Troubleshooting
Full Disk Encryption on Microsoft Surface devices
This section describes how to troubleshoot Full Disk Encryption on Microsoft Surface devices.
Full Disk Encryption is a GravityZone feature designed to keep safe your sensitive data by providing central management of Windows BitLocker and macOS FileVault and diskutil.
Issue
When Full Disk Encryption is enabled on Microsoft Surface devices, the users may be repeatedly prompted to enter a PIN to start the encryption process. In this case, the PIN is not saved and the drives are not encrypted.
Solution
To address this issue, you have to enable BitLocker authentication for devices that lack keyboards in the preboot environment (such as tablets), in the Policy Group settings:
Open the Search box and execute gpedit.msc. The Local Group Policy Editor window shows up.
Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
Click to edit the setting Enable use of BitLocker authentication requiring preboot keyboard input on slates.
Select Enabled, click Apply, then click OK.
Additional information about Full Disk Encryption in GravityZone is available here.
Allow full disk access to Bitdefender Endpoint Security Tools in macOS Mojave (10.14) and later
Starting with macOS Mojave (10.14), Apple has introduced certain privacy protections that by default block applications’ access to specific system application folders and resources, such as Mail, Messages, Safari, Time Machine backups.
In order for Bitdefender Endpoint Security Tools to scan such protected folders, the user must allow full disk access for the BDLDaemon or BDLDaemon.app, and Bitdefender Endpoint Security Tools application files. Otherwise, modules such as Advanced Threat Control, Antimalware On-Access, and Endpoint Detection and Response do not work properly. The Bitdefender Endpoint Security Tools user interface will show a critical issue until access is granted.
Issue
On systems running macOS Mojave (10.14), the Bitdefender Endpoint Security Tools user interface displays a critical issue prompting the user to add the following application files to the Full Disk Access list in the Security & Privacy > Privacy.
On macOS Mojave (10.14) and Catalina (10.15), the following files require full disk access:
BDLDaemon
EndpointSecurityforMac.app
On macOS Big Sur (11.x) and later, the following files require full disk access:
BDLDaemon.app
EndpointSecurityforMac.app
Note
In case of a network with various macOS versions, it is recommended to allow all BDLDaemon, BDLDaemon.app, and EndpointSecurityforMac.app files.
The path to these files is /Library/Bitdefender/AVP for the version 7.4 of the product and /Library/Bitdefender/AVP/product/bin/EndpointSecurityforMac.app for the version 7.6.
Solution
To allow full disk access to the Bitdefender Endpoint Security Tools files and fix the issue:
In the View Issues window, click the Open Privacy button to go to the Security & Privacy window > Privacy tab > Full Disk Access folder.
Click the lock to make changes and enter an administrator password.
Click the + button to manually add the EndpointSecurityforMac.app, BDLDaemon and BDLDaemon.app files to the Full Disk Access list.
Note
The above steps apply for Bitdefender Endpoint Security Tools 4.4.85.179550 and later.
To be fully functional, Bitdefender Endpoint Security Tools also requires kernel extension approval in macOS High Sierra (10.13), Mojave (10.14), and Catalina (10.15). For details, refer to this topic.
In macOS Big Sur (11.x), Apple replaced kernel extensions with a new generation of system extensions. To accommodate this change, Bitdefender Endpoint Security Tools requires additional approvals from users. For details, refer to this topic.
For details on how to configure Jamf Pro for macOS Big Sur 11.0 and later, including system extensions, traffic proxy and full disk access, refer to this topic.