Getting started
Bitdefender Endpoint Security Tools is a fully-automated computer security program, managed remotely by your network administrator. Once installed, it protects you against all kinds of malware (such as viruses, spyware and trojans), network attacks, phishing and data theft. It can also be used to enforce your organization's computer and Internet use policies. Bitdefender Endpoint Security Tools will make most security-related decisions for you and will rarely show pop-up alerts. Details of actions taken and information about program operation are available in the Events timeline.
The System Tray icon
At installation time, Bitdefender Endpoint Security Tools places an icon in the system tray. If you double-click this icon, the main window will open. If you right-click the icon, a contextual menu will provide you with some useful options.

Show - opens the main window of Bitdefender Endpoint Security Tools.
About - opens a window with information about Bitdefender Endpoint Security Tools and states where to look for help in case of unexpected issues. This window also includes a link to Bitdefender privacy policy.
Language - allows you to change the user interface language.
Power User - allows you to access and modify security settings, after providing the password in the login window. Control Center is being notified when an endpoint is in Power User mode and the Control Center administrator can always overwrite local security settings.
Important
This option is available only if granted by the network administrator through policy settings.
This option is not available for Bitdefender Endpoint Security Tools for Windows Legacy.
The Bitdefender Endpoint Security Tools icon in the system tray informs you when issues affect your computer by changing the way it looks:
Critical issues affect the security of the system.
Some issues affect the security of the system.
Note
The network administrator can choose to hide the system tray icon.
The system tray icon is not available when using the EDR standalone protection model.
The main window
The main window of Bitdefender Endpoint Security Tools allows you to check the protection status and perform scan tasks. Everything is just a few clicks away. Protection configuration and management are performed remotely by your network administrator.
To access the main interface of Bitdefender Endpoint Security Tools, navigate from the Windows Start menu, following the path → → → or, quicker, double-click the Bitdefender Endpoint Security Tools icon in the system tray.

The window is organized into two main areas:
The Status area
The Status area offers useful information regarding the security of the system.
You can easily identify the current security status based on the status symbol displayed to the left of the status area:
Green check mark. There are no issues to fix. Your computer and data are protected.
Yellow exclamation mark. Non-critical issues are affecting the security of your system.
Red X mark. Critical issues are affecting the security of your system.
In addition to the status symbol, a detailed security status message is displayed to the right of the status area. You can see the detected security issues by clicking inside the status area. Existing issues will be fixed by your network administrator.
Events timeline
Bitdefender Endpoint Security Tools keeps a detailed log of events concerning its activity on your computer, including activities monitored by Content Control.
The Events timeline is an important tool in monitoring your Bitdefender protection. For instance, you can easily check if an update was successfully performed or if malware was found on your computer.
The Modules window
The Modules window displays useful information about the status and activity of the installed protection modules. To open the Modules window, click the Modules button main window.
Antimalware
Antimalware protection is the foundation of your security. Bitdefender Endpoint Security Tools protects you in real time and on demand against all sorts of malware, such as viruses, trojans, spyware, adware, etc.
On-Access. On-access scanning prevents new malware threats from entering the system by scanning local and network files when they are accessed (opened, moved, copied or executed), boot sectors and potentially unwanted applications (PUA).
HyperDetect. HyperDetect exposes advanced attacks and suspicious activities in the pre-execution stage. This layer of security contains machine learning models and stealth attack detection technology.
Advanced Threat Control. It continuously monitors applications running on the endpoint for malware-like actions. Advanced Threat Control will automatically try to disinfect the detected file.
Quarantine displays the list of quarantined files, their original path, quarantine action time and date and their security status. Use the buttons at the bottom to delete or restore the files you want. If you want to delete all files from the quarantine, click the Empty button.
Content Control
The Content Control module protects you while on the Internet against phishing attacks, fraud attempts, private data leaks, and inappropriate web content. It also includes a comprehensive set of user controls that help the network administrator enforce computer and Internet use policies.
