CLOUD SOLUTIONS

Antimalware

The antimalware protection layer is based on security content scanning and heuristic analysis (B-HAVE, ATC) against: viruses, worms, Trojans, spyware, adware, keyloggers, rootkits and other types of malicious software.

Bitdefender's antimalware scanning technology relies on the following technologies:

  • First, a traditional scanning method is employed where scanned content is matched against the security content database. The security content database contains byte patterns specific to known threats and is regularly updated by Bitdefender. This scanning method is effective against confirmed threats that have been researched and documented. However, no matter how promptly the security content database is updated, there is always a vulnerability window between the time when a new threat is discovered and when a fix is released.

  • Against brand-new, undocumented threats, a second layer of protection is provided by B-HAVE, Bitdefender's heuristic engine. Heuristic algorithms detect malware based on behavioral characteristics. B-HAVE runs suspicious files in a virtual environment to test their impact on the system and ensure they pose no threat. If a threat is detected, the program is prevented from running.

Scanning engines

Bitdefender GravityZone is able to automatically set the scanning engines when creating security agent packages, according to the endpoint's configuration.

The administrator can also customize the scan engines, being able to choose between several scanning technologies:

  1. Local Scan, when the scanning is performed on the local endpoint. The local scanning mode is suited for powerful machines, having security content stored locally.

  2. Hybrid Scan with Light Engines (Public Cloud), with a medium footprint, using in-the-cloud scanning and, partially, the local security content. This scanning mode brings the benefit of better resources consumption, while involving off-premise scanning.

  3. Central Scan in Public or Private Cloud, with a small footprint requiring a Security Server for scanning. In this case, no security content set is stored locally, and the scanning is offloaded on the Security Server.

    Note

    There is a minimum set of engines stored locally, needed to unpack the compressed files.

  4. Central Scan (Public or Private Cloud scanning with Security Server) with fallback* on Local Scan (Full Engines)

  5. Central Scan (Public or Private Cloud scanning with Security Server) with fallback* on Hybrid Scan (Public Cloud with Light Engines)

* When using a dual engines scanning, if the first engine is unavailable, the fallback engine will be used. Resource consumption and network utilization will depend on the used engines.