Skip to main content


Best practices

Creating custom MAC address pools in Hyper-V

This section describes how to create custom MAC address pools in Hyper-V.

Using Hyper-V Dynamic MAC Address Regeneration can change the MAC address of a virtual machine which can lead to duplicate machines in the Control Center. To avoid this issue, a custom MAC address pool can be created:

  1. Open the Fabric workspace.

  2. On the Fabric pane, select Networking and click on MAC Address Pools.

  3. On the Home tab, click on Fabric Resources.

  4. On the Home tab, Create group, click on Create MAC Pool.

  5. In Name and Host Group, populate the fields and click Next.

  6. In MAC Address Range, specify the beginning and ending MAC address.

  7. On the Summary page, confirm the settings and click Finish. Close the dialog box, after the status has changed to Completed.

Understanding Network discovery

This section explains how GravityZone Control Center displays all your company's computers in Network inventory.

GravityZone includes an automatic network discovery mechanism intended to detect workgroup computers.

Security for Endpoints relies on the Microsoft Computer Browser service to perform network discovery. The Computer Browser service is a networking technology used by Windows-based computers to maintain updated lists of domains, workgroups, and the computers within them and to supply these lists to client computers upon request. Computers detected in the network by the Computer Browser service can be viewed by running the net view command in a Command Prompt window.


To enable network discovery, you must have the Bitdefender security agent already installed on at least one computer in the network. This computer will be used to scan the network.

In order to successfully discover all the computers (servers and workstations) that will be managed from Control Center, the following are required:

  • Computers must be joined in a workgroup or domain and connected via an IPv4 local network. Computer Browser service does not work over IPv6 networks.

  • Several computers in each LAN group (workgroup or domain) must be running the Computer Browser service. Primary Domain Controllers must also run the service.

  • NetBIOS over TCP/IP (NetBT) must be enabled on computers. Local firewall must allow NetBT traffic.

  • File sharing must be enabled on computers. Local firewall must allow file sharing.

  • A Windows Internet Name Service (WINS) infrastructure must be set up and working properly.

  • For Windows 7 and later, network discovery must be turned on (Control Panel > Network and Sharing Center > Change Advanced Sharing Settings).

    To be able to turn on this feature, the following services must first be started:

    • DNS Client

    • Function Discovery Resource Publication

    • SSDP Discovery

    • UPnP Device Host

  • In environments with multiple domains, it is recommended to set up trust relationships between domains so that computers can access browse lists from other domains.

Computers from which Endpoint Security queries the Computer Browser service must be able to resolve NetBIOS names.


The network discovery mechanism works for all supported operating systems, including Windows Embedded versions, provided the requirements are met.

Move endpoints between companies

Company administrators can move endpoints between the companies they manage by dragging and dropping endpoints in the Network screen. This option is only available for MSP resellers. You can move endpoints from a company to another company in the same cloud server

How it works

  • You need to select one or more endpoints from the Network screen and drag and drop them under a folder in another company. Please note:

    • You can simultaneously have multiple move endpoints tasks run in parallel (as long as you are moving different endpoints in each task).

    • You have to select each endpoint individually; you cannot select and move folders.

    • Mailboxes associated to an exchange server that has been moved will be billed twice

    • You  can move endpoints from multiple companies in a single task

  • A pop-up window will appear after dropping the endpoints into a folder. This will:

    • Notify you of the endpoints you are about move (it will display up to five individual endpoints; if more it will just display the number being moved)

    • The origin and destination companies (limited to five as well)

    • If there are any issues in moving any of the endpoints.

  • After confirming the move:

    • An icon will appear next to the endpoint indicating that it is being moved

    • A task will be created that will show the progress of the process:

      • pending (the task is assigned, but not running)

      • in progress (the task is running on the endpoint)

      • finished (the task is finished in the endpoint)

  • After being moved:

    • The task will be updated, showing:

      • The status of the move for each endpoint (Failed or Finished)

      • Details regarding the move (click on each endpoint in the list for specific details):

        • Source and destination companies

        • Start and end date

        • Error messages received if any of the endpoints failed to move

    • In the source company, the endpoints will:

      • Be offline, managed and marked as moved

      • No longer use license seats (this is currently a known issue, the seats in the source company are used until the end of the month)

      • Not be eligible for any further actions taken from the source company

      • No longer generate new events

      • No longer have their details updated by new events

    • In the destination company the endpoints will:

      • Use license seats

      • Trigger billing in the destination company

      • The payment for the moved endpoints for the current month will be attributed to the destination company. Only add-ons activated for the destination company will be taken into consideration. The details will be available in the Monthly License report.

      • Receive the policy that is assigned to the folder where it is moved

      • Generate new events

      • Have their details updated by new events.

Known issues

  • There may be a delay between finishing the move endpoint task and the endpoints appearing in the Network screen.

  • There may be a delay between finishing the move endpoint task and the endpoints no longer showing the moving state in the source company.

  • Moving an endpoint back to a previous company will place it in its original folder, regardless of where you drop it. 

  • License slots will remain consumed for the rest of the month (in the source company)

Frequently asked questions

Will the history of the endpoint also be available in the new company?

No, but it will still be available in the source company after being moved.

Will user activity show who has performed a move endpoint task?


Can I move relays?


What will happen with the endpoints linked to a relay once the relay has been moved?

The relay will continue to communicate with the endpoints, and will remain configured in policies and packages.

When moving an endpoint to a new company, will it still be connected to its relay if the relay has not been moved?

Yes, if the endpoint can still connect to GravityZone Cloud only through that relay

Does an endpoint need to be online for you to initiate a move task?

No, the move will be initiated when the endpoint comes online. If this does not happen in 48 hours, the task will fail.

For troubleshooting information, see Moving endpoints between companies - error messages.

Delete stale endpoints in GravityZone Control Center

This topic describes how to delete stale endpoints in GravityZone Control Center (cloud-based platform).

  1. In the Control Center left-side menu, go to Network.

  2. In the upper-side of the screen, click Filters.

  3. Under Type, select the Computers and Virtual Machines check boxes.

  4. Under Depth, select All items recursively.

  5. Click Save.

    The right-side pane of the Network page will display all available endpoints. The endpoints that have not performed a security update in the past 24 hours or more appear as having issues (because they were offline).

  6. Click the Last Seen column header to view the endpoints in descending order. The endpoints that have been offline the longest are displayed at the top of the list.

  7. Select the check boxes corresponding to the endpoints you want to delete.

  8. Click Delete in the action toolbar at the top of the screen.

Following the delete action, this is what happens with the endpoints:

  • For endpoints that are not part of any integrated infrastructure (Active Directory, Amazon EC2, vCenter, Xen etc.):

    • The endpoint is moved to the Deleted folder.

    • An uninstall task is created.

      • You can view the task in the Network > Tasks page.

      • The task stays in pending for 72 hours, after which it will expire if the endpoint does not receive it (for example, the endpoint does not come back online).

      • You can delete the task in the Network > Tasks page.

    • A license seat is released. If the endpoint comes online again, it will remain in the Deleted folder with the modules of the security agent expired.

      You can check the licensing information in the My Company page, under Welcome, [your username] menu at the upper right corner of the screen.

  • For endpoints that are part of Active Directory or other integrated infrastructure:

    • The endpoint is not moved to the Deleted folder, but becomes unmanaged in the Network inventory.

    • An uninstall task is not created.

    • A license seat is released.

      If the endpoint comes back online, it will be licensed again.