Skip to main content

Best practices

Creating custom MAC address pools in Hyper-V

This section describes how to create custom MAC address pools in Hyper-V.

Using Hyper-V Dynamic MAC Address Regeneration can change the MAC address of a virtual machine which can lead to duplicate machines in the Control Center.

To avoid this issue, a custom MAC address pool can be created by following these steps:

  1. Open the Fabric workspace.

  2. On the Fabric pane, select Networking and click on MAC Address Pools.

  3. On the Home tab, click on Fabric Resources.

  4. On the Home tab, Create group, click on Create MAC Pool.

  5. In Name and Host Group, populate the fields and click Next.

  6. In MAC Address Range, specify the beginning and ending MAC address.

  7. On the Summary page, confirm the settings and click Finish. Close the dialog box, after the status has changed to Completed.

Understanding Network discovery

This section explains how GravityZone Control Center displays all your company's computers in Network inventory.

GravityZone includes an automatic network discovery mechanism intended to detect workgroup computers.

Security for Endpoints relies on the Microsoft Computer Browser service to perform network discovery. The Computer Browser service is a networking technology used by Windows-based computers to maintain updated lists of domains, workgroups, and the computers within them and to supply these lists to client computers upon request. Computers detected in the network by the Computer Browser service can be viewed by running the net view command in a Command Prompt window.

30203_1.png

To enable Network Discovery, you must have the Bitdefender security agent already installed on at least one computer in the network. This computer will be used to scan the network.

You can enable the automatic network discovery by selecting the Automatic Discovery of new endpoints check box in Relay > Communication section of the policy settings.

network-discovery-enable.png

Activating this option determines the relays to perform the Network discovery task every 4 hours.

This option is disabled by default for new GravityZone users. For existing custom policies, the option remains enabled.

In order to successfully discover all the computers (servers and workstations) that will be managed from Control Center, the following are required:

  • Computers must be joined in a workgroup or domain and connected via an IPv4 local network. Computer Browser service does not work over IPv6 networks.

  • Several computers in each LAN group (workgroup or domain) must be running the Computer Browser service. Primary Domain Controllers must also run the service.

  • NetBIOS over TCP/IP (NetBT) must be enabled on computers. Local firewall must allow NetBT traffic.

  • File sharing must be enabled on computers. Local firewall must allow file sharing.

  • A Windows Internet Name Service (WINS) infrastructure must be set up and working properly.

  • For Windows 7 and later, Network discovery must be turned on (Control Panel > Network and Sharing Center > Change Advanced Sharing Settings).

    To be able to turn on this feature, the following services must first be started:

    • DNS Client

    • Function Discovery Resource Publication

    • SSDP Discovery

    • UPnP Device Host

  • In environments with multiple domains, it is recommended to set up trust relationships between domains so that computers can access browse lists from other domains.

Computers from which Endpoint Security queries the Computer Browser service must be able to resolve NetBIOS names.

Note

The Network discovery mechanism works for all supported operating systems, including Windows Embedded versions, provided the requirements are met.

Delete stale endpoints in GravityZone Control Center

This topic describes how to delete stale endpoints in GravityZone Control Center.

  1. Log in to GravityZone Control Center.

  2. Go to Network > Filters.

  3. Under Entity type, select the Physical machines and Virtual Machines checkboxes.

  4. Select All items recursively.

  5. Click Save.

    The Network page will display all available endpoints.

    Note

    The endpoints that have not performed a security update in the past 24 hours or more appear as having issues. This happens because the endpoints are offline.

  6. Click the Last Seen column header to view the endpoints in descending order. The endpoints that have been offline the longest are displayed at the top of the list.

  7. Select the checkboxes corresponding to the endpoints you want to delete.

  8. Click Delete at the top of the page. Following this action, the following will happen:

    • For endpoints that are not part of any integrated infrastructure (Active Directory, Amazon EC2, vCenter, Xen etc.):

      1. The endpoint is moved to the Deleted folder.

      2. An uninstall task is created for managed endpoints only. Unmanaged ones are moved to the Deleted folder. Use the Managed endpoints smart view to filter accordingly.

        • You can view the task in the Network > Tasks page.

        • The task will be pending for 72 hours, after which it will expire if the endpoint does not receive it (for example, if the endpoint does not come back online).

        • You can delete the task in the Network > Tasks page.

      3. A license seat is released. If the endpoint comes online again, it will remain in the Deleted folder with the modules of the security agent expired.

        You can check the licensing information in the My Company page.

    • For endpoints that are part of Active Directory or other integrated infrastructure:

      1. The endpoint is not moved to the Deleted folder, but becomes unmanaged in the Network inventory.

      2. An uninstall task is not created.

      3. A license seat is released.

        If the endpoint comes back online, it will be licensed again.

Using smart views in Network

Smart Views allow you to create persistent, filtered views of network inventory data based on selected parameters. These views can be saved for reuse, eliminating the need to manually reapply filters each time.

You can update existing views, save new ones, and organize them for quick access using the Saved and Favorites sections. The search function supports partial name matching to help locate specific views quickly, though wildcard characters are not supported.

This feature is useful for maintaining visibility into specific subsets of endpoints or configurations in complex environments.

Smart views are displayed in the left-side panel on the Network page, under the tree view.

To create a customized smart view, follow these steps:

  1. In the table, select the filters you need, then click Apply on each one to activate them. For example, filter by: Entity type, Security issues, Role, Endpoint type and Management status.

    Network_smart_views_filters.png

    Note

    Any change brought to a specific smart view allows you to save, overwriting the existing view excepting default views, or save as which offers you the possibility to save a new custom view.

  2. To view data based on a specific column, click on open_settings_columns.png  Settings. This will show all the columns available.

    Network_all_columns.png

  3. Once the table updates with the filtered data, click Save as in the top right of the page.

    Network_smart_views_save-as.png

  4. Enter a clear name for the view — e.g., “My smart view”.

    Network_smart_views_save_view.png

  5. Save your view. Your view will be visible on the left side panel, in the Saved category.

    Network_smart_views.png

Note

If you want to overwrite certain settings created on a specific smart view, click Save in the top right of the page.

The search in Smart views is dynamic, meaning that you can search for an item only by typing any string of characters contained in its name. For example, type gen or era to find a smart view named General view.

Network_smart_views_search.png

Note

Search in Smart views does not support wildcards.

Smart views can be found under the Tree view in the Saved section.

Finding endpoints with active security issues using smart views

To identify all endpoints in your network that are currently having security issues and prioritize them for investigation or remediation, follow these steps:

  1. Use the smart views located in the left-side panel under the tree view.

  2. Under Saved, in the Security issues category, select the With security issues smart view.

    smart_views_issues.png

    All entities having security issues are now shown in the network table.

    Note

    Creating a view with the entire root structure is not recommended. The data may be extensive depending on the number of entities, so it might take time to populate the table.

  3. To drill down further, use the filters and select the specific entity type you're interested in, such as "Virtual machines".

    Filters_vm.png

  4. Click Apply to update the table with filtered results.

  5. Once the table updates with the filtered data, click Save as in the top right of the page.

    Network_smart_views_save-as.png

  6. Enter a clear name for the view, for example “Windows machines with security issues”.

    Save_as_smart_view_vm.png
In this section: