## PARTNERS

### Configuring profiles

The Configuration Profiles section allows you to create and manage collections of settings that you can assign to one or more policies in a fast and efficient manner.

Configuration profiles include:

#### Exclusions

The Exclusions page enhances your control over the content of policies by creating and managing exclusion lists that can be tailored to the profile of every segment in your environment.

This single-source exclusion management system bypasses the need to inherit the settings from one policy to another in order to reuse exclusions, by allowing you to create and manage exclusions and exclusion lists outside the policy.

You can reuse an exclusion in one or multiple lists, and then assign these lists to one or multiple policies, thus allowing you complete freedom to customize the content that will be excluded from scanning. Furthermore, when you assign a list of exclusions to a policy, you will be able to view how many endpoints will be impacted by the change.

This will result in having and using leaner and more targeted policies, which will increase the overall performance and stability of your environment, and reduce the workload of your SOC team by lowering the amount of false-positive events.

### Important

Bitdefender security agent can exclude from scanning certain object types. Antimalware exclusions are to be used in special circumstances, or following Microsoft or Bitdefender recommendations. For an updated list of exclusions recommended by Microsoft, please refer to this web article.

The Exclusions page includes two major areas:

1. The Exclusion lists panel, where you can create and manage exclusion lists.

2. The Exclusions grid, where you can create new exclusions, or manage exclusions already assigned to exclusion lists.

In the Exclusion lists panel you can create new lists and manage them, and also have access to all the available lists created in your company by other users with manage network rights.

• The DEFAULT EXCLUSION LISTS section includes all the lists of exclusions available in your company, created by all the users with manage network rights, including lists created by you.

• The MY LISTS section includes only the lists of exclusions you have created.

You can create a new list by clicking the NEW LIST button.

###### Creating a new exclusion list

To create a new exclusion list:

1. Click the NEW LIST button to open the window where you can define your new list.

2. Name your new list by filling out the Title field.

### Note

This field is mandatory.

After naming and describing your list you can start defining the exclusion rules.

4. Select the excluded object type from the menu:

• File: only the specified file

• Folder: all files and processes inside the specified folder and from all of its subfolders

• Extension: all items having the specified extension

• Process: any object accessed by the excluded process

• File Hash: the file with the specified hash

• Certificate Hash: all the applications under the specified certificate hash (thumbprint)

• Threat Name: any item having the detection name (not available for Linux operating systems)

• Command Line: the specified command line (available only for Windows operating systems)

• IP/Mask: The IP address or IP mask (0-255 format) for which inbound and outbound traffic will be excluded from scanning.

### Warning

In agentless VMware environments integrated with vShield, you can exclude only folders and extensions. By installing Bitdefender Tools on the virtual machines, you can also exclude files and processes.

During the installation process, when configuring the package, you must select the check box Deploy endpoint with vShield when a VMware environment integrated with vShield is detected.

5. Provide the details specific to the selected exclusion type:

File, Folder or Process

Enter the path to the item to be excluded from scanning. You have several helpful options to write the path:

• Declare the path explicitly:

For example: C:\temp

To add exclusions for UNC paths, use any of the following syntaxes:

\\hostName\shareName\filePath

\\IPaddress\shareName\filePath

• Use the system variables available in the drop-down menu:

For process exclusions, you must also add the name of the application's executable file.

For example:

%ProgramFiles% - excludes the Program Files folder

%WINDIR%\system32 – excludes folder system32 within Windows folder

### Note

It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers.

• Use wildcards:

The asterisk (*) substitutes for zero or more characters. The question mark (?) substitutes for exactly one character. You can use several question marks to define any combination of a specific number of characters. For example, ??? substitutes for any combination of exactly three characters.

For example:

C:\Test\*.* – excludes all files from Test folder

C:\Test\*.png – excludes all PNG files, from the Test folder

C:\Test\* - excludes all folders and subfolders from Test

C:\Program Files\WindowsApps\Microsoft.Not??.exe – excludes the Microsoft Notes processes.

