Skip to main content

Getting started

Bitdefender Endpoint Security Tools is a fully automated computer security program, managed remotely by your network administrator. After installation, it protects you against malware (such as viruses, spyware and Trojans), network attacks, phishing and data theft. It can also be used to enforce your organization's computer and internet use policies. Bitdefender Endpoint Security Tools makes most security-related decisions for you and displays pop-up alerts. Details of actions taken and information about program operation are available in the Events timeline.

The System Tray icon

During the installation process, Bitdefender Endpoint Security Tools places an icon B_icon.PNG in the system tray. If you double-click this icon, the main window is displayed. If you right-click the icon, a contextual menu provides the following options:

  • Show - opens the main window of Bitdefender Endpoint Security Tools.

  • About - opens a window with information about Bitdefender Endpoint Security Tools and indicates where to look for help in case of unexpected issues. This window also includes a link to Bitdefender privacy policy.

  • Language - sets the language for the user interface.

  • Power User - provides access to security settings, after you log in. Control Center is notified whenever an endpoint is in Power User mode and the Control Center administrator can always overwrite local security settings.


    This option is available only if granted by the network administrator through policy settings.

    This option is not available for Bitdefender Endpoint Security Tools for Windows Legacy.

The Bitdefender Endpoint Security Tools icon in the system tray informs you when issues affect your computer, by changing its design:

  • B_-icon_Critical.png Critical issues affect the security of the system.

  • B_icon_at_risk2.PNG Non-critical issues affect the security of the system.


The network administrator can choose to hide the system tray icon.

The system tray icon is not available when using the EDR standalone protection model.

The main window

The main window of Bitdefender Endpoint Security Tools is where you check the protection status and perform scan tasks. Everything is just a few clicks away. Protection configuration and management are performed remotely by your network administrator.

To access the main interface of Bitdefender Endpoint Security Tools, navigate from the Windows Start menu, through Start > All Programs > Bitdefender Endpoint Security Tools > Open Security Console or, quicker, double-click the Bitdefender Endpoint Security Tools B_icon.PNG icon in the system tray.


The window is organized into two main areas:

  • The Status Area

  • Events Timeline

The Status area

The Status area offers useful information regarding the security of the system.


You can easily identify the current security status based on the status symbol displayed to the left of the status area:

  • Green check mark. There are no issues to fix. Your computer and data are protected.

  • Yellow exclamation point. Non-critical issues are affecting the security of your system.

  • Red X mark. Critical issues are affecting the security of your system.

In addition to the status symbol, a detailed security status message is displayed to the right of the status area. You can see the detected security issues by clicking inside the status area. Existing issues are fixed by your network administrator.

Events timeline

Bitdefender Endpoint Security Tools keeps a detailed log of events concerning its activity on your computer, including activities monitored by Content Control.


The Events timeline is an important tool in monitoring your Bitdefender protection. For instance, you can easily check if an update was successfully performed or if malware was found on your computer.

The Modules window

The Modules window displays useful information about the status and activity of the installed protection modules. To open the Modules window, click the Modules button Modules_icon.PNG in the main window.



Antimalware protection is the foundation of your security. Bitdefender Endpoint Security Tools protects you in real time and on demand against malware, such as viruses, Trojans, spyware, adware, etc.

  • On-Access scanning prevents new malware threats from entering the system by scanning local and network files when they are accessed (opened, moved, copied or executed), boot sectors and potentially unwanted applications (PUA).

  • HyperDetect exposes advanced attacks and suspicious activities in the pre-execution stage. This layer of security contains machine learning models and stealth attack detection technology.

  • Advanced Threat Control continuously monitors applications running on the endpoint for malware-like actions. Advanced Threat Control automatically tries to clean detected files.

  • Quarantine displays the list of quarantined files, their original path, quarantine action time and date and their security status. Use the buttons at the bottom to delete or restore the files you want. If you want to delete all files from the quarantine, click the Empty button.


Content Control

The Content Control module protects you while on the internet against phishing attacks, fraud attempts, private data leaks, and inappropriate web content. It also includes a comprehensive set of user controls that help the network administrator enforce computer and internet use policies.

  • Traffic Scan prevents malware from being downloaded on the endpoint by scanning incoming emails and web traffic in real time. Outgoing emails are scanned to prevent malware from infecting other endpoints.

  • Application Blacklisting prevents access to unauthorized applications in your company. The administrator is responsible for creating rules for the allowed applications in the organization.

  • Web Access Control protects you from accessing dangerous websites based on administrator-defined rules.

  • Data Protection prevents unauthorized disclosure of sensitive data based on administrator-defined rules.

  • Antiphishing automatically blocks known phishing web pages to prevent users from inadvertently disclosing private or confidential information to online fraudsters.

  • Network Attack Defense detects network attack techniques used to gain access to specific endpoints, such as brute force attacks, network exploits, and password stealers.


The Firewall protects you while you are connected to networks and the internet by filtering connection attempts and blocking suspicious or risky connections.

Device Control

Device Control prevents sensitive data leakage and malware infections via external devices attached to endpoints. This is achieved through policy settings where you can configure blocking rules and exclusions, and then apply them to a vast range of device types. The administrator is responsible for managing permissions for the following types of devices:

  • Bluetooth Devices

  • CDROM Devices

  • Floppy Disk Drives

  • IEEE 1284.4

  • IEEE 1394

  • Imaging devices

  • Modems

  • Tape Drives

  • Windows Portable

  • COM/LPT Ports

  • SCSI Raid

  • Printers

  • Network Adapters

  • Wireless Network Adapters

  • Internal and External Storage

Application Control

The Application Control module blocks unauthorized applications and processes from running on the endpoint. Application Control decreases the frequency and impact of malware incidents, reducing the attack surface and vulnerabilities, by controlling the number of unwanted applications in your network.

Sandbox Analyzer

The Sandbox Analyzer module provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files which are not yet identified by Bitdefender antimalware engines. Sandbox Analyzer employs an extensive set of proprietary technologies that executes payloads in a contained virtual environment hosted by Bitdefender, analyzes their behavior and reports any subtle system changes that are indicative of malicious intent.

Volume Encryption

The Volume Encryption module provides full disk encryption, by managing BitLocker on Windows endpoints. You can encrypt and decrypt boot and non-boot volumes with minimal intervention from users, as GravityZone handles the entire process. Additionally, GravityZone stores the recovery keys needed to unlock volumes when the users forget their passwords.

EDR Sensor

The EDR (Endpoint Detection and Response) Sensor collects, handles, and reports endpoint and application behavior data. Part of the information is processed locally, while a more complex set of data is reported to a back-end component of GravityZone.

The module generates a small footprint when it comes to network bandwidth usage and hardware resource consumption.

Patch Management

Patch Management keeps the operating system and software applications up to date. This module includes several features, such as on-demand or scheduled patch scanning, automatic or manual patching, and reporting on missing patches.

Actions menu

To define or run a scan task, click the best_actions_menu_button.png Scan Tasks button. This is where you can also check for updates.

  • Quick scan

    Uses in-the-cloud scanning to detect malware running on your endpoint. Running a quick scan usually takes less than a minute and uses a fraction of the local resources of a regular virus scan.

  • Full scan

    Checks the entire system for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.

  • Custom scan

    Allows you to choose the locations to scan and to configure scan options.

  • Check for updates

    If an update is detected, you are asked to confirm it, or the update will perform automatically, depending on the update settings configured by your network administrator.

Viewing the product version and security content version in Bitdefender Endpoint Security Tools

This section describes how to find the product version and the security content version of Bitdefender Endpoint Security Tools for Windows.

To view these details:

  1. Right-click on the Bitdefender Endpoint Security Tools icon in the system tray.

  2. Select About.

  3. View the current product version, the security content version, and the local date and time for the latest signatures update.


Changing the display language of Bitdefender Endpoint Security Tools

To change the language displayed and used by your locally installed BEST client, follow these steps:

  1. Right-click the BEST icon in the system tray.

  2. Select your desired language.

    Available languages:

    • English

    • Spanish

    • German

    • French

    • Romanian

    • Polish

    • Portuguese

    • Italian

    • Russian

    • Czech

    • Chinese

    • Vietnamese

    • Turkish

    • Korean

    • Japanese



    Changing the language will restart the BEST client interface.