Getting started

This area allows you to run a scan task or check for product updates. 

The following scan tasks are available:

For more information on scan tasks, refer to Scanning for malware.

For more information about product updates, refer to Updating the security agent.

The Status area offers useful information regarding the security of the system.

You can easily identify the current security status based on the status symbol displayed to the left of the status area:

In addition to the status symbol, a detailed security status message is displayed to the right of the status area. You can see the detected security issues by clicking inside the status area. Existing issues are fixed by your network administrator.

The Issues area displays all the current issues found on your endpoint. If any critical issue is listed, the entire status set for the BEST agent is going to be critical, regardless of the number of additional non-critical issues. 

You can also hide the items in the Issues area, click Hide issues. The items remain hidden until you reopen the security agent.

Some actions taken on your endpoint by the BEST agent will require a system restart. The restarts can be scheduled by administrators in Policies > Configuration profiles > Maintenance windows > Reboot preferences. 

Based on the settings configured by the administrator, users can choose to restart now, set a reminder, or schedule the restart for a later time.

The Tasks area displays currently running tasks. When a task is completed, the Tasks area is no longer displayed in the Overview window. 

This area displays the policy that has been applied to your endpoint. This option is available only if granted by the network administrator through policy settings in GravityZone.

The Modules area displays useful information about the status and activity of the installed protection modules.

Antimalware   

Antimalware protection is the foundation of your security. Bitdefender Endpoint Security Tools protects you in real time and on demand against malware, such as viruses, trojans, ransomware, exploits, etc.

Network Protection   

Network Protection helps safeguard you on the internet against phishing attacks, fraud attempts, private data leaks, and inappropriate web content. It also includes a comprehensive set of user controls that help the network administrator enforce computer and internet use policies.

Firewall   

The Firewall protects you while you are connected to networks and the internet by filtering connection attempts and blocking suspicious or risky connections.

If the Protection level in the policy is set to Ruleset and ask or Ruleset, known files and ask, you can choose to either Allow or Deny  the connection when Firewall notifications are displayed. Selecting the notification opens the BEST UI, where you can view more details, such as the file path, command line, and IP address.

If you want to revert any connections that users have previously allowed or denied, click Reset user rules under Overview > Modules > Firewall. This action restores the Firewall to its default state.

Device Control   

Device Control prevents sensitive data leakage and malware infections via external devices attached to endpoints. This is achieved through policy settings where you can configure blocking rules and exclusions, and then apply them to a vast range of device types. The administrator is responsible for managing permissions for the following types of devices:

Sandbox Analyzer   

The Sandbox Analyzer module provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files which are not yet identified by Bitdefender antimalware engines. Sandbox Analyzer employs an extensive set of proprietary technologies that executes payloads in a contained virtual environment hosted by Bitdefender, analyzes their behavior and reports any subtle system changes that are indicative of malicious intent.

Encryption 

The Encryption module provides full disk encryption, by managing BitLocker on Windows endpoints. You can encrypt and decrypt boot and non-boot volumes with minimal intervention from users, as GravityZone handles the entire process. Additionally, GravityZone stores the recovery keys needed to unlock volumes when the users forget their passwords.

EDR Sensor 

The EDR (Endpoint Detection and Response) Sensor collects, handles, and reports endpoint and application behavior data. Part of the information is processed locally, while a more complex set of data is reported to a back-end component of GravityZone.

PHASR 

PHASR provides a comprehensive view of your internal attack surface, helping reduce exposure by identifying and mitigating exploitable attack vectors within your environment.

Integrity Monitoring   

Integrity Monitoring reviews and validates changes made on Windows and Linux endpoints to assess the integrity of multiple entities. It operates based on default rules, which are provided by Bitdefender, and custom rules. Based on these rules, Integrity Monitoring takes action when events are generated for files, folders, registry entries, users, services, and installed software.

Patch Management   

Patch Management keeps the operating system and software applications up to date. This module includes several features, such as on-demand or scheduled patch scanning, automatic or manual patching, and reporting on missing patches.

Risk Management 

Risk Management helps you assess and harden your endpoints security configurations against industry best practices, to minimize the attack surface.

Live Search 

Live Search uses Osquery to retrieve event data and system statistics in real time from online endpoints using SQL-based queries.

Remote Shell 

This module provides interactive shell access, allowing you to remotely connect to an endpoint involved in an incident. You can run shell commands directly to mitigate threats or collect forensic data for analysis.