Skip to main content

Security management

In GravityZone, you can use security policies and perform tasks to protect your network inventory. On this page, you learn what are policies and tasks, and why they are important to you as GravityZone user.

Further, this documentation section covers the following topics:

  • Policy flow management in GravityZone (create, configure, assign policies etc,).

  • Major GravityZone features that you enable through policies, but you operate them mostly outside policies. Such features refer to EDR/XDR, ERA, Integrity Monitoring, and the quarantine.

  • Best practices and troubleshooting articles on GravityZone features enabled through policies.

See the list with specific topics at the end of this page.

Understanding security policies

The Bitdefender protection can be configured and managed from Control Center using security policies. A policy specifies the security settings to be applied on computers.

Immediately after installation, network inventory objects are assigned with the default policy, which is preconfigured with the recommended protection settings. You cannot modify or delete the default policy. You can only use it as a template for creating new policies.

You can create as many policies as you need based on security requirements. A different approach is to create separate policies for each of your customer networks.

This is what you need to know about policies:

  • Policies are created in the Policies page and assigned to network objects from the Network page.

  • Policies can inherit several modules settings from other policies.

  • You can configure policy assignment to endpoints so that a policy can apply at all times or only in certain conditions, based on the location of the endpoint. Therefore, an endpoint can have more policies assigned.

  • Endpoints can have one active policy at a time.

  • You can assign a policy to individual endpoints, to groups of endpoints, or to companies. When assigning a policy, you will also define the policy inheritance options. By default, each endpoint inherits the policy of the parent group.

  • Policies are pushed to target network objects immediately after creating or modifying them. Settings should be applied to network objects in less than a minute (provided they are online). If a network object is not online, settings will be applied as soon as it gets back online.

  • The policy applies only to the installed protection modules.

  • The Policies page displays only the following types of policies:

    • Policies created by you.

    • Other policies (such as default policy or templates created by other users) which are assigned to endpoints under your account.

  • You cannot edit policies created by other users (unless the policy owners allow it from the policy settings), but you can override them by assigning the target objects a different policy.

  • Computers under a company account can be managed through policies both by the company administrator and by the partner who created the account. Policies created from the partner account cannot be edited from the company account.

Warning

Only the supported policy modules will apply to target endpoints.

On Amazon EC2 instances, only Antimalware, Advanced Threat Control and Device Control modules are supported.

Policies page

You can view and manage policies in the Policies page.

policies-page-cloud.png

The table presents current policies, showcasing details such as:

  • Policy name.

  • Policy owner.

  • Date and time when the policy was last modified.

  • The company to which the user who created the policy belongs.

To customize the policy details displayed in the table:

  1. Click the Columns button at the right side of the Action Toolbar.

  2. Select the columns you want to view.

  3. Click the Reset button to return to the default columns view.

You can sort the available policies and search for certain policies using the available criteria.

Understanding tasks

In addition to security policies, you can use tasks in the Network page to perform remote operations on endpoints. For example, by using tasks you can run antimalware scans, add or remove protection modules on the security agents installed on endpoints, or install, repair, uninstall and update the security agents themselves at any time.

This is what tasks you can perform on endpoints in the Network page:

For details on how you configure and perform tasks, refer to this section. Once tasks are created, you can monitor their progress in the Network > Tasks page.