Skip to main content


BEST for Linux transition to version 7 FAQ

In the context of today's constantly changing security needs, Bitdefender strives to provide top of the line, innovative solutions for diverse environments and markets.

To that end, we are pleased to announce that a new kernel-independent version of BEST for Linux will be available starting the 31st of July. This release brings a variety of new features, benefits and improvements including advanced prevention and detection technologies specifically designed to work against Linux oriented attacks. Additionally, due to no longer being reliant on kernel, we have eliminated all Linux version compatibility issues.

After release, all new deployments on Linux will install version 7. For a limited period, you will still be able to keep or install the legacy version of BEST, particularly to protect distributions that are not supported by the new technology or to use features that are not yet available in the new package. Any upgrades from version 6 to 7 must be performed manually. Additionally, we will provide an installation package if you want to switch back to version 6.


For more information on the BEST for Linux timeline, refer to this article.

For more information, read the FAQ below.

Bitdefender Endpoint Security Tools (BEST) for Linux v7 combines server workload EDR with Linux exploit detection, and detailed threat hunting from historical security alerts and events.  

This modern security stack for Linux servers and containers stands out from existing solutions through its security efficacy, incident fidelity and enhanced event correlation. 

The new security stack removes kernel dependencies, allowing the upgrade of Linux kernels without fear of business interruption. Update safety has been improved by protecting server workloads and containerized applications/services during updates.

The new version brings new features, benefits and improvements:


  • Security incident reporting now includes platform or orchestrator context.

  • Threat hunting, digital forensics, incident response.

  • A new anti-exploit module.

  • Packaged either as a regular Linux (deb, RPM) package or as a container.

Benefits and improvements

  • Greatly expanded platform compatibility to all Enterprise Linux distributions and cloud native Linux distributions.

  • Kprobes now used to transmit notifications instead of Kernel providing increased security and stability.

BEST for Linux v7 will become available on the 31st of July.

Any new BEST for Linux install will deliver the new version 7 by default. All instances already installed will keep their current version 6.

Two packages are now available:

  • The agent package – this will deploy a BEST for Linux agent directly on an endpoint or host.

  • The Security Container package – this will create a new container and will deploy a Security Container instance on it. This will provide protection to both the host and its managed containers.

The Security Container package is designed specifically to provide security to orchestrated environments.

Only one package should be deployed on a host at any given time.

In the first week of April, In the first week of April, Bitdefender will start automatic migration of BEST for Linux from v6 to v7. To get more information refer to BEST for Linux automatic migration FAQ.

As of version feature parity between versions 6 and 7 has been achieved.

You can keep using version 6 until the functionality has been added to the new version 7.

  • Ubuntu 16.04 LTS or higher

  • Red Hat Enterprise Linux 7 or higher

  • Oracle Linux 7 or higher

  • CentOS 7 or higher

  • SUSE Linux Enterprise Server 12 SP4 or higher

  • openSUSE Leap 15.2

  • Debian 9 or higher

  • Amazon Linux 2

For Containers

  • Google COS

If your current Linux distribution version is supported by version 6 continue using it until the compatibility has been added to the new version.

If neither version supports your current Linux distribution version open a feature request by contacting support.

The following infrastructure is supported:

  • Amazon ECS, except serverless deployments

  • Amazon EKS

  • Google GKE

  • Docker

  • Podman

  • Kubernetes

  • Azure AKS

Uninstall the current version of BEST for Linux from the endpoint and manually install BEST for Linux version 6.

Yes. You can have both versions on your network at the same time.

There are multiple methods of displaying the currently installed version:

  • Go to the Network screen and select the Protection tab.

  • Run an Update Status report from the Reports screen.

  • Check if the package bitdefender-security-tools is installed on the target endpoint.