CLOUD SOLUTIONS

Endpoint Security for Mac

This section contains the release notes for Bitdefender Endpoint Security for Mac. For the EPS for Mac user's guide, go to this section.

Version 7.2.6.200020

Release date:

Fast ring: 2021.10.14

Slow ring: 2021.10.18

New features and improvements

Product

  • Added support for macOS Monterey (version 12).

  • Added support for the new features delivered with the upcoming release of GravityZone.

Resolved issues

Product

  • Endpoints did not display correct hostnames when connected to VPN.

  • The product failed to delete old files after updating signatures, causing disk space consumption.

Version 7.2.4.200013

Release date:

  • Fast ring: 2021.08.16

  • Slow ring: 2021.08.23

New features and improvements

Product

  • Added support for sending to the GravityZone console information regarding the user’s login sessions, such as:

    • If the login session is active

    • The last login time

    • The last login method

Content Control

  • Added support for scanning web traffic from Microsoft Edge.

Resolved issues

Product

  • The texts displayed during the product installation have been localized into Simplified Chinese.

  • The Trust button for SSL certificate has been localized into Simplified Chinese.

Version 4.17.34.200184

Release date:

  • Fast ring: 2021.08.09

  • Slow ring: 2021.08.09

New features and improvements

Product

  • This version enables migration to Endpoint Security for Mac version 7 for all endpoints, regardless of the update ring.

Version 7.1.2.200006

Release date:

Fast ring: 2021.07.21

Slow ring: 2021.08.09

Important

This version includes on the slow ring all the improvements and fixes delivered with the Endpoint Security for Mac versions 7.1.2.200003 and 7.1.2.200004, previously released only on the fast ring.

Resolved issues

Product

  • In a corner-case scenario, the product failed to load the update server settings as defined in the configuration files.

Version 7.1.2.200004

Release date:

  • Fast ring: 2021.07.19

  • Slow ring: -

Resolved issues

Product

  • The field indicating the last update time was missing from the product status at the first update after installation.

Version 4.17.33.200183

Release date:

  • Fast ring: 2021.06.30

  • Slow ring: 2021.06.30

Resolved Issues

Deployment

  • Deploying the agent by using the macOS Downloader option in the GravityZone console failed in some cases due to an internal file misconfiguration.

Version 7.1.2.200003

Release date:

  • Fast ring: 2021.06.28

  • Slow ring: -

New features and improvements

Product

  • This version includes a new Event Correlation engine, for Endpoint Detection and Response solutions (EDR/XDR). This update is silent, with no disruptions and no actions required from your side.

Version 4.17.32.200182

Release date:

  • Fast ring: 2021.06.28

  • Slow ring: 2021.06.28

New features and improvements

Product

  • This update makes the transition towards Endpoint Security for Mac version 7 for existing installations. Endpoints on fast ring will migrate to version 7 in one step. Endpoints on slow ring will migrate gradually, closely monitored by Bitdefender. In all cases, the update is silent, with no disruptions and no actions required from your side.

  • Added support for silent uninstallation of password-protected agents, using command lines. For details, refer to this topic.

Version 4.17.26.200176

Release date:

  • Fast ring: 2021.05.31

  • Slow ring: 2021.05.31

Resolved issues

Product

  • Restricted access to certain product files to prevent non-privileged users from bypassing Bitdefender security settings.

Version 4.15.40.200140

Release date:

  • Fast ring: 2021.05.27

  • Slow ring: 2021.05.27

New features and improvements

Product

General availability for Endpoint Security for Mac with universal binaries. After this update, all endpoints will be able to migrate to a product version that supports both Intel and M1 processors.

Note

Endpoint Security for Mac with universal binaries only installs on macOS Sierra (10.12) and later.

Version 4.17.25.200175

Release date:

  • Fast ring: 2021.05.12

  • Slow ring: 2021.05.19

Important

This version also includes the improvements and fixes delivered with version 4.17.24.200174 on fast ring.

New features and improvements

Endpoint Security for Mac changed the way it handles security certificates to improve the user experience:

  • Content Control.The product installs the SSL certificate only when the GravityZone security policy applied on the endpoint has the Scan SSL option enabled. In such case, after deployment on macOS Big Sur (11.x), the product requires user’s approval to install the certificate. If the certificate has been installed, but not trusted, the product requires users to trust it.

    On macOS Catalina (10.15) and older versions, the product continues to install the SSL certificate without requiring users’ interaction.

  • EDR sensor. The product no longer installs a separate security certificate for the Endpoint Detection and Response (EDR) module.

  • GUI. When the SSL certificate is not installed or not trusted, and the security policy has Scan SSL enabled, the product displays a critical issue in the interface. Users are no longer prompted every three hours to allow the certificate.

Resolved issues

Content Control

Addressed an issue that prevented internet access in the following situations:

  • On macOS Big Sur (11.x), the SSL certificate was not approved and the Scan SSL policy option was disabled.

  • On macOS Catalina (10.15) and older, the Scan SSL policy option was disabled when installing the agent.

In both cases, it was necessary to enable Scan SSL in the GravityZone policy to allow internet access.

Version 4.17.24.200174

Release date:

  • Fast ring: 2021.05.10

  • Slow ring: -

New features and improvements

This update brings changes to the way Endpoint Security for Mac handles security certificates to improve the user experience:

  • Content Control.The product installs the SSL certificate only when the GravityZone security policy applied on the endpoint has the Scan SSL option enabled. In such case, after deployment on macOS Big Sur (11.x), the product requires user’s approval to install the certificate. If the certificate has been installed, but not trusted, the product requires users to trust it.

