Guest installman Posted October 11 Share Posted October 11 I've just downloaded the latest version of Bandicam from the official site. During installation an Eset box appeared that said: "Real-time file system protection;file;C:\Program Files\Bandicam\bdcam.exe;a variant of Win64/Packed.Themida.L suspicious application; cleaned by deleting;" which means I can't continue with the install. What is the best course of action in this situation? Quote Link to comment
itman 1,760 Posted October 11 Share Posted October 11 The software is using a code reading protector which prevents Eset from scanning the file for malware. Hence, the Eset detection shown. If you are confident the software is safe to use, you will have create an Eset real-time detection exclusion for bdcam.exe. Quote Link to comment
Administrators Marcos 5,306 Posted Saturday at 06:29 AM Administrators Share Posted Saturday at 06:29 AM I could not find such file with a valid digital signature. If you check the digital signature in file's properties, is it ok, invalid or it's completely missing? What's the SHA1 or SHA256 of the file? garioch7 1 Quote Link to comment
Guest installman Posted Saturday at 07:38 AM Share Posted Saturday at 07:38 AM I'm installing from this link https://www.bandicam.com/downloads/ing/ this downloads bdcamsetup.exe which has a valid signature. The install runs to completion but immediately after, I get the popup that bdcam.exe is being deleted, so I can't check any more. I don't know if the file is safe so I don't really want to create a detection exclusion (or, if I'm honest, how to create an exclusion before the file is even installed) I did use Bandicam a few years ago and it never presented this problem in the past. Quote Link to comment
itman 1,760 Posted Saturday at 02:10 PM Share Posted Saturday at 02:10 PM (edited) 8 hours ago, Marcos said: could not find such file with a valid digital signature. The installer can be downloaded from official web site here: https://www.bandicam.com/downloads/ and it is validly signed. Also according to this, bdcam.exe is supposed to be validly signed; Quote The program has no file description. The file has a digital signature. The bdcam.exe file is not a Windows system file. The bdcam.exe file is a Verisign signed file. https://www.file.net/process/bdcam.exe.html. Finally, zero detection's for the installer at VirusTotal. Edited Saturday at 02:40 PM by itman Quote Link to comment
itman 1,760 Posted Saturday at 08:30 PM Share Posted Saturday at 08:30 PM (edited) @Marcos, I submitted the installer to Hybrid-Analysis to get the hash for bdcam.exe. It has been previously uploaded to VT and the file is validly signed. Here's the VT link: https://www.virustotal.com/gui/file/db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992 . Edited Saturday at 10:50 PM by itman Quote Link to comment
Administrators Marcos 5,306 Posted Sunday at 07:27 AM Administrators Share Posted Sunday at 07:27 AM 10 hours ago, itman said: @Marcos, I submitted the installer to Hybrid-Analysis to get the hash for bdcam.exe. It has been previously uploaded to VT and the file is validly signed. Here's the VT link: https://www.virustotal.com/gui/file/db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992 . Yes, this one has a valid digital signature and is not detected by ESET. I also downloaded the installer from https://www.bandicam.com/downloads/ing/ and installed it without any detection from ESET either. @installman, please post the appropriate record from the Detections log including the SHA1 of the detected file. Quote Link to comment
Guest installman Posted Tuesday at 08:43 AM Share Posted Tuesday at 08:43 AM This is the full log message I get: 12/10/2024 08:32:30;Real-time file system protection;file;C:\Program Files\Bandicam\bdcam.exe;a variant of Win64/Packed.Themida.L suspicious application;cleaned by deleting;XXX\xxx;Event occurred on a new file created by the application: E:\Firefox Downloads\bdcamsetup.exe (5D637D39E37B71ABD130C43C393865DA5B6471F4).;9E004B48FA97DD3A39A3A17F224C9776574D0B1C;28/08/2024 05:28:46 Quote Link to comment
Administrators Marcos 5,306 Posted 13 hours ago Administrators Share Posted 13 hours ago Unfortunately I could not reproduce the detection by downloading the executable from https://www.bandicam.com/downloads/ing/ and running the installer. Therefore I'd recommend creating a detection exclusion for the executable. Quote Link to comment
itman 1,760 Posted 12 hours ago Share Posted 12 hours ago On 10/15/2024 at 4:43 AM, Guest installman said: This is the full log message I get: 12/10/2024 08:32:30;Real-time file system protection;file;C:\Program Files\Bandicam\bdcam.exe;a variant of Win64/Packed.Themida.L suspicious application;cleaned by deleting;XXX\xxx;Event occurred on a new file created by the application: E:\Firefox Downloads\bdcamsetup.exe (5D637D39E37B71ABD130C43C393865DA5B6471F4).;9E004B48FA97DD3A39A3A17F224C9776574D0B1C;28/08/2024 05:28:46 Weird situation. This bdcam.exe is noted above and is legitimately signed: https://www.virustotal.com/gui/file/db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992/details . Only thing I can think of is the Digitcert root cert. is not installed in the device's Win root CA store causing the cert. validation to fail. Quote Link to comment
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.