In Part 1, we spoke about the problems with Anti-virus Updates. Now we'll look at when an Antivirus behaves like a virus itself.
Take a look at this GIF. Notice anything odd? This is feed from our Plexus Plus device that monitors the internet at one of our client locations.
It shows Bit Defender Anti-Virus software trying to aggressively update every few seconds from multiple computers.
Now it may seem a little crazy but what is happening in the GIF is very simple. Every time some information has to pass out of the network, it goes through our device. As each message hits the device a notification pops up. This image shows the same software trying to access the internet from different PC's at the same time. Ironically, they are all requesting the same file.
This activity is nothing short of malicious and can typically render a organisation's Internet clogged with requests. The failure to detect & stop such behind-the-scenes activity can result not only in poor QoS(Quality of Service) but also a lack of productivity.
Now BitDefender is no small company. We were hesitant to jump to any conclusions that they would design their products in such a way. We thought this had to be some human error in the organisation or network. Sadly, a simple google search made it evident that Bit Defender has been resorting to such activity by default.
Pro-tips for detecting and stopping such activity,