    On macOS Catalina (10.15) and older versions, the product continues to install the SSL certificate without requiring users’ interaction.

  • EDR sensor. The product no longer installs a separate security certificate for the Endpoint Detection and Response (EDR) module.

  • GUI. When the SSL certificate is not installed or not trusted, and the security policy has Scan SSL enabled, the product displays a critical issue in the interface. Users are no longer prompted every three hours to allow the certificate.

Version 4.17.21.200171

Release date:

  • Fast ring: 2021.04.21

  • Slow ring: 2021.04.22

Important

This version also includes the improvements and fixes delivered with version 4.17.20.200170 on fast ring.

Resolved issues

Graphical user Interface

  • The product window slowed down when the History section contained many elements.

  • Clearing events in the History section only worked after a product window refresh, by switching to another section or closing and reopening the window.

  • The product window showed up on screen after performing an update.

Antimalware

BDLDaemonApp crash caused quick scan task to stop on macOS Big Sur.

Remote troubleshooting

Application services restarted at the beginning of a debug session.

Version 4.17.20.200170

Release date:

  • Fast ring: 2021.04.20

  • Slow ring: -

Resolved issues

Antimalware

  • BDLDaemonApp crash caused quick scan task to stop on macOS Big Sur.

Graphical user interface

  • The product window showed up on screen after performing an update.

Remote troubleshooting

  • Application services restarted at the beginning of a debug session.

Version 4.17.16.200166

Release date:

  • Fast ring: 2021.04.12

  • Slow ring: 2021.04.12

New features and improvements

General

Added support for Apple M1 processors, with the following protection modules:

  • Antimalware

  • Device Control

  • Content Control

  • Encryption

Support for other features on Apple M1 will be added in time.

Note

  • This version of Endpoint Security for Mac has universal binaries and runs natively on both Intel and Apple M1 architectures. In case of existing installations on systems running macOS versions older than Big Sur (11.x), you must first update them to the intermediary version 4.15.139.200139. This will enable migration to the new update location for product versions with universal binaries.

  • This version does not install on OS X El Capitan (10.11), following the Bitdefender announcement regarding the end of support for this operating system. We advise you to upgrade the operating system to a supported version to benefit from the latest Bitdefender protection technologies.

Resolved issues

General

  • Installing the macOS kit (Apple M1) on machines with M1 processors prompted endpoint users to install Rosetta as well.

  • The product failed to connect to Bitdefender cloud services due to an internal issue.

Graphical user interface

  • The application top menu was not displayed when launching Endpoint Security for Mac from the dock.

  • Events sorting in the History section was not performed by date after making actions such as resizing columns.

Version 4.15.139.200139

Release date:

  • Fast ring: 2021.04.12

  • Slow ring: 2021.04.22

New features and improvements

Product

With the introduction of new macOS kits in GravityZone Control Center during the first quarter of 2021, the new Endpoint Security for Mac installations can run natively on both Intel and Apple M1-based machines with macOS Big Sur.

For existing installations running on Intel-based machines with macOS versions before Big Sur (11.x), Bitdefender has started a migration process in two steps:

  1. Existing installations must first update to the intermediary version 4.15.139.20019. This version changes the update location and makes possible the next step.

  2. Existing installations can further download and install the new version 4.17.16.200166 with universal binaries, which comes with improvements and fixes for both Intel and Apple M1 systems.

Note

The new version 4.17.16.200166 will not install on machines running OS X El Capitan (10.11), following the end of support for this operating system. Before updating the product, we advise you to upgrade to a supported macOS version.

Version 4.15.137.200137

Release date:

  • Fast ring: 2021.03.09

  • Slow ring: -

New features and improvements

Product

  • This update enables migration to the new version of Endpoint Security for Mac with universal binaries, which will provide support for both Intel and Apple M1 processors.

Resolved issues

Product

  • Addressed an issue that affected the functionality of Endpoint Security for Mac when upgrading the operating system to macOS Big Sur 11.3.

Version 4.15.127.200127

Release date:

  • Fast ring: 2021.02.02

  • Slow ring: 2021.02.11

Important

This version also includes all the improvements and fixes delivered with versions 4.14.101.200101 and 4.15.124.200124, previously released on fast ring only.

New features and improvements

Content Control

  • Added support for Content Control in macOS Big Sur.

    Starting with version 11.2 of the operating system, the Content Control module is compatible with other network extensions, such as Cisco AnyConnect VPN. On Big Sur versions before 11.2, Content Control enters the passthrough mode and does not filter any connection.

    For details on how Endpoint Security for Mac works on macOS Big Sur, refer to this topic.

    Note

    This version of Endpoint Security for Mac runs on Apple machines with M1 processors through Rosetta 2 (no native compatibility).

Resolved issues

Product

  • Using the product in silent mode created performance issues due to high memory usage.

Content Control

  • On macOS versions before Big Sur, the Content Control module prevented large files from being uploaded while using services such as Microsoft OneDrive, Box.com, and WeTransfer.com.

Version 4.15.124.200124

Release date:

Fast ring: 2021.01.14

Slow ring: -

New features and improvements
  • Added limited support for Content Control in macOS Big Sur.

