ESET Internet Security problem about "bdcut.exe" (!)

[gmr060]

Hi.

I am the licensed user.
During the update process of the last Bandicut update (version 2025) in 03/2026 the following did happen:
ESET Internet Security anti-virus deleted (sent to "quarantine") Bandicut application exe-file "bdcut.exe".
Because of that:
Suspicious application removed.
A suspicious application (Win64/Packed.Thermida.L) was found in a file that Windows Explorer tried to access.
The file has been delleted.

I hope there is not virus implemented but kind a problem is in the file for sure ... it's not clean.
I am pretty sure it is not just my individual case.

Bandicut guys, please, improve it and send me/us a message about it!

Thank you.

Gamo

Update:

Internet says:
Packed.Themida.L is a detection label for software protected by the Themida packer, used to hide code from analysis and antivirus detection. While often associated with malicious trojans, it is frequently a false positive for legitimate games (like Helldivers 2) or anti-cheat software that use this technology to prevent reverse engineering.
* What it does:
It packs (compresses/encrypts) executable files, making them appear "suspicious" to security software.
* Common Source:
Frequently, this is not a malicious virus but a false positive from software using Themida for protection.
* Associated Risks:
When genuinely malicious, it can be a trojan used to download other threats.

[Bandicam Company]

Hi Gamo,

Thank you for your report.

The detection is a false positive. We use Themida's code virtualization to prevent cracking, which ESET sometimes misidentifies as suspicious.

We are contacting ESET to resolve this. In the meantime, we would appreciate it if you could also report this false positive through your ESET software to help speed up the process.

Please restore the file from quarantine and add it to your Exclusions list to continue using Bandicut safely.

Thank you for your support.

Best regards,
The Bandicut Team

[gmr060]

Hi The Bandicut Team.

I appreciate your quick answer and mainly that you already contacted ESET. Thanks for that.
I already did the steps about the "de-quarantinizing" the file. Even before your answer. I decided to trust you. I really like Bandicut app.

I fully understand your POV why using Thermida.

On the other hand ... it is a little bit tricky. Generally, the exe file which cannot be parsed may/can contain in his code whatever the author wants. In that way it can include also "bad things" ... The problem is whether the ESET guys (and others) trust that it is really clean. Anti-virus providers do not like to exclude the files (based just on "good" words) because how do they know if it is truly safe? The second thing is when several SW providers get "their" exclusions then others may act in the same way to request the same approach also for their cases.

Therefore I understand both sides.

With best regards,
Gamo

[gmr060]

Update:
I did a call to the ESET Technical Support and afterwards also sent them a mail with appeal to add the file on their white-list. We'll see if it can help. I did my best.
BTW, they are saying that Thermida was relatively often used/exploited to cover malware code. Therefore their cautious approach.

[Bandicam Company]

Hi Gamo,

Thank you so much for your support. We truly appreciate you taking the extra step to contact ESET Technical Support directly—your effort is incredibly helpful to our team.

We understand the caution shown by security providers. While we use Themida solely to protect our intellectual property, we recognize that it can be a challenge for antivirus software to parse.

Your trust means a lot to us, and we are committed to keeping our software both secure and reliable.

Best regards,
The Bandicut Team

[gmr060]

Hi guys.

I am intensively comunicating with ESET guys. There are OK, helpful. The strange thing is that when I checked bcut.exe yesterday then ESET IS said the file is clean. It is the same file which was formerly several days ago (in the process of Bandicut standard update) placed into ESET quarantine. I sent that info to ESET people and also various certificate attributes separately for each certificate ("sha1" plus "sha256"). Everything looks pretty good and both certficates are marked as valid (in the "Digital Signatures" properties of that file).
I ask ESET guys whether it could have anything to do with the fact that ESET SW (DB) was updated since then but their answer was: "no".
Therefore I am completely perplexed now ...

To be on the safe side ... I run the complete ESET check for all files and memory yesterday and everything seems to be clean. No vulnerabilities or other suspicious things were detected.

Therefore summarizing:
We shall see what will happen in a process of the next standard update. When the similar situation will occur then I will inform you.

Thanks for cooperation.

With best regards,
Gamo

[Bandicam Company]

Hi Gamo,

Thank you for the update and for being so thorough!

It is great to hear that ESET now identifies the file as clean and your system scan is clear. We truly appreciate your proactive communication with their support team.


Best regards,
The Bandicut Team