Skip to main content


Updates are very important as they allow countering the latest threats. Bitdefender publishes all product and security content updates through the Bitdefender servers on the Internet. All updates are encrypted and digitally signed so that they cannot be tampered with.

Update process flow

  1. When a new update is available, the Bitdefender security agent checks the digital signature of the update for authenticity, and the contents of the package for integrity.

  2. Next, each update file is parsed and its version is checked against the installed one.

  3. Newer files are downloaded locally and checked against their MD5 hash to make sure they are not altered.

In this section, you can configure the Bitdefender security agent and security content update settings.


Product Update

Bitdefender security agent automatically checks for, downloads and installs updates every hour (default setting).

Automatic updates are performed silently in the background.

  • Recurrence - To change the automatic update recurrence, choose a different option from the menu and configure it according to your needs in the subsequent fields.

  • Postpone reboot - Some updates require a system restart to install and work properly. By default, the product will keep working with the old files until the computer is restarted, after which it will apply the latest updates.

    A notification in the user interface will prompt the user to restart the system whenever an update requires it.

    It is recommended to leave this option enabled, otherwise, the system will automatically reboot after installing an update that requires it.

    Users will be notified to save their work, but the reboot cannot be canceled.

    • If you choose to postpone reboot, you can set a convenient time when computers will reboot automatically if (still) needed. This can be very useful for servers.

      • Select If needed, reboot after installing updates and specify when it is convenient to reboot (daily or weekly on a certain day, at a certain time of day).

    • For more control over when changing the configuration and updating the staging process, you can configure the BEST agent on your Linux machines to execute EDR kernel module updates via Product Update.

Security Content Update

Security content refers to static and dynamic means of detecting threats, such as, but not limited to, scan engines, machine learning models, heuristics, rules, signatures, and blacklists.

Bitdefender security agent automatically checks for security content update every hour (default setting). Automatic updates are performed silently in the background.

To change the automatic update recurrence, choose a different option from the menu and configure it according to your needs in the subsequent fields.


Security content updates are automatically performed with each product update to ensure optimal performance.

Update Locations

Bitdefender security agent’s default update location is


Update locations and are used as a fallback.

  1. Add an update location either by choosing the predefined locations from the drop-down menu or by entering the IP or hostname of one or several update servers in your network.

  2. Configure their priority using the up and down buttons displayed on mouse-over. If the first update location is unavailable, the next one is used.

  3. To set a local update address, enter the address of the update server in the Add location field.

    You can:

    • Choose a predefined location:

      • Relay Servers - The endpoint will automatically connect to its assigned Relay Server. You can check the assigned Relay Server in the Information window. For more details refer to Viewing Computer Details.


        Relay Servers are not supported on legacy operating systems.

      • - This is the Bitdefender default update location, from where Bitdefender delivers updates.

        This update location should always remain the last option in the list.


    Disabling the fallback location will stop automatic updates, leaving your network vulnerable when the provided locations are unavailable.

  4. If client computers connect to the local update server through a proxy server, select Use Proxy.

  5. Click the add_inline.png Add button.

  6. Use the up-arrow.png Up / down-arrow.png arrows in the Action column to set priority of defined update locations. If the first update location is not available, the next one is taken into account.

  7. To remove a location from the list, click the corresponding delete_inline.png Delete button. Although you can remove the default update location, this is not recommended.

Update Ring

You can roll out product updates in phases, using update rings:

  • Fast Ring. The machines with a fast ring policy will receive the newest available updates. This setting is recommended for the non-critical machines in production.

  • Slow Ring. The endpoints with a Slow ring policy will receive updates at a later date, depending on the response received from the Fast ring endpoints. It is a precautionary measure in the update process. This is the default setting.


In the unlikely event that an issue occurs on the fast ring on machines with a particular configuration, it will be fixed before the Slow ring update.

BEST for Windows Legacy does not support staging. The legacy endpoints on staging location must be moved to the production location.