Bitdefender Update

Bitdefender – MDR w/ XDR, unique in the cybersecurity industry

Are you talking about MDR yet? Managed Detection and Response (MDR) is one of the fastest-growing areas of cybersecurity, delivering superior security outcomes to businesses spanning all sizes and industries. Threat intelligence is real people, not automated. Our pricing on this solution is better than the competition, and we offer full partner margins. Need competitive battlecards? Let me know, and I will get that for you.

Need more info…

What the MDR Landscape Will Look Like in 2023

The managed services industry has made a huge impact and is one of the most significant trends coming out of cybersecurity in the last few years. Gartner® predicts that “by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities”, while the MDR industry will hit revenues of $1.9B. You can check out our MDR Threat Assessment to be prepared for what lies ahead in 2023

Bitdefender Named Notable Vendor in the New Forrester Landscape for MDR

The new and exciting Forrester Landscape for MDR, Q1 2023 has just been launched!

Access the full report to discover Bitdefender’s positioning and to read Forrester’s analysis of MDR’s market dynamics and evolution, the business values and core capabilities of MDR, as well as Notable MDR Providers by geography, industry and offering type.

MDR & XDR: A Consolidated Approach to a Fully Managed Threat Detection and Response Program Webinar Watch On Demand Now

XDR – or Extended Detection & Response – entered the cybersecurity lexicon roughly five years ago. According to Gartner, by the end of 2027, XDR will be used by up to 40% of end-user organizations – up from 5% today. Why such strong adoption? Though still an emerging technology, XDR integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components, and because it’s cloud-delivered, XDR can provide organizations faster and more accurate detections.

While today’s technology does a great job of protecting against many threats, they cannot fully protect against advanced attackers purposefully attempting to breach your customers systems.

Let me know what additional information or resources you may need to support your customer conversations. I’m just a phone call or email away.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Vulnerabilities could transform antivirus, EDR systems to data wipers


By Bill Toulas December 9, 2022 12:00 PM
Link (

Security systems by Palo Alto Networks, Bitdefender, are not vulnerable to the new attack. Not all product are the same

A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers.

Wipers are a special type of destructive malware that purposely erases or corrupts data on compromised systems and attempts to make it so that victims cannot recover the data.

SafeBreach researcher Or Yair came up with the idea to exploit existing security tools on a targeted system to make the attacks more stealthy and remove the need for a threat actor to be a privileged user to conduct destructive attacks.

Also, abusing EDRs and AVs for data wiping is a good way to bypass security defenses as the file deletion capabilities of security solutions are expected behavior and would likely be missed.
Triggering the (wrong) deletion

Antivirus and EDR security software constantly scan a computer’s filesystem for malicious files, and when malware is detected, attempt to quarantine or delete them.

Furthermore, with real-time protection enabled, as a file is created, it is automatically scanned to determine if it is malicious and, if so, deleted/quarantined.

“There are two main events when an EDR deletes a malicious file. First, the EDR identifies a file as malicious and then it deletes the file,” explained Yair in his report.

“If I could do something between these two events, using a junction, I might be able to point the EDR towards a different path. These are called time-of-check to time-of-use (TOCTOU) vulnerabilities.

Yair’s idea was to create a C:\temp\Windows\System32\drivers folder and store the Mimikatz program in the folder as ndis.sys.

As Mimikatz is detected by most EDR platforms, including Microsoft Defender, the plan was for it to be detected as malicious on creation. However, before the EDR could delete the file, the researcher would quickly delete the C:\Temp folder and create a Windows Junction from C:\Temp to C:\Windows.

The hope was that the EDR would attempt to delete the ndis.sys file, which due to the junction, is now pointing to the legitimate C:\Windows\system32\drivers\ndis.sys file.
This didn’t work because some EDRs prevented further access to a file, including deletion, after it was detected as malicious. In other cases, EDRs detected the deletion of the malicious file, so the software dismissed the pending wiping action.

The solution was to create the malicious file, hold its handle by keeping it open, and not define what other processes are allowed to write/delete it so that EDRs and AVs detecting it can’t wipe it.

After the detection was triggered and having no rights to delete the file, the security tools prompted the researcher to approve a system reboot that would release the handle, freeing the malicious file for deletion.
The file deletion command, in this case, is written under the PendingFileRenameOperations Registry registry value, which will cause it to be deleted during the reboot.

However, when deleting the files in this value, Windows deletes the files while “blindly” following junctions.

“But what’s surprising about this default Windows feature is that once it reboots, Windows starts deleting all the paths and blindly follows junctions,” warned Yair.

Hence, by implementing the following five-step process, Yair could delete files in a directory he didn’t have modification privileges.

Create a special path with the malicious file at C:\temp\Windows\System32\drivers\ndis.sys
Hold its handle and force the EDR or AV to postpone the deletion until after the next reboot
Delete the C:\temp directory
Create a junction C:\temp → C:\
Reboot when prompted.
Aikido features exploits for vulnerabilities found in Microsoft Defender, Defender for Endpoint, and SentinelOne EDR because they were the easiest to implement on the wiper tool.

Yair reported the flaws to all vulnerable vendors between July and August 2022, and they have all released fixes by now.

The vulnerability IDs assigned by the vendors for this issue are CVE-2022-37971 (Microsoft), CVE-2022-45797 (Trend Micro), and CVE-2022-4173 (Avast and AVG).

The fixed versions are:

Microsoft Malware Protection Engine: 1.1.19700.2 or later
TrendMicro Apex One: Hotfix 23573 & Patch_b11136 or later
Avast & AVG Antivirus: 22.10 or later

All users of the above products are recommended to apply the security updates as soon as possible to mitigate the severe risk of having their files wiped by malware mimicking the Aikido wiper functionality.