  • The Content Control module enters the passthrough mode and stops filtering any connection when another application with a network extention is installed on the endpoint (for example, Cisco AnyConnect VPN). This happens due to an incompatibility related to the operating system.

Limitation
  • The Content Control module enters the passthrough mode and stops filtering any connection when another application with a network extention is installed on the endpoint (for example, Cisco AnyConnect VPN). This happens due to an incompatibility related to the operating system.

    For details about configurations required for Content Control to work in macOS Big Sur, refer to this article.Changes to Bitdefender Endpoint Security for Mac in macOS Big Sur

Version 4.14.101.200101

Release date:

Fast ring: 2020.12.15

Slow ring: -

Resolved Issues

Generic

  • Using the product in silent mode caused performance issues in some cases.

Content Control

  • Fixed an issue on macOS versions older than Big Sur (10.15), where the product prevented large files from being uploaded while using services such as Microsoft OneDrive, Box.com, and WeTransfer.com.

Version 4.14.96.200096

Release date:

Fast ring: 2020.11.03

Resolved Issues

Content Control

  • Fixed an issue causing internet speed slowdown.

Version 4.14.93.200093

Release date:

  • Fast ring: 2020.10.19

  • Slow ring: -

New features and improvements

Generic

  • Added support for macOS Big Sur (11.0). All modules and features are compatible with Big Sur, except for  Content Control.

Version 4.13.86.200086

Release date:

  • Fast ring: 2020.09.03

  • Slow ring: 2020.09.09

Important

This version includes on the slow ring all the improvements and fixes delivered with the Endpoint Security for Mac version 4.13.85.200085, which was previously released only on the fast ring.

Resolved issues

Antimalware

  • In some cases, the Antimalware module failed to generate events for individual detections during on-demand scanning.

Generic

  • Clicking the Endpoint Security for Mac Help option failed to redirect the user to the product documentation.

  • Fixed a crash occurring on some machines during update.

Version 4.13.85.200085

Release date:

  • Fast ring: 2020.09.01

  • Slow ring: -

Resolved issues

Antimalware

  • In some cases, the Antimalware module failed to generate events for individual detections during on-demand scanning.

Generic

  • Clicking the Endpoint Security for Mac Help option failed to redirect the user to the product documentation.

Version 4.12.81.200081

Release date:

  • Fast ring: 2020.06.30

  • Slow ring: 2020.07.02

Important

This version includes on the slow ring all the improvements and fixes delivered with the Endpoint Security for Mac version 4.12.80.200080, which was previously released only on the fast ring.

New features and improvements

Endpoint Detection and Response (EDR)

  • Added support for generating incidents on GravityZone Elite licensed endpoints.

  • Added support for upcoming features available with the next GravityZone release.

Antimalware

  • Optimized CPU usage for certain operations related to process exclusions with wildcards.

Remote troubleshooting

  • Added support for gathering logs from macOS endpoints starting with the next GravityZone release.

User Interface

  • The screen informing users about a blocked website now supports dark mode.

Resolved issues

Antimalware

  • In some cases, the Cancel button did not stop a scan in progress.

Endpoint Detection and Response (EDR)

  • In some cases, the EDR module caused high CPU usage while Time Machine was creating backup files.

Assignment Rules

  • Modifying assignment rules for inactive policies triggered notifications in the GravityZone console.

Network Protection

  • Traffic Scan blocked login to www.asana.com.

  • Traffic Scan blocked authentication using Duo and Okta through Cisco AnyConnect.

  • The product blocked login through identity card.

Device Control

  • The product was sending events to the GravityZone console with the Device Control module disabled.

User interface

  • The product main window used to appear after the product silent installation.

  • Fixed an issue that caused a product crash on version 4.12.80.200080 on fast ring.

Generic

  • The product caused high disk space usage when failed to delete old dump files after a certain amount of time.

Version 4.12.80.200080

Release date:

  • Fast ring: 2020.06.26

  • Slow ring: -

New features and improvements

Endpoint Detection and Response (EDR)

  • Added support for generating incidents on GravityZone Elite licensed endpoints.

  • Added support for upcoming features available with the next GravityZone release.

Antimalware

  • Optimized CPU usage for certain operations related to process exclusions with wildcards.

Remote troubleshooting

  • Added support for gathering logs from macOS endpoints starting with the next GravityZone release.

User Interface

  • The screen informing users about a blocked website now supports dark mode.

Resolved issues

Endpoint Detection and Response (EDR)

  • In some cases, the EDR module caused high CPU usage while Time Machine was creating backup files.

Assignment Rules

  • Modifying assignment rules for inactive policies triggered notifications in the GravityZone console.

Network Protection

  • Traffic Scan blocked login to www.asana.com.

  • Traffic Scan blocked authentication using Duo and Okta through Cisco AnyConnect.

  • The product blocked login through identity card.

Device Control

  • The product was sending events to the GravityZone console with the Device Control module disabled.

User interface

  • The product main window used to appear after the product silent installation.

Generic

  • The product caused high disk space usage when failed to delete old dump files after a certain amount of time.

Version 4.11.71.200071

This section provides information on the changes delivered with version 4.11.71.200071 of Endpoint Security for Mac.

Release date:

  • Fast ring: 2020.06.12

  • Slow ring: 2020.06.17

New features and improvements
  • Added support for Korean in the product user interface.

