I can confirm after using wireshark, postman and a ton of other debugging that I need to turn off bitdefender temporarily to log on to wp-admin and to run various pages including showing the media images and updating plugins. Not all admin pages are broken but probably 10% simply do nothing unless I turn bitdefender protection off just long enough for the page to execute and turn protection back on.
I suspect bitdefender is detecting javascript that it thinks is malicious but butdefender is not logging the error and the web page is not tripping any js errors in the browser.