### Note

Process exclusions do not support wildcards on Linux operating systems.

Extension

Enter one or more file extensions to be excluded from scanning, separating them with a semicolon ";". You can enter extensions with or without the preceding dot. For example, enter txt to exclude text files.

### Note

On Linux-based systems, file extensions are case sensitive and the files with the same name but with different extension are considered distinct objects. For example, file.txt is different from file.TXT.

File hash, Certificate hash, Threat name, or Command line

Enter the file hash, certificate thumbprint (hash), the exact name of the threat or the command line depending on the exclusion rule. You can use one item per exclusion.

6. Select the scanning methods to which the rule applies. Some exclusions may be relevant for just one of the scanning modules (On-access scanning, On-demand scanning, ATC/IDS, Ransomware Mitigation), while others may be recommended for all of the modules.

### Note

The Modules field will pre-select by default all the modules relevant for the selected Object type.

Optionally, you can import already defined rules from a CSV file.

To remove any of the created exclusions from the list just click the Remove button.

8. After defining all the exclusion rules you want in the list click SAVE.

The newly created list will be available in the MY LISTS section, as well as in the DEFAULT EXCLUSION LISTS, where all the users with manage rights will be able view it and assign it to policies. See Assigning exclusion lists to policies for details on how to assign an exclusion list to one or multiple policies.

Assigning exclusion lists to policies

To assign an exclusion list to one or multiple policies:

1. Select the desired exclusion list from the Exclusion lists panel.

The grid area will be populated with all the exclusion rules assigned to the selected list.

Here you can add new exclusions, delete existing ones, or filter them by multiple criteria. See The Exclusions grid for more details on how to configure the grid area and filter exclusions.

2. Click the list name to open its side details panel.

The details panel includes general information about the lists origins, relevant details, and actions you can take.

3. Click the ADD TO POLICY to assign the exclusion list to one or multiple policies.

4. From the drop-down menu, select the policies that will add the exclusion list to their content and click APPLY.

In the Policies Preview area you can see the policies you are about to update, and how many endpoints will be impacted by the exclusion list.

5. Click CONFIRM to complete the process.

Deleting an exclusion list

To delete an exclusion list:

1. Expand the exclusion list's detail's panel and click DELETE.

You will be prompted a confirmation message, displaying the policies that will have the list removed, and how many endpoints you will impact if you decide to delete the exclusion list.

2. Click DELETE to go through with the deletion, or CANCEL to exit the operation.

In the Exclusions grid area you can create new exclusion rules from scratch, use the extensive filtering options to manage existing exclusions and assign them to lists.

• If you click the All exclusion bar at the top of the lists section the grid area will populate with all the exclusion rules created so far in your environment, regardless if they are assigned to a list or not.

• If you select any of the exclusion lists the grid area will populate with the exclusion rules assigned to that list only.

The grid area offers you multiple filtering and searching options and customization actions.

You can filter / search by:

• Object type - select the desired object type from the drop-down and click APPLY to display the available exclusion rules.

• Excluded items - type in the name of an excluded item to search and display all the rules that may contain it.

• Modules - select the desired scanning technology to display all the exclusion rules applied to that module.

• Remarks - search for exclusion rules with a specific keyword added to the Remarks field.

To customize the grid area you can take the following actions:

• Click the Show/Hide Filters button to show or hide the filters bar.

• Click the Show/Hide Columns button to add or remove filter columns.

• Click the Refresh button to refresh the list.

• Click the Clear button to reset all filters.

To create a new exclusion rule from scratch and assign it to a list:

#### Maintenance windows

The Maintenance Windows page includes settings that allow you create configuration profiles to control maintenance operations on endpoints. Being independent from the policy, you can generate multiple maintenance windows suited for every scenario that might arise within your environment.

This approach simplifies the process of configuring policies and, at the same time, helps you create and apply more targeted policies.