Resolved issues
  • In some cases, the product caused system crashes.

Version 4.11.69.200069

Release date:

  • Fast ring: 2020.05.07

  • Slow ring: 2020.05.08

Caution

This version includes on the slow ring all the improvements and fixes delivered with the Endpoint Security for Mac version 4.11.68.200068, which was previously released only on the fast ring.

New features and improvements
  • Improved performance upon installing applications.

Resolved issues
  • In some cases, the BDLDaemon service consumed large amounts of RAM.

  • Using the wildcard * (asterisk) for On-Access process exclusions caused sometimes performance issues.

Version 4.11.68.200068

Release date:

  • Fast ring: 2020.04.29

  • Slow ring: -

Resolved issues
  • In some cases, the BDLDaemon service consumed large amounts of RAM.

  • Using the wildcard * (asterisk) for On-Access process exclusions caused sometimes performance issues.

Version 4.11.66.200066

Release date:

  • Fast ring: 2020.04.10

  • Slow ring: 2020.04.14

Caution

This version includes on slow ring all the improvements and fixes delivered with the Endpoint Security for Mac version 4.11.64.200064, released on fast ring.

New features and improvements
  • Added support for moving endpoints between companies in GravityZone Control Center.

  • Improved the product graphical interface in macOS dark mode.

Resolved issues
  • The product prevented files from being copied from one location to another on a Linux file server using AFP.

  • In some cases, the product crashed after updating to version 4.11.64.200064 on fast ring.

  • Encryption windows were improperly displayed in macOS High Sierra (10.13).

  • The Content Control module blocked certain websites on networks with proxy servers, when Traffic Scan was enabled.

  • Fixed incompatibilities with some apps and services that caused the following issues:

    • System freeze when using the Box app.

    • Blocked devices when using the Cast feature in Google Chrome.

    • Blocked online radio station when activating Telenet Safespot Guard.

  • The product caused high CPU usage and system freeze in certain scenarios.

  • The History section displayed incorrect product and engine versions.

  • The About section displayed an incorrect link to Technical Support.

  • The product interface displayed an incomplete status message in Polish.

Version 4.11.64.200064

Release date:

  • Fast ring: 2020.04.06

  • Slow ring: -

New features and improvements
  • Added support for moving endpoints between companies in GravityZone Control Center.

  • Improved the product graphical interface in macOS dark mode.

Resolved issues
  • The Content Control module blocked certain websites on networks with proxy servers, when Traffic Scan was enabled.

  • Fixed incompatibilities with some apps and services that caused the following issues:

    • System freeze when using the Box app.

    • Blocked devices when using the Cast feature in Google Chrome.

    • Blocked online radio station when activating Telenet Safespot Guard.

  • The product caused high CPU usage and system freeze in certain scenarios.

  • The product blocked USB storage devices for Apple Mobile Accounts, although the GravityZone policy was configured to allow access.

  • The History section displayed incorrect product and engine versions.

  • The About section displayed an incorrect link to Technical Support.

  • The product interface displayed an incomplete status message in Polish.

Version 4.10.59.200059

Release date:

  • Fast ring: 2020.03.20

  • Slow ring: 2020.03.23

Resolved issues
  • Failed Time Machine backups on NAS servers.

  • Performance decrease on systems updated to the latest versions of Endpoint Security for Mac.

  • Failed product installations through Windows relays.

Version 4.10.58.200058

Release date:

  • Fast ring: 2020.03.09

  • Slow ring: 2020.03.10

Resolved Issues
  • Fixed some Content Control issues occurred with version 4.10.57.200057:

    • Blocked Zscaller App on macOS Catalina (10.15).

    • Blocked access to certain websites via VPN.

    • Blocked email sending from Outlook.

    • Browsing slowdown on Office 365.

    • Occasional slowdown or freeze of the operating system after login.

Version 4.10.57.200057

Release date:

  • Fast ring: 2020.02.21

  • Slow ring: 2020.02.21

Resolved issues
  • In some cases, the Content Control module has caused internet browsing to slow down after update to version 4.10.56.200056.

Version 4.10.56.200056

Release date:

  • Fast ring: 2020.02.12

  • Slow ring: 2020.02.17

Important

  • This update and the following are available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) have reached end of support on December 31st, 2019.

  • This version includes on the slow ring the improvements and fixes delivered with the Endpoint Security for Mac version 4.10.54.200054, released on fast ring.

New features and improvements
  • Added support for the following capabilities:

    • Restore quarantined files in custom path.

    • Exclude restored files from scanning with Advanced Threat Control.

  • The product user interface is now available in Simplified Chinese. Other user interface improvements on the supported languages.

Removed features
  • Removed from the product interface the option to exclude Time Machine backup files from scanning. The backup files continue, by default, to be scanned on-access, but not on-demand.

Resolved issues
  • In some cases, an internal issue prevented the product update from version 4.9.51.200051 to 4.10.54.200054.

  • The Change Password option for encrypted volumes was disabled after updating from version 4.9.51.200051 to 4.10.54.200054.

  • In some cases, the Content Control module blocked iTunes and iCloud on Safari.

  • The Content Control module blocked some web radio services, such as capradio.org and tunein.com.

  • The product failed to detect infected archives (level 4 deep or more), when a second custom scan was started from the graphic interface.

  • In corner-case scenario, MacBook endpoints became unresponsive for a few seconds after login.

