Skip to main content

Deploying PHASR

PHASR works as an extension of the Risk Management feature, which requires a BEST agent installed on your managed endpoints with the EDR module enabled, and a policy applied to them that has the Risk Management feature enabled along with the PHASR feature.

Policies are used to enable and configure features on endpoints. Apply the following changes to the policy of your choice:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. You can either:

    • Create a new policy.

    • Edit one of your existing policies.

  4. If this is a new policy, under Risk Management, enable and configure the feature.

  5. While on the same page, make sure the PHASR toggle is enabled, and enable each activity type you would like to monitor.

    Note

    Enabling the toggle activates the feature and installs the PHASR module on the endpoints.

    There are 3 available settings for each activity type:

    • Off - PHASR will not gather any related data, and the associated widget will not display any data in the PHASR Dashboard.

    • Autopilot - PHASR will gather the data of the selected type, based on which recommendations will be created and automatically applied.

      Note

      When Autopilot is selected, all PHASR recommendations are applied automatically by the Bitdefender Autopilot technology that is integrated with BEST. You can review the restrictions applied to behavioral profiles by Autopilot, by opening the Restricted Behavioral Profiles panel from the PHASR monitored rules.

    • Direct control - PHASR will gather the data of the selected type, based on which recommendations will be created and presented in the console. The actions recommended will only be taken if manually approved.

    Switching from one setting to another, not including Off, will reset previously applied restrictions for the selected data type.

    Changing the setting for a specific data type to Off will disable restrictions, but will not remove them. They will still be available when the setting is changed again.

  6. Save your policy.

  7. If you created a new policy, apply it on the endpoints where the feature is deployed:

    1. Go to the Network page from the left side menu.

    2. Select the endpoints you want to apply the policy to.

    3. In the Actions menu, select Assign Policy.

    4. Select the policy you want to apply.

    5. Click Finish.

      Note

      For more information, refer to this kb article.

  8. If you have edited an existing policy, make sure it is applied to all endpoints where the feature is deployed.

This will ensure that the feature is enabled and configured to best suit your company's needs.

You can check if the PHASR module has been enabled on your endpoints in the Bitdefender Endpoint Security Tools interface.

PHASR_Agent_GUI.png

Important

If the target company uses Policy Assignment Rules, make sure to enable PHASR in the policy set as default for endpoints, or in the policy that is applied using the Apply Policy action, to trigger the installation of the module.

In addition, PHASR must also be enabled in the policies that are applied through assignment rules, so that the module's status remains active.

After PHASR is activated and the module is installed on endpoints, the PHASR learning phase is initiated which requires 30 days of learning before starting to generate recommendations for the behavioral profile which he discovers.

PHASR has the capability to leverage historical EDR data to reduce the duration of the learning phase, depending on the volume of the historical data at its disposal.

This means that the 30 days learning phase can be reduced to several days or get recommendations immediately.

Once the first learning phase is completed and recommendations are generated, PHASR's learning phase will persist enabling it to continually adapt to evolving user patters and behaviors.