You can share permissions for maintenance windows, so the other GravityZone users from your company will be able to view and use them.

As a partner, you can create and modify maintenance windows for managed companies. You cannot share maintenance windows across companies. Specifically, you can use maintenance windows only in the company for which they have been created.

You can create and apply maintenance windows with Patch Management settings.

The Patch Management module releases you from the burden of keeping the endpoints updated with the latest software patches, by automatically distributing and installing patches for a vast variety of products. You can check the list of supported vendors and products in this article.

### Note

The Patch Management module is available for:

In the Maintenance Windows page, you can view, filter, search for, create, edit, and delete windows. To use a maintenance window, you must assign it to a policy in the Policies section. Creating, editing and deleting maintenance windows are recorded in User activity log.

### Note

To manage patches manually, use the options available in the Patch Inventory section.

The Maintenance Windows page includes two major areas:

1. The selection panel, which contains the list of available maintenance windows ordered by type.

2. The details grid, where you create new maintenance windows or manage the existing ones.

You can view maintenance windows only for one company at a time. To change the company, click the name of the current company in the upper-right corner of the page and make another selection in the drop-down list.

In the Maintenance Windows page you can easily filter and searching for maintenance windows by using the options available in the selection panel and in the details grid.

Under PATCH MANAGEMENT category, you can select one of these types:

• All patches

• Security patches

• Non-security patches

The details grid will display the maintenance windows accordingly. Details include:

• Window name.

• Status - indicates whether the maintenance window is being used in policies or not.

• Schedule details - indicates the number of schedules configured within the maintenance window. For example, a maintenance window with three schedules indicates one schedule for patch scanning and two for applying security and non-security patches, respectively.

• Last modified - displays date and time when the maintenance window was modified.

• Last edited by - indicates the last user who modified the maintenance window.

• Permissions - indicates whether other users have shared permissions to modify the displayed maintenance windows.

• In policies – displays the number of policies to which the maintenance windows are assigned.

You can search/filter by:

• Window name - type in one or more characters and click the magnifying glass (or press Enter) to display matching maintenance window names.

• Status - select the one of the items from the drop-down list and click APPLY to display used, unused, or all maintenance windows.

• Last modified - click to display a calendar where you can specify precise intervals.

Select one of the predefined options in the left-side panel (Last 24 hours, Last 7 days, Last 30 days) or customize the interval by using the calendar in the right-side panel. Use the left and right arrows on the sides of the panel to navigate through the calendar.

Click CONFIRM to apply the selection.

• Last edited by - type in one or more characters from the user names and click the magnifying glass (or press Enter) to display maintenance windows created or modified by certain GravityZone users.

• In the More filtering box, select Permissions and click APPLY to display maintenance windows with shared or not shared permissions.

Additional options are available in the upper-right corner of the grid:

• Click the Filter icon to show or hide the filtering options in the grid.

• Click the Columns icon to show or hide columns in the grid.

• Click the Refresh icon to load the latest data after spending much time on the page.

With maintenance windows, you control automatic patch deployment. First you will configure how patches are downloaded to the endpoints, and then which patches to install and when.

GravityZone performs patch deployment in two independent phases:

• Assessment - When requested via the management console, endpoints scan for missing patches and report them back.

• Installation - The GravityZone console sends the endpoint agents a list of patches you want to install. The agents downloads the patches and then installs them.

The maintenance window provides the settings to automate these processes, partly or entirely, so that they run periodically based on the preferred schedule.

### Important

For the assessment and installation to be successful on Windows endpoints, you must ensure the following requirements are met:

To create a maintenance window:

1. In the Maintenance Windows page, click the ADD WINDOW button.

2. Enter a window name. This field is mandatory.

3. Enable the option Allow others to make changes to this maintenance window if you want shared permissions.

4. For targeted operations, select one or both these options:

• Scan for patches - the security agent scans the endpoint for missing patches and it reports them back to GravityZone console.