Version 4.10.54.200054

Release date:

  • Fast ring: 2020.02.04

  • Slow ring: -

Important

  • This update and the following are available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) have reached end of support on December 31st, 2019.

New features and improvements
  • Added support for the following capabilities:

    • Restore quarantined files in custom path.

    • Exclude restored files from scanning with Advanced Threat Control.

  • The product user interface is now available in Simplified Chinese. Other user interface improvements on the supported languages.

Removed features
  • Removed from the product interface the option to exclude Time Machine backup files from scanning. The backup files continue, by default, to be scanned on-access, but not on-demand.

Resolved issues
  • In some cases, the Content Control module blocked iTunes and iCloud on Safari.

  • The Content Control module blocked some web radio services, such as capradio.org and tunein.com.

  • The product failed to detect infected archives (level 4 deep or more), when a second custom scan was started from the graphic interface.

  • In corner-case scenario, MacBook endpoints became unresponsive for a few seconds after login.

Version 4.9.51.200051

Release date:

  • Fast ring: 2019.12.05

  • Slow ring: 2019.12.10

Important

  • This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.

New features and improvements
  • The product now reports in real time detections and actions taken on during on-demand scans.

  • The History section now displays status messages related to the Antimalware, EDR, Content Control and Encryption modules.

Resolved issues
  • On macOS Mojave (10.14), the product created a large amount of PLIST files after update.

Version 4.8.49.200049

Release date:

  • Fast ring: 2019.11.20

  • Slow ring: 2019.11.25

Important

  • This version also includes on slow ring the improvements and fixes delivered with the Endpoint Security for Mac version 4.8.47.200047, released on fast ring.

  • This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.

New features and improvements
  • Advanced Threat Control is now available for Mac. This module relies on a behavior anomaly detection technology that provides protection against never-seen-before threats in the on-execution stage.

    Advanced Threat Control is available with any new Endpoint Security for Mac installation. For existing installations, you must use the Reconfigure Client task from the GravityZone console.

  • Added support for configuring Antimalware On-Access and On-Demand exclusions, in the GravityZone console, with the following options:

    • Files, folders and processes with wildcards. Asterisk (*) replaces zero, one or more characters, question mark (?) replaces for one character.

    • File hash.

    • Certificate thumbprint.

    • Detection name.

  • Added support for configuring exclusions for Traffic Scan with the following options:

    • IP mask.

    • URLs with wildcards. Asterisk (*) replaces zero, one or more characters, question mark (?) replaces one character.

  • Added support for the option Shut down computer when scan is finished from the GravityZone console.

  • Improved update messages in the product interface.

Resolved issues
  • In some cases, the operating system became unresponsive after enabling the EDR module.

  • In certain situations, the product caused the operating system to become unresponsive for a few seconds during or after login.

  • The product did not display Update Report notifications after successfully performing a product update.

  • The Content Control module failed to inject the MITM certificate when creating a new Firefox profile.

  • The product failed to delete certain leftover files after installation via Relay.

  • The product update failed when no direct connection to Update Server was available.

  • The product caused high CPU usage with On-Access and On-Demand scanning.

  • In specific cases, the product was using 100% CPU when detecting malware.

Version 4.8.47.200047

Release date:

  • Fast ring: 2019.11.11

  • Slow ring: -

Important

This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.

New features and improvements
  • Advanced Threat Control is now available for Mac. This module relies on a behavior anomaly detection technology that provides protection against never-seen-before threats in the on-execution stage.

    Advanced Threat Control is available with any new Endpoint Security for Mac installation. For existing installations, you must use the Reconfigure Client task from the GravityZone console.

  • Added support for configuring Antimalware On-Access and On-Demand exclusions, in the GravityZone console, with the following options:

    • Files, folders and processes with wildcards. Asterisk (*) replaces zero, one or more characters, question mark (?) replaces for one character.

    • File hash.

    • Certificate thumbprint.

    • Detection name.

  • Added support for configuring exclusions for Traffic Scan with the following options:

    • IP mask.

    • URLs with wildcards. Asterisk (*) replaces zero, one or more characters, question mark (?) replaces one character.

  • Added support for the option Shut down computer when scan is finished from the GravityZone console.

  • Improved update messages in the product interface.

Resolved issues
  • The product did not display Update Report notifications after successfully performing a product update.

  • The Content Control module failed to inject the MITM certificate when creating a new Firefox profile.

  • The product failed to delete certain leftover files after installation via Relay.

  • The product update failed when no direct connection to Update Server was available.

  • The product caused high CPU usage with On-Access and On-Demand scanning.

  • In specific cases, the product was using 100% CPU when detecting malware.

Version 4.7.39.200039

Release date:

  • Fast ring: 2019.10.01

  • Slow ring: 2019.10.03

Important

This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.Bitdefender Endpoint Security for Mac end of support for OS X Mavericks (10.9) and OS X Yosemite (10.10)

New features and improvements
  • Official support for macOS Catalina (10.15).

Version 4.7.38.200038

Release date:

  • Fast ring: 2019.09.10

  • Slow ring: 2019.09.24

Important

This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.Bitdefender Endpoint Security for Mac end of support for OS X Mavericks (10.9) and OS X Yosemite (10.10)

New features and improvements
  • Compatibility changes for macOS Catalina (10.15).

