From c707b7d100dd902e7f183812504bc24428420c64 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Wed, 24 Jun 2020 08:09:12 +0200
Subject: [MALW-3280] added additional BitDefender process

---
 include/tests_malware | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

(limited to 'include/tests_malware')

diff --git a/include/tests_malware b/include/tests_malware
index a5ed3e06..5e3c6fca 100644
--- a/include/tests_malware
+++ b/include/tests_malware
@@ -102,28 +102,6 @@
     if [ ${SKIPTEST} -eq 0 ]; then
         FOUND=0
 
-        # ESET security products
-        LogText "Test: checking process esets_daemon"
-        if IsRunning "esets_daemon"; then
-            FOUND=1
-            ESET_DAEMON_RUNNING=1
-            MALWARE_SCANNER_INSTALLED=1
-            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
-            LogText "Result: found ESET security product"
-            Report "malware_scanner[]=eset"
-        fi
-
-        # Bitdefender (macOS)
-        LogText "Test: checking process epagd"
-        if IsRunning "epagd"; then
-            FOUND=1
-            BITDEFENDER_DAEMON_RUNNING=1
-            MALWARE_SCANNER_INSTALLED=1
-            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
-            LogText "Result: found Bitdefender security product"
-            Report "malware_scanner[]=bitdefender"
-        fi
-
         # Avast (macOS)
         LogText "Test: checking process com.avast.daemon"
         if IsRunning "com.avast.daemon"; then
@@ -146,6 +124,17 @@
             Report "malware_scanner[]=avira"
         fi
 
+        # Bitdefender (macOS)
+        LogText "Test: checking process epagd"
+        if IsRunning "bdagentd" || IsRunning "epagd"; then
+            FOUND=1
+            BITDEFENDER_DAEMON_RUNNING=1
+            MALWARE_SCANNER_INSTALLED=1
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Bitdefender security product"
+            Report "malware_scanner[]=bitdefender"
+        fi
+
         # CrowdStrike falcon-sensor
         LogText "Test: checking process falcon-sensor (CrowdStrike)"
         if IsRunning "falcon-sensor"; then
@@ -168,6 +157,17 @@
             Report "malware_scanner[]=cylance-protect"
         fi
 
+        # ESET security products
+        LogText "Test: checking process esets_daemon"
+        if IsRunning "esets_daemon"; then
+            FOUND=1
+            ESET_DAEMON_RUNNING=1
+            MALWARE_SCANNER_INSTALLED=1
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found ESET security product"
+            Report "malware_scanner[]=eset"
+        fi
+
         # Kaspersky products
         LogText "Test: checking process wdserver or klnagent (Kaspersky)"
         # wdserver is too generic to match on, so we want to ensure that it is related to Kaspersky first
-- 
cgit v1.2.3