• Apply patches - the GravityZone console sends the agent a list of patches you want to install. The endpoint downloads the patches from the Patch Caching Server and then installs them. Further, choose what type of patches to be installed on the endpoints:

• Security patches - include fixes for vulnerabilities / CVEs.

• Non-security patches - include bug fixes and new features for third-party applications.

Once you have selected Scan for patches and Apply patches, additional options will appear on the page, as described below.

5. Configure scheduling options:

• Smart scan for patches when new applications are installed. When a new application is installed on the endpoint, the security agent automatically scans for patches for that application.

### Note

Patch Management does not support smart scan on Linux endpoints.

• Use the same schedule for all targeted operations. The security agent scans for patches and then, as soon as possible, it installs them on the endpoint.

• Use fallback schedule compatible with Bitdefender Endpoint Security Tools for Windows version 7.3.2.x or older. This option ensures compatibility with the previous generation of the security agent which provided only limited scheduling capabilities. For the best experience with the Patch Management module, we recommend updating Bitdefender Endpoint Security Tools for Windows to version 7.4.1.111 or later.

### Important

If you apply the maintenance window with this option disabled to non-compatible endpoints, the security agent will not perform patch scanning and patch installation on them.

6. Depending on the options you have enabled, the following scheduling forms will appear on the page:

• Schedule for patch scanning, where you configure when the patch scanning operation takes place.

• Schedule for applying patches - security, where you configure when the security patches are installed on the endpoints.

• Schedule for applying patches - non-security, where you configure when the non-security patches are installed on the endpoints.

### Note

If you have selected Use the same schedule for all targeted operations, a single schedule form replaces the individual schedules.

In a schedule form, you can configure with great flexibility when the desired action (patch scanning or patch installation) to take place:

• Immediately (only for patch installation) - the security agent will install patches as soon as possible after finishing a patch scanning.

• Weekly - the security agent scans for patches and installs them during the week as follows:

• On certain weeks of the month (every one, two, three, or four weeks).

• On specific days (any selection from Monday to Sunday).

• Starting with a specific date.

• Between certain hours (any selection from 00:00 to 23:59).

• Monthly - the security agent scans for patches and installs them during the month as follows:

• On certain months of the year (every one, two, three and so on, up to every twelve months).

• On specific days (any selection from the first to the last day of the month or during specific days of the week)

• Starting with a specific date.

• Between certain hours (any selection from 00:00 to 23:59).

Examples:

• For weekly schedule, you can set a patch scan task to take place every three weeks, on Monday, Wednesday and Friday, starting 12 December 2021, between 18:00 and 19:30.

• For monthly schedule, you can set a patch scan task to take place every two months, on the third Wednesday of the month, starting 12 December 2021, between 10:00 and 10:59.

### Note

If you have chosen the scan to take place on the 31st day of the month, the task will be skipped in months with 30 days.

7. For various reasons, an endpoint may be offline when patch installation is scheduled to run. Select the option If missed, run as soon as possible to install the patches immediately after the endpoint comes back online.

8. Configure reboot preferences:

• Users postpone the system restart until a more convenient time. Select this option to allow endpoint users to restart the system whenever they want, without enforcing a time limit.

On the endpoint, the security agent will display a dialog window where users can restart the system immediately, postpone the restart alert, or pick a more convenient time.

• Users postpone the system restart only within a specific interval. Select this option to enforce a time limit within endpoint users can restart their systems. Further, you can specify:

• An additional number of minutes if the interval is missed.

• A customized message for endpoint to display before the restart.

On the endpoint, the security agent will display a dialog window where users can restart the system immediately, postpone the restart alert, or pick a more convenient time. An interface message will inform them when the restart is schedule to take place, according to the configuration made in GravityZone Control Center. The customized message will appear before the restart as a Windows message.

Example:

If you have set the interval between 16:30 and 17:30, with additional 10 minutes for missed interval, users can postpone the restart within that hour. Starting at 17:30, they will have only 10 minutes left until the automatic restart of the system, regardless of their actions.