Traffic Scan. This component prevents malware from being downloaded to the endpoint by scanning incoming emails and web traffic in real time. Outgoing emails are scanned to prevent malware from infecting other endpoints.
Application Blacklisting. This component prevents access to unauthorized applications in your company. The administrator is responsible for creating rules for the allowed applications in the organization.
Web Access Control. This component protects you from accessing dangerous websites based on administrator-defined rules.
Data Protection. This component prevents unauthorized disclosure of sensitive data based on administrator-defined rules.
Antiphishing. This component automatically blocks known phishing web pages to prevent users from inadvertently disclosing private or confidential information to online fraudsters.
Network Attack Defense. Network Attack Defense detects network attack techniques used to gain access on specific endpoints, such as brute-force attacks, network exploits and password stealers.
Firewall
The Firewall protects you while you are connected to networks and the Internet by filtering connection attempts and blocking suspicious or risky connections.
Device Control
It allows preventing sensitive data leakage and malware infections via external devices attached to endpoints, by applying blocking rules and exclusions via policy to a vast range of device types. The administrator is responsible for managing permissions for the following types of devices:
Bluetooth Devices
CDROM Devices
Floppy Disk Drives
IEEE 1284.4
IEEE 1394
Imaging devices
Modems
Tape Drives
Windows Portable
COM/LPT Ports
SCSI Raid
Printers
Network Adapters
Wireless Network Adapters
Internal and External Storage
Application Control
The Application Control module blocks unauthorized applications and processes from running on the endpoint. Application Control decreases the frequency and impact of malware incidents, reducing the attack surface and vulnerabilities by controlling the number of unwanted applications in your network.
Sandbox Analyzer
The Sandbox Analyzer module provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files which are not yet signed by Bitdefender antimalware engines. Sandbox Analyzer employs an extensive set of proprietary technologies to execute payloads in a contained virtual environment hosted by Bitdefender, analyze their behavior and report any subtle system changes that is indicative of malicious intent.
Volume Encryption
The Volume Encryption module allows you to provide full disk encryption by managing BitLocker on Windows machines. You can encrypt and decrypt boot and non-boot volumes, with just one click, while GravityZone handles the entire process, with minimal intervention from the users. Additionally, GravityZone stores the recovery keys needed to unlock volumes when the users forget their passwords.
EDR Sensor
The EDR (Endpoint Detection and Response) Sensor collects, handles, and reports endpoint and application behavior data. Some of the information is processed locally, while a more complex set of data is reported to a backend component of GravityZone.
The module generates a small footprint when it comes to network bandwidth usage and hardware resource consumption.
Patch Management
Patch Management keeps the operating system and software applications up to date. This module includes several features, such as on-demand / scheduled patch scanning, automatic/manual patching, or missing patch reporting.
Actions menu
To define or run a scan task, click the Actions button best_actions_menu_button.png to open the Actions menu. This is where you can also check for updates.
Uses in-the-cloud scanning to detect malware running in your system. Running a quick scan usually takes less than a minute and uses a fraction of the system resources of a regular virus scan.
Checks the entire computer for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.
Allows you to choose the locations to scan and to configure scan options.
If an update is detected, you will be asked to confirm it or the update will be performed automatically, depending on the update settings configured by you network administrator.
Viewing the product version and engines version in Bitdefender Endpoint Security Tools
This section describes how to find the product version and the engines version of Bitdefender Endpoint Security Tools for Windows.
To view the engines version:
Identify Bitdefender Endpoint Security Tools icon in System tray.
Once identified, right click the icon and select About.
View the current product version, the engines version, and the local date and time for the latest signatures update.
Changing the Bitdefender Endpoint Security Tools language
In order to change the language displayed and used by your locally installed BEST client, please follow the steps below:
Identify BEST icon in System Tray.
Once identified, right click the icon and select your desired language.
Please note that changing the language will restart the BEST client interface.