Deploying PHASR

PHASR works as an extension of the Risk Management feature, which requires a BEST agent installed on your managed endpoints with the EDR module enabled, and a policy applied to them that has the Risk Management feature enabled along with the PHASR feature.

Policies are used to enable and configure features on endpoints. Apply the following changes to the policy of your choice:

1. Log in to GravityZone Control Center.

2. Go to the Policies page from the left side menu.

3. You can either:

   • Create a new policy.

   • Edit one of your existing policies.

4. If this is a new policy, under Risk Management, enable and configure the feature.

5. While on the same page, make sure the PHASR toggle is enabled, and enable each activity type you would like to monitor.

   Note

   Enabling the toggle activates the feature and installs the PHASR module on the endpoints.

   Important

   Enabling this module triggers a reconfiguration of the security agent on the endpoints. This reconfiguration, in turn, initiates an agent update, bringing it to the latest available version or as configured in the policy under General > Agent > Update > Update ring.

   There are 3 available settings for each activity type:

   • Off - PHASR will not gather any related data, and the associated widget will not display any data in the PHASR Dashboard.

   • Autopilot - PHASR will gather the data of the selected type, based on which recommendations will be created and automatically applied.

     Note

     When Autopilot is selected, all PHASR recommendations are applied automatically by the Bitdefender Autopilot technology integrated with BEST. As a result, no individual recommendations will appear in the Recommendations grid, as Autopilot handles enforcement without requiring user intervention. You can review the restrictions applied to behavioral profiles by Autopilot, by opening the Restricted Behavioral Profiles panel from the PHASR monitored rules.

   • Direct control - PHASR will gather the data of the selected type, based on which recommendations will be created and presented in the console. The actions recommended will only be taken if manually approved.

   Warning

   When switching from Autopilot to Direct control mode, all rule restrictions enforced by Autopilot are reset. Changing the setting for a specific PHASR category to Off will disable restrictions, but will not remove them. They will still be available when the setting is changed again to the previous setting before turning it off.

6. Save your policy.

7. If you created a new policy, apply it on the endpoints where the feature is deployed:

   1. Go to the Network page from the left side menu.

   2. Select the endpoints you want to apply the policy to.

   3. In the Actions menu, select Assign Policy.

   4. Select the policy you want to apply.

   5. Click Finish.

      Note

      For more information, refer to this kb article.

8. If you have edited an existing policy, make sure it is applied to all endpoints where the feature is deployed.

This will ensure that the feature is enabled and configured to best suit your company's needs.

You can check if the PHASR module has been enabled on your endpoints in the Bitdefender Endpoint Security Tools interface.

After PHASR is activated and the module is installed on endpoints, the PHASR learning phase is initiated which requires 30 days of learning before starting to generate recommendations for the behavioral profile which he discovers.

PHASR has the capability to leverage historical EDR data to reduce the duration of the learning phase, depending on the volume of the historical data at its disposal.

This means that the 30 days learning phase can be reduced to several days or get recommendations immediately.

Once the first learning phase is completed and recommendations are generated, PHASR's learning phase will persist enabling it to continually adapt to evolving user patters and behaviors.