• System restarts automatically after a specific number of minutes. Select this option to enforce automatic restart on the endpoints, after a specific time. In this case, endpoint users cannot postpone or pick a time for restart. For this option you can also customize a message to be displayed before the restart.

### Important

For endpoint users to be prompted to take actions, make sure you have enabled Endpoint restart notification, Display alert pop-ups and Display notifications pop-ups options in the General > Notifications section of the policy settings. If these options are disabled and the automatic restart not selected, you need to manually restart the endpoint after patch installation.

### Note

Patch Management currently does not support reboot on Linux endpoints.

• Select Relays with Patch Caching Server role.

The patch dissemination process is using Patch Caching Servers to optimize the network traffic. Windows endpoints connect to these servers and download patches through the local network. For high availability of patches, it is recommended to use more than one server.

Click the button to confirm your selection. Click the X icon to delete a relay from the list.

If the list is empty, then you need to install the Patch Caching Server role on Relays in your network. For details on installation, refer to Install security agents - standard procedure.

### Note

Relays can be Windows or Linux machines that will download and store updates from Microsoft and other vendors only for Windows endpoints. Once a patch required, Windows endpoints will download it from the caching server, preventing bandwidth clogging.

For each selected relay, you can configure priority. An endpoint requests a patch from the assigned servers in order of priority. The endpoint downloads the patch from the server where it finds it first. A server that lacks a requested patch will automatically download it from the vendor, to make it available for future requests.

### Note

Relays with Patch Caching Server role and the policy where the maintenance window is being used must belong to the same company. You cannot use Patch Caching Servers from other companies.

Select the option Use vendors websites as fallback location for downloading the patches to make sure your endpoints receive software patches in case Patch Caching Servers are unavailable. In case you disable this option, you risk to leave your network outdated if Patch Caching Servers are unavailable and, at the same time, the internet connection is interrupted.

• Under Vendors and products to include or exclude from being patched, create a list with applications you want to be updated or not.

A list with Included will contain the applications will be updated. All the rest will be ignored.

A list with Excluded will contain the applications ignored from updating. All the rest found on the endpoint will be updated.

If you make no selection, the security agent will update all applications installed on the endpoint.

To create a list of vendors and products:

1. Select Included or Excluded. The selected option applies to the entire list you are creating.

2. From the drop-down list, select vendors and applications, and click SELECT PRODUCTS.

3. Click the button to add your selection to the list. To delete a vendor or product, click the X icon.

4. To edit the selection, click the product name in the list to open up a contextual menu where you can make changes.

10. Click SAVE to confirm the configuration and create the maintenance window.

To edit a maintenance window, click the name in the grid to open it. After making changes, click SAVE.

To delete a maintenance window:

1. In the details grid from the Maintenance Windows page, select the check box corresponding to the maintenance window.

2. Click the DELETE button and confirm action.

### Important

When deleting an assigned maintenance window, the Patch Management module will be disabled in that policy. To re-enable it, you have to assign a new maintenance window.

To apply Patch Management settings into your network, you need to assign the maintenance window to a policy.

### Note

To assign a maintenance window created for other company, you have to log into GravityZone as an administrator of that company.

This is how you assign the maintenance window to a policy:

1. Go to Policies and click Add to create a new policy, or open an existing one to edit it.

2. In the Patch Management section, click the field next to Maintenance windows and make a selection from the drop-down list.

The list includes all the maintenance windows created by you and other users, if they have shared permissions.

3. Click Save to confirm the action.

Once the maintenance window assigned to the policy, the Patch Management section will display a summary that includes:

• Maintenance window name

• Targeted operations (Scan for patches / Apply patches)

• Patch scope (Security / Non-security)

• Recurrence

• Reboot details

You can assign only one maintenance window per policy. To assign the same maintenance window to multiple policies, you must edit each policy one by one.