Version 4.7.32.200032

Release date:

  • Fast ring: 2019.08.08

  • Slow ring: 2019.08.21

Important

  • This version also includes on slow ring the improvements and fixes delivered with the Endpoint Security for Mac version 4.7.30.200030, released on fast ring.

  • On slow ring, this update will be delivered with any new 4.7.32.200032 installation of Endpoint Security for Mac. Existing installations on slow ring (version 4.6.20.200020 or older) will be progressively migrated over the next few weeks.

  • This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.Bitdefender Endpoint Security for Mac end of support for OS X Mavericks (10.9) and OS X Yosemite (10.10)

New features and improvements
  • Introduced a new Antimalware technology, which uses a macOS kernel extension for on-access scanning. This technology is designed to accommodate new features like process exclusions and future enhancements.

    Note

    Starting with macOS High Sierra (10.13), user approval or whitelisting via MDM is required for loading kernel extensions. Until Bitdefender kernel extensions are approved, on-access scanning falls back on the old file system notifications technology to ensure the system is protected immediately after installation. On-access scanning uses an existing kernel extension, so for existing installations there is no need to approve Bitdefender kernel extensions again if approved previously.

  • Content Control now scans all HTTP web traffic, regardless of the browser or application performing web access. You can now configure application exclusions for Traffic Scan.

  • Added support for reporting Content Control detections in EDR incidents.

  • Added support for process exclusions, where any file accessed by an excluded process is not scanned. Process exclusions are intended to be used by advanced users or following Bitdefender Enterprise Support recommendations.

  • Added support for $HOME user path variable when configuring exclusions, as well as the scan target of custom scan tasks.

  • Added support for granular threat type reporting to the GravityZone console (e.g. spyware, adware, application).

  • Quick Scan tasks ran from the GravityZone console now scan all user folders in addition to critical system locations.

  • Added support for the Empty Quarantine option from the GravityZone console. Now, the Empty Quarantine button is also available locally, in the Endpoint Security for Mac interface.

  • The Update Virus Database option name from the Actions menu was renamed to Check for Updates.

  • The Encryption-related windows now display the product name ("Endpoint Security for Mac").

  • The About window now displays the product engines version.

  • The Bitdefender kernel extension used for on-access scanning is now automatically installed on older Endpoint Security for Mac installations where it was not already installed. In such case, on macOS 10.13+ systems, the user will be prompted to approve loading of Bitdefender kernel extensions.

Resolved issues
  • In some cases, the product did not report the Antimalware module installation.

  • On-demand scanning tasks for local drives and removable drives did not properly work when scheduled from the GravityZone console.

  • The product reported an incorrect signatures version to the GravityZone console.

  • The Encryption module did not take ownership of drives encrypted with FileVault when using iCloud as option for recovery.

  • A notification regarding the Encryption module was displayed when enabling or disabling the On-access scanning module.

  • The product interface displayed simultaneous scanning tasks when one was started locally and another one from the GravityZone console.

  • The product reported incorrect update time in the GravityZone console after disabling the product update.

  • In particular cases, the EndpointSecurityforMac process was still active after removing the product with the Uninstaller utility.

  • The main window automatically showed up after the system restart.

  • The Encryption module user interface is now localized for all supported languages.

  • In version 4.7.30.200030, released on fast ring only, sending a Restart machine task from the GravityZone console caused the product interface to crash.

Version 4.7.30.200030

Release date:

  • Fast ring: 2019.07.30

  • Slow ring: -

Important

This update is available for OS X El Capitan (10.11) and later. OS X Mavericks (10.9) and OS X Yosemite (10.10) reach end of support on December 31st, 2019. Details here.Bitdefender Endpoint Security for Mac end of support for OS X Mavericks (10.9) and OS X Yosemite (10.10)

New features and improvements
  • Introduced a new Antimalware technology, which uses a macOS kernel extension for on-access scanning. This technology is designed to accommodate new features like process exclusions and future enhancements.

    Note

    Starting with macOS High Sierra (10.13), user approval or whitelisting via MDM is required for loading kernel extensions. Until Bitdefender kernel extensions are approved, on-access scanning falls back on the old file system notifications technology to ensure the system is protected immediately after installation. On-access scanning uses an existing kernel extension, so for existing installations there is no need to approve Bitdefender kernel extensions again if approved previously.

  • Content Control now scans all HTTP web traffic, regardless of the browser or application performing web access. You can now configure application exclusions for Traffic Scan.

  • Added support for reporting Content Control detections in EDR incidents.

  • Added support for process exclusions, where any file accessed by an excluded process is not scanned. Process exclusions are intended to be used by advanced users or following Bitdefender Enterprise Support recommendations.

  • Added support for $HOME user path variable when configuring exclusions, as well as the scan target of custom scan tasks.

  • Added support for granular threat type reporting to the GravityZone console (e.g. spyware, adware, application).

  • Quick Scan tasks ran from the GravityZone console now scan all user folders in addition to critical system locations.

  • Added support for the Empty Quarantine option from the GravityZone console. Now, the Empty Quarantine button is also available locally, in the Endpoint Security for Mac interface.

  • The Update Virus Database option name from the Actions menu was renamed to Check for Updates.

  • The Encryption-related windows now display the product name (Endpoint Security for Mac).

  • The About window now displays the product engines version.

Resolved issues
  • On-demand scanning tasks for local drives and removable drives did not properly work when scheduled from the GravityZone console.

  • The product reported an incorrect signatures version to the GravityZone console.

