Jump to content
Network communication blocked after upgrade to macOS 15 (Sequoia) ×
Customer satisfaction survey 2024 ×

Bandicam installation problem

Guest installman

By Guest installman
in Quick questions by guests (registration not required)

Recommended Posts

Guest installman

Guest installman

Posted
Posted

I've just downloaded the latest version of Bandicam from the official site.

During installation an Eset box appeared that said:

"Real-time file system protection;file;C:\Program Files\Bandicam\bdcam.exe;a variant of Win64/Packed.Themida.L suspicious application; cleaned by deleting;"

 

which means I can't continue with the install. What is the best course of action in this situation?

 

Link to comment
itman

itman 1,760

Posted
Posted

The software is using a code reading protector which prevents Eset from scanning the file for malware. Hence, the Eset detection shown. If you are confident the software is safe to use, you will have create an Eset real-time detection exclusion for bdcam.exe.

Link to comment
Guest installman

Guest installman

Posted
Posted

I'm installing from this link

https://www.bandicam.com/downloads/ing/

this downloads bdcamsetup.exe which has a valid signature.

The install runs to completion but immediately after, I get the popup that bdcam.exe is being deleted, so I can't check any more.

I don't know if the file is safe so I don't really want to create a detection exclusion (or, if I'm honest, how to create an exclusion before the file is even installed)

 

I did use Bandicam a few years ago and it never presented this problem in the past.

 

Link to comment
itman

itman 1,760

Posted
Posted (edited)
8 hours ago, Marcos said:

could not find such file with a valid digital signature.

The installer can be downloaded from official web site here: https://www.bandicam.com/downloads/ and it is validly signed.

Also according to this, bdcam.exe is supposed to be validly signed;

Quote

The program has no file description. The file has a digital signature. The bdcam.exe file is not a Windows system file. The bdcam.exe file is a Verisign signed file.

https://www.file.net/process/bdcam.exe.html.

Finally, zero detection's for the installer at VirusTotal.

Edited by itman
Link to comment
itman

itman 1,760

Posted
Posted (edited)

@Marcos, I submitted the installer to Hybrid-Analysis to get the hash for bdcam.exe. It has been previously uploaded to VT and the file is validly signed. Here's the VT link: https://www.virustotal.com/gui/file/db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992 .

 

Edited by itman
Link to comment
  • Administrators
Marcos

Marcos 5,306

Posted
  • Administrators
Posted
10 hours ago, itman said:

@Marcos, I submitted the installer to Hybrid-Analysis to get the hash for bdcam.exe. It has been previously uploaded to VT and the file is validly signed. Here's the VT link: https://www.virustotal.com/gui/file/db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992 .

 

Yes, this one has a valid digital signature and is not detected by ESET. I also downloaded the installer from https://www.bandicam.com/downloads/ing/ and installed it without any detection from ESET either.

@installman, please post the appropriate record from the Detections log including the SHA1 of the detected file.

Link to comment
Guest installman

Guest installman

Posted
Posted

This is the full log message I get:

 

12/10/2024 08:32:30;Real-time file system protection;file;C:\Program Files\Bandicam\bdcam.exe;a variant of Win64/Packed.Themida.L suspicious application;cleaned by deleting;XXX\xxx;Event occurred on a new file created by the application: E:\Firefox Downloads\bdcamsetup.exe (5D637D39E37B71ABD130C43C393865DA5B6471F4).;9E004B48FA97DD3A39A3A17F224C9776574D0B1C;28/08/2024 05:28:46

Link to comment
itman

itman 1,760

Posted
Posted
On 10/15/2024 at 4:43 AM, Guest installman said:

This is the full log message I get:

 

12/10/2024 08:32:30;Real-time file system protection;file;C:\Program Files\Bandicam\bdcam.exe;a variant of Win64/Packed.Themida.L suspicious application;cleaned by deleting;XXX\xxx;Event occurred on a new file created by the application: E:\Firefox Downloads\bdcamsetup.exe (5D637D39E37B71ABD130C43C393865DA5B6471F4).;9E004B48FA97DD3A39A3A17F224C9776574D0B1C;28/08/2024 05:28:46

Weird situation.

This bdcam.exe is noted above and is legitimately signed: https://www.virustotal.com/gui/file/db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992/details .

Only thing I can think of is the Digitcert root cert. is not installed in the device's Win root CA store causing the cert. validation to fail.

Link to comment

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...