CLOUD SOLUTIONS

Protecting against malware

Endpoint Security for Mac informs you about existing security issues to help you easily protect your computer against malware.

You can scan your Mac or specific files or folders only.

Infected files that cannot be cleaned are moved to quarantine automatically so that they can be restored and cleaned at a later time.

Regular updates allow Endpoint Security for Mac to detect and remove the latest malware discovered.

Scanning your Mac

On-Access Scanning module continuously monitors your computer, looking for malware-like actions and prevents new malware threats from entering your system. On-Access Scanning is controlled by your network administrator via security policies.

You can also scan your Mac or specific files anytime you want.

The easiest way to scan a file, a folder or a volume is to drag & drop it over the Dock icon. The scan wizard will appear and guide you through the scanning process.

You can start a scan as follows:

  1. Open Endpoint Security for Mac.

  2. Click one of the three scan buttons to start the desired scan.

    • Quick Scan - checks for malware the most vulnerable locations on your system (for example, the folders that contain the documents, downloads, mail downloads and temporary files of each user).

    • Full Scan - performs a comprehensive check for malware of the entire system.

      All connected mounts will be scanned too.

      Note

      • Depending on the size of your hard disk, scanning the entire system may take a while (up to an hour or even more).

        For improved performance, it is recommended not to run this task while performing other resource-intensive tasks (such as video editing).

      • You can also run a quick scan or a full scan by using the productConfigurationTool interface. For details, refer to Using the Command Line Tool.

    • Custom Scan - helps you check specific files, folders or volumes for malware.

Scan wizard

Whenever you initiate a scan, the Endpoint Security for Mac scan wizard will appear.

scan_wizard1.png

You can see real-time information about the scan, such as the number of detected threats and the number of resolved issues.

Wait for Endpoint Security for Mac to finish scanning.

Note

The scanning process may take a while, depending on the complexity of the scan.

Checking scan logs

Scan logs provide useful information on the scan.

You can open the scan log directly from the scan results window by clicking Show Log.

scan_log.png

You can see the scan statistics, the resolved items and the action taken on them, and the unresolved items.

Removing unresolved items from the scan log

The unresolved items in the scan log may be:

  • restricted access archives (xar, rar, etc.)

    Solution: Use the Reveal in Finder option to find the file and delete it manually. Make sure to empty the Trash.

  • restricted access mailboxes (Thunderbird, etc.)

    Solution: Use the application to remove the entry containing the infected file.

  • files owned by another user

    Solution: Use the Reveal in Finder option to find the file and contact the owner to find out if it is safe to remove that file. If it is safe to remove the file, delete it manually. Make sure to empty the Trash.

    Note

    Restricted access files means files Endpoint Security for Mac can only open, but it cannot modify them.

Fix issues

Endpoint Security for Mac automatically detects and informs you about a series of issues that can affect the security of your system and data.

The detected issues may refer to:

  • New malware signatures and product updates have not been downloaded from Bitdefenderservers.

  • Security threats have been detected on your system.

  • On-Access scanning module is disabled.

  • License has expired.

Fixing the issues indicated by Endpoint Security for Mac is a quick and easy process. This way you can to fix security risks in a timely manner.

To check and fix detected issues:

  1. Open Endpoint Security for Mac.

  2. Check the color of the status area:

    • Green - your Mac is safe.

    • Yellow or red - Your Mac has issues. For further investigations, follow the next steps.

  3. Check the description for more information.

  4. Depending on the number and type of the detected issues, a button may be available in the status area:

    • Fix issue, if only one issue was found. Click the button to quickly fix the security risk.

    • View issues, if more issues were found. Click the button to view the issues. A new window opens and then you can fix the issues.

If malware has been detected, the application automatically attempts to remove it and to reconstruct the original file. This operation is referred to as disinfection. Files that cannot be disinfected are moved to quarantine to contain the infection.

If the file can neither be disinfected, nor quarantined, Endpoint Security for Mac informs you about the issue and you can manually delete it.

To manually remove infections:

  • Click the Reveal in Finder button.

  • Select the file and delete it from your system.

    If the file was from an installed application, make sure you repair that installation for the program to function properly.

unresolved.png

Some issues may require your network administrator to solve them from the management console, such as:

  • Enabling the On-Access module via security policy.

  • Renewing the expired license.

Quarantine

Endpoint Security for Mac allows isolating the infected or suspicious files in a secure area, named quarantine.

