

I agree in the past Bitdefender was prone to false alarms. It's not as bad now. However, in my opinion, any AV with a high rate of detection will also give false positives because a major part of high rate detection is powerful heuristics that look for similarities between program code and known virus code, and that's bound to lead to some false detections. Personally I'd rather have a higher rate of false positives and very good protection than a lower rate of false positives and more leaky detection. That said, I wouldn't know what the best AV for BI was. However, given that a dedicated server for BI isn't really going to be exposed to dodgy websites, email attachments or downloaded files from unknown sources, I'd have thought that Intrusion Detection would be the most important aspect along side the detection of root code and backdoors. So it's probably not necessary to have the best AV, just one that's good for those aspects or one used in conjunction with a good root utility.
 
  • Like
Reactions: Red8772
You must log in or register to reply here.
Top Bottom