  • The Encryption module did not take ownership of drives encrypted with FileVault when using iCloud as option for recovery.

  • A notification regarding the Encryption module was displayed when enabling or disabling the On-access scanning module.

  • The product interface displayed simultaneous scanning tasks when one was started locally and another one from the GravityZone console.

  • The product reported incorrect update time in the GravityZone console after disabling the product update.

  • In particular cases, the EndpointSecurityforMac process was still active after removing the product with the Uninstaller application.

  • The main window automatically showed up after the system restart.

  • The Encryption module user interface is now localized for all supported languages.

Version 4.6.26.200026

Release date:

  • Fast ring: 2019.12.10

  • Slow ring: 2019.12.10

Important

  • This update applies to OS X El Capitan (10.11), macOS Sierra (10.12), macOS High Sierra (10.13), and macOS Mojave (10.14), all running on endpoints on slow ring. To benefit from this update, endpoints running OS X Mavericks (10.9) and OS X Yosemite (10.10) must upgrade to OS X El Capitan (10.11) or newer.

Improvements
  • Automatic migration of existing installations (version 4.6.20.200020 or older) to the latest version of Endpoint Security for Mac. This migration makes possible accommodation of new features and enhancements introduced on slow ring starting with version 4.7.32.200032.

Version 4.6.24.200024

Release date:

  • Fast ring: 2019.09.10

  • Slow ring: 2019.09.24

New features and improvements
  • Automatically update existing installations to latest Endpoint Security for Mac version upon upgrading the operating system to macOS Catalina (10.15).

Version 4.6.20.200020

Release date:

  • Fast ring: 2019.06.20

  • Slow ring: 2019.06.24

Important

This version also includes on slow ring the improvements and fixes delivered with the Endpoint Security for Mac versions 4.6.9.200009, 4.6.12.200012, 4.6.15.200015, and 4.6.17.200017, all released on fast ring.

New features and improvements
  • Endpoint Security for Mac now uses FileVault to encrypt boot drives and diskutil to encrypt non-boot drives, respectively. Depending on the drive type, the security agent automatically leverages the appropriate application, with minimal input from users.

    Support for FileVault and diskutil was first introduced with version 4.6.9.200009 on fast ring, but this version comes with additional changes for Macs with T2 chips to accommodate the latest macOS updates.

    Updates from version 4.6.9.200009 or later

    The update only changes how boot drive decryption on Macs with T2 chips is performed.

    • In case of boot drives encrypted by older product versions (that were using diskutil, before 4.6.9.20009), users are now required to enter their disk passwords to also decrypt with diskutil, instead of FileVault as before. It is recommended to decrypt and re-encrypt such endpoints, in order to generate valid recovery keys in GravityZone.

    • In case of boot drives encrypted by Endpoint Security for Mac after updating to 4.6.9.20009 (using FileVault), decryption still leverages FileVault, prompting the user for their system credentials.

    New installations and updates from version 4.5.95.179560 or older

    • For boot drives not currently encrypted, when an encryption policy is applied, the security agent prompts the users to enter their system credentials to send the corresponding recovery key to GravityZone and to start encryption with FileVault.

    • For boot drives previously encrypted by older versions of Endpoint Security for Mac (using diskutil):

      • After update, if an encryption policy is already applied on Mac endpoints, no user interaction is required. The encryption passwords and the recovery keys previously configured will continue to function as before the update, until a decryption policy will be applied. At that moment, the security agent will decrypt the boot drives with diskutil (using the old encryption passwords). At the next encryption policy, those boot drives will be encrypted with FileVault (using system credentials) and new recovery keys will be stored in GravityZone.

      • After update, when a decryption policy is applied on Mac endpoints, the security agent prompts the users to enter their passwords previously configured to encrypt the disk, in order to start the decryption process.

      You do not need to apply a new GravityZone policy for the above changes to take place. The security agent will prompt the users with corresponding windows according to the existing policy settings.

    • For boot drives encrypted with FileVault, independently of GravityZone:

      • When an encryption policy is applied, the security agent prompts the users to change the recovery key by entering their system credentials. The new recovery key will be stored in GravityZone.

      • When a decryption policy is applied, the security agent prompts the users to enter their security system credentials in order to start the decryption process with FileVault.

    • Non-boot drives are encrypted with diskutil and the encryption and decryption processes work as before with no changes.

      • When an encryption policy is applied, the security agent prompts the users to configure a password to start the encryption process and to send a recovery key to GravityZone.

      • To decrypt, the security agent prompts the users to enter their encryption password.

      • The update does not require changing the password or recovery keys for non-boot drives.

    For Macs encrypted with FileVault, the users have to enter their credentials to start the system and unlock the boot drive at the same time. Once logged on, the system will prompt the users to unlock any encrypted non-boot drives by entering the disk password.

  • The product user interface now displays the EDR Sensor status.

Resolved issues
  • In a particular situation, different Mac systems were displayed in the GravityZone console under the same Mac endpoint.

  • Traffic Scan caused file corruption when using FTP in passive mode.

  • Traffic Scan caused slow login to Active Directory for endpoints running High Sierra (10.13) and Mojave (10.14).

  • On systems with T2 chips, the password and recovery key set for full disk encryption would not unlock the boot drive. Users could unlock the boot drive only by using their system credentials. With the new encryption functionality, the user password is required to encrypt, unlock and decrypt a boot drive and, additionally, a recovery key is generated and backed up in GravityZone.