When a malicious app is in quarantine it cannot do any harm because it cannot be executed or read.

To view and manage the quarantined files, open the Quarantine window:

  1. Right-click the Bitdefendericon in the menu bar.

  2. Choose Preferences from the options list. A window will be displayed.

  3. Choose the View Quarantine tab.

quarantine_statistics.png

The Quarantine section displays all the files currently isolated in the Quarantine folder.

To delete a file from quarantine, select it and click Delete. If you want to restore a quarantined file to its original location, select it and click Restore.

Content Control

The Content Control module protects you while on the Internet against phishing attacks, fraud attempts and inappropriate web content. It also includes a comprehensive set of user controls that help the network administrator enforce computer and Internet use policies. This module is available for Chrome, Firefox, Safari, and Edge (Traffic Scan).

  • Traffic Scan. This component prevents malware from being downloaded to the endpoint by scanning and web traffic in real time.

  • Application Blacklisting. This component prevents access to unauthorized applications in your company. The administrator is responsible for creating rules for the allowed applications in the organization.

  • Web Access Control. This component protects you from accessing dangerous websites based on administrator-defined rules.

  • Antiphishing. This component automatically blocks known phishing web pages to prevent users from inadvertently disclosing private or confidential information to online fraudsters.

Note

Content Control relies on a kernel or system extension. Installing the extension requires user's approval on macOS High Sierra (10.13) and later. The system notifies you that a system extension from Bitdefender was blocked and to allow it from Security & Privacy preferences. Until you approve the Bitdefender system extension, this module will not work and the Endpoint Security for Mac user interface will show a critical issue prompting you for approval.

Device Control

The Device Control module allows preventing sensitive data leakage and malware infections via external devices attached to endpoints, by applying blocking rules via policy to a vast range of device types. The administrator is responsible for managing permissions for the following types of devices:

  • Bluetooth devices

  • CDROM devices

  • Imaging devices

  • Modems

  • Windows Portable

  • Printers

  • Network adapters

  • Wireless network adapters

  • External storage

Note

Device Control relies on a kernel or system extension. Installing the extension requires user's approval on macOS High Sierra (10.13) and later. The system notifies you that a system extension from Bitdefender was blocked and to allow it from Security & Privacy preferences. Until you approve the Bitdefender system extension, this module will not work and the Endpoint Security for Mac user interface will show a critical issue prompting you for approval.

Updates

New malware is found and identified every day. This is why it is very important to keep Endpoint Security for Mac up to date with the latest malware signatures.

While the On-Access Scanning is enabled, the malware signatures and product updates are automatically downloaded on your system. If your network administrator disables the On-Access module via policy, you will have to manually request an update for your Endpoint Security for Mac app.

The malware signatures update is performed on the fly, meaning that the files to be updated are replaced progressively. This way, the update will not affect the product operation and, at the same time, any vulnerability will be excluded.

Requesting an update

You can request an update manually anytime you want.

Update by user request is recommended before you start a comprehensive scan.

An active Internet connection is required in order to check for available updates and download them.

To request an update manually:

  1. Open Endpoint Security for Mac.

  2. Click the Actions in the menu bar.

  3. Choose Update Virus Database.

You can see the update progress and downloaded files.

Getting updates through a proxy server

Endpoint Security for Mac can update only through proxy servers that do not require authentication. You do not have to configure any program settings.

If you connect to the Internet through a proxy server that requires authentication, you must switch to a direct Internet connection regularly in order to obtain malware signature updates.

Update to a new version

Occasionally, we launch product updates to improve the product functionalities. These updates may require a system restart to initiate the installation of new files.

By default, if an update requires a computer restart, Endpoint Security for Mac will keep working with the previous files until you reboot the system. In this case, the update process will not interfere with your work.

When a product update is completed, a pop-up window will inform you to restart the system. If you miss this notification, you can either click Restart to upgrade from the menu bar or manually restart the system.

Best practices

To keep your system malware-free and to prevent accidental infection of other systems, follow these best practices:

  • Check and fix the issues reported by Endpoint Security for Mac regularly. For detailed information, refer to Fix issues.

  • You should also adhere to these best practices:

    • Make a habit of scanning files that you download from an external storage memory (such as an USB stick or a CD), especially when you do not know the source.

    • If you have a DMG file, mount it and then scan its contents (the files within the mounted volume/image).