Security systems by CrowdStrike, Palo Alto Networks, McAfee, Bitdefender, and Cylance are not vulnerable to the new attack. Meanwhile, all impacted vendors already issued patches to address the vulnerability.


Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender updates Windows and Mac


Bitdefender has released version of the Bitdefender Endpoint Security Tools (for Windows) on slow ring. The release notes are available here (


Bitdefender has today released version of Endpoint Security for Mac on fast ring. The release notes are available here (English only). (

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Update to Bitdefender SSL Cert Issue 10-6-22 11:44AM

1) Turn SSL Cert back on in the policy

2) Do a agent update it will do a roll back see notes attached

We want to inform you about an update on October 6 that temporarily caused web browsing slowdown for some users of our Bitdefender Endpoint Security Tools – for Windows. Customer systems remained protected at all times and the issue has been resolved.  


On October 6, 2022 at 16:04 UTC, Bitdefender released engines version 7.92965 (9952880) for Bitdefender Endpoint Security Tools – Windows via live update. This update included changes to Network Protection module that handles web content inspection over SLL connections.  

The update included a flaw in the inspection mechanism which caused some customers to experience significant slowdown when browsing webpages. Our teams identified the issue soon after release and took immediate action to remediate the issue. The slowdown did not impact any of the prevention, detection and response layers provided by Bitdefender Endpoint Security Tools and customer systems remained protected at all times.  


The Bitdefender product engineering team executed a product update rollback at 18:14 UTC. The Bitdefender Endpoint Security Tools product version remained unchanged, the engines version that resolves the issue is 7.92964 (9950697). 

Customers who experienced the issue and have “Security Content Update” enabled will have the issue fixed via live update without any additional action required. For customers that disable Security Content Update, manual update task is required.  

Next Steps 

The Bitdefender engineering teams are working on a full root cause analysis of this incident and based on our findings we will promptly harden our release process accordingly so that similar situations will not occur.  

We apologize for any interruptions this event may have caused our customers. While we take pride in our track record of reliability, we acknowledge that faulty updates may seldom occur and we will use this event to learn from it and improve our products and processes moving forward.  

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Bitdefender Update BEST (Windows) Release Notes – Slow Ring

Bitdefender has released version of the Bitdefender Endpoint Security Tools (for Windows) on slow ring.

The release notes are available here. Link (

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Bitdefender releases free decryptor for LockerGoga ransomware

By Bill Toulas September 16, 2022 11:09 AM

Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom.

The free tool is available for download from Bitdefender’s servers and allows you to recover encrypted files using instructions in this usage guide [PDF]. LInk

Bitdefender says the decryptor was developed in cooperation with law enforcement agencies, including Europol, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office, and the Zürich Cantonal Police.

For a working decryptor to be created, researchers usually need to identify a flaw in the cryptography used by the ransomware encryptor.

However, in this case, the LockerGoga operators were arrested in October 2021, which may have allowed law enforcement to access the master private keys used to decrypt victims’ encryption keys.
How to decrypt your files

Files encrypted by LockerGoga will have the “.locked” filename extension and cannot be opened with regular software.

Bitdefender’s tool offers to scan your entire filesystem or a single folder, locate any encrypted files, and perform the decryption automatically.

For this to work, the computer needs to be connected to the internet, and the ransom notes generated by the ransomware during the encryption need to be in the original paths.

Bitdefender says the decryptor can operate either on a single machine or on entire networks encrypted by LockerGoga.

Note that the decryption process can be interrupted or not always work as expected, and you might end up with corrupted files. For this reason, the decrypter has the “backup files” option ticked by default, and users are recommended to leave that setting enabled.
Who was LockerGoga

The LockerGoga ransomware operation launched in January 2019, hitting high-profile targets such as the French engineering firm Altran Technologies and the Norwegian aluminum giant Norsk Hydro.

Together with Ryuk and MegaCortex, LockerGoga was involved in ransomware attacks against at least 1,800 organizations worldwide.

In October 2021, twelve individuals were arrested in an international law enforcement operation for deploying various ransomware strains, including LockerGoga.

“Its operator, who has been detained since October 2021 pending trial, is part of a larger cybercrime ring that used LockerGoga and MegaCortext ransomware to infect more than 1,800 persons and institutions in 71 countries to cause an estimated damage of $US 104 million,” Bitdefender explains in the decryptor announcement.

Since the operator’s arrest, threat actors have ceased using the LockerGoga ransomware, and the ransomware’s source code was never released.

Therefore, this decryptor will mostly be for past victims who refused to pay the ransom and have been waiting to recover their files for free.

Article (

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

For MspPortal Partners only

Starting August 3rd we will be  spinning up partner requests for 30 day trials of Bitdefender new additions of there XDR release.

probably the most comprehensive release ever. Security on steroids

If you wish to set up a trial please send me a email

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”


CISA orders agencies to patch new Windows zero-day used in attacks

By Sergiu Gatlan
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.

This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.

Microsoft has patched it as part of the July 2022 Patch Tuesday, and it classified it as a zero-day as it was abused in attacks before a fix was available.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft explained in a security advisory published today.

Redmond says the vulnerability was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

BleepingComputer has also reached out to Microsoft earlier today with questions about how this vulnerability was used in attacks.
Federal agencies given three weeks to patch

CISA has given the agencies three weeks, until August 2nd, to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.
Article (

You head off malware by using Bitdefender #1 in malware protection


Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Bitdefender releases update BEST (Windows) Release Notes – Slow Ring


Bitdefender has released version of Bitdefender Endpoint Security Tools (for Windows) on slow ring. 

The release notes are available here.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”