  • The Finder displayed an additional EFI partition on macOS Mojave (10.14) endpoints with Device Control installed, when connecting an external drive with APFS format.

  • Malware events were not sent to GravityZone console once a scheduled scan was finished.

  • The product failed to report the endpoint hostname for EDR events.

  • Other minor improvements and bug fixes.

Known issues
  • Anti-tampering module may cause crashes to the Time Machine tmutil tool, on macOS El Capitan (10.11).

  • The Decryption Process window does not reappear if clicking the "X"; button instead of Dismiss. The window reappears after a system restart.

Version 4.6.17.200017

Release date:

  • Fast ring: 2019.06.11

  • Slow ring: -

Resolved issues
  • In some cases, the endpoint would freeze for couple of minutes during user login.

Version 4.6.15.200015

Release date:

  • Fast ring: 2019.04.24

  • Slow ring: -

Resolved issues
  • Endpoints configured to communicate via Relay were still displayed as managed in the GravityZone console after uninstall.

  • Malware events were not sent to GravityZone console once a scheduled scan was finished.

  • Endpoints deployed via Relay could not communicate with the GravityZone console.

  • The product failed to report the endpoint hostname for EDR events.

  • Other minor improvements and bug fixes.

Version 4.6.12.200012

Release date:

  • Fast ring: 2019.04.08

  • Slow ring: -

Resolved issues
  • The Finder displayed an additional EFI partition on macOS Mojave (10.14) endpoints with Device Control installed, when connecting an external drive with APFS format.

  • The product crashed once the system recovered from Sleep mode.

Version 4.6.9.200009

Release date:

  • Fast ring: 2019.03.26

  • Slow ring: -

New features and improvements
  • Starting with this version, Endpoint Security for Mac supports full disk encryption with FileVault for boot drives and with diskutil for non-boot drives, respectively. Depending on the drive type, the security agent automatically leverages the appropriate application, with minimal input from users.

    This update affects new and existing installations as follows:

    • For boot drives not currently encrypted, when an encryption policy is applied, the security agent prompts the users to enter their system credentials to send the corresponding recovery key to GravityZone and to start encryption with FileVault.

    • For boot drives previously encrypted by older versions of Endpoint Security for Mac (using diskutil):

      • After update, if an encryption policy is already applied on Macs without T2 chips, no user interaction is required. The encryption passwords and the recovery keys previously configured will continue to function as before the update, until a decryption policy will be applied. At that moment, the security agent will decrypt the boot drives with diskutil (using the old encryption passwords). At the next encryption policy, those boot drives will be encrypted with FileVault (using system credentials) and new recovery keys will be stored in GravityZone.

      • After update, when a decryption policy is applied on Macs without T2 chips, the security agent prompts the users to enter their passwords previously configured to encrypt the disk, in order to start the decryption process.

      • After update, if an encryption policy is already applied on Macs with T2 chips, the security agent prompts the users to change the recovery key by entering their system credentials. The new recovery key will be stored in GravityZone.

      • After update, when a decryption policy is applied on Macs with T2 chips, the security agent prompts the users to enter their system credentials in order to start the decryption process with FileVault.

      You do not need to apply a new GravityZone policy for the above changes to take place. The security agent will prompt the users with corresponding windows according to the existing policy settings.

    • For boot drives encrypted with FileVault (Macs with and without T2 chips), independently of GravityZone:

      • When an encryption policy is applied, the security agent prompts the users to change the recovery key by entering their system credentials. The new recovery key will be stored in GravityZone.

      • When a decryption policy is applied, the security agent prompts the users to enter their security system credentials in order to start the decryption process with FileVault.

    • Non-boot drives are encrypted with diskutil and the encryption and decryption processes work as before with no changes.

      • When an encryption policy is applied, the security agent prompts the users to configure a password to start the encryption process and to send a recovery key to GravityZone.

      • To decrypt, the security agent prompts the users to enter their encryption password.

      • The update does not require changing the password or recovery keys for non-boot drives.

    For Macs encrypted with FileVault, the users have to enter their credentials to start the system and unlock the boot drive at the same time. Once logged on, the system will prompt the users to unlock any encrypted non-boot drives by entering the disk password.

  • The product user interface now displays the EDR Sensor status.

Resolved issues
  • In a particular situation, different Mac systems were displayed in the GravityZone console under the same Mac endpoint.

  • Traffic Scan caused file corruption when using FTP in passive mode.

  • Traffic Scan caused slow login to Active Directory for endpoints running High Sierra (10.13) and Mojave (10.14).

  • On systems with T2 chips, the password and recovery key set for full disk encryption would not unlock the boot drive. Users could unlock the boot drive only by using their system credentials. With the new encryption functionality, the user password is required to encrypt, unlock and decrypt a boot drive and, additionally, a recovery key is generated and backed up in GravityZone.

Known issues
  • Anti-tampering module may cause crashes to the Time Machine tmutil tool, on macOS El Capitan (10.11).

  • The Decryption Process window does not reappear if clicking the "X" button instead of Dismiss. The window reappears after a system restart.

Known Issues

  • Product and signatures updates cannot be scheduled. Endpoint Security for Mac is set to update hourly.

  • The information related to email address, website and phone from About section cannot be configured through the policy.

Limitations

  • The Deny access action for On-Access antimalware policy will quarantine the file.