The files used by BEST for Linux when EDR is enabled through AuditD now revert to default when no longer needed. This occurs when EDR is disabled or when kprobes are used instead of AuditD.

Fixed an issue causing security updates to fail and increase CPU usage in certain situations.

Security fixes

The Network Attack Defense module is now available for Linux. Learn more

EDR Custom rules are now applicable to endpoints with BEST for Linux v7.

BEST for Linux v7 is now compatible with the following distributions:

Added support for the Amazon Linux 2 5.10.x and 5.15.x kernel versions.

Antimalware engines are no longer loaded when on-access scanning is disabled. This feature does not apply to endpoints where the Container Protection module is installed.

The Security Telemetry feature now properly displays the connection status to the telemetry servers.

BEST for Linux no longer causes high CPU usage when EDR is enabled.

Fixed issue causing servers with BEST for Linux to freeze. This was caused by resetting the firewall while using central scan with a hybrid fallback.

Using BEST for Linux with AuditD on systems running on Red Hat Enterprise Linux Server 6.7 no longer causes high resource usage.

Closing BEST for Linux v7 now properly terminates the active instance of the program.

Fixed issue causing BEST for Linux v7 to gradually increase RAM usage over time.

Starting or stopping Network Attack Defense will reset all active connection done through ports 21 and 22.

On-Demand scanning tasks with low priority no longer cause high CPU usage.

Assignment rules based on location now properly apply policies to the target IP addresses.

Quarantined items are now automatically removed as per the policy configuration.

Reduced memory consumption in certain scenarios where EDR is active.

Optimized the error logging and update mechanisms.

Fixed an issue causing slow product initialization.

Linux machines integrated into Active Directory are now being properly detected and appear under the GravityZone console.

Applying policies no longer generates unnecessary EDR related events causing high CPU usage. This was occurring due to EDR events remaining active while the EDR Sensor was disabled and Advanced Anti-Exploit remained enabled.

The bdsecd process used for debug logging no longer causes high CPU usage

All events are now being sent to Splunk servers.

Event submissions to Splunk servers currently fail without a fully signed SSL certificate.

Patch Management is now available for BEST for Linux. You can find a list of compatible operating systems here.

You can now schedule recurring product and security content updates to run on endpoints. You can set the task to run on a specific day of the week or after a certain time has passed since the last occurrence.

A notification is now sent when a system restart is required. You can choose to immediately restart or postpone the process.

You can now enable an automatic shutdown or system restart based on specific scenarios such as product update or disinfection.

The Restart machine task is now available for Linux endpoints.

Antimalware events history is now available locally.

Updating BEST for Linux now properly deletes all previous installation packages present on the endpoint.

Resolved multiple issues causing the security agent to crash or freeze.

All scan tasks ran through the Bitdefender User Interface Tool (bduitool) now receive unique IDs.

Product update mechanism via our agent installer has been enhanced.

You can now apply policies based on location assignment rules.

BEST for Linux v7 is now compatible with the following Linux distributions:

BEST for Linux v7 is now compatible with 32-bit operating systems on the following distributions:

BEST for Linux v7 now supports DazukoFS for kernel versions 2.6.32.

BEST for Linux v7 installer no longer incorrectly reports that there is not enough space on disk when the /opt/bitdefender-security-tools file exists.

Starting an installation of BEST for Linux v7 on an endpoint with an older version of v7 installed no longer returns "The product is already installed".

Fixed the issue causing increased RAM usage on Ubuntu machines.

Product updates no longer fail when the Relay URL address has a slash (/) at the end.

Running the deliverall command no longer archives the dnf folder on machines where BEST for Linux v7 has been updated from an older version.

Product updates no longer fail on SUSE operating systems.

Updating BEST for Linux v6 to v7 now properly creates the /usr/bin/bd symlink file.

Troubleshooting Debug session tasks no longer remain in an In progress state.

Alerts are no longer incorrectly triggered for pkexec and policykit processes.

Security fixes

Background periodic clean-up of temporary support files no longer causes Bitdefender systems to crash.

Security content updates no longer cause scan servers to reload.

Repeated deployments via Relay on the same endpoint no longer apply the same BEST version. This would occur regardless of the specified deployment settings.

Resolved an issue causing the Quarantine module to fail clearing file descriptors during scans, resulting in higher resource usage.

Files previously confirmed as clean and unmodified are no longer scanned when accessed.

Support Tool is now available for BEST for Linux v7.

On-Access protection is now available for Security Container Hosts.

Container Protection is now compatible with OpenShift CRI-O Container Engine.

Installing BEST for Linux on an VM with an RPM-based OS after clearing the yum cache no longer fails when no internet access is available.

During scans, the Quarantine module does not clear file descriptors, resulting in higher resource usage.

(bduitool) is now available for BEST for Linux v7.

Bitdefender user no longer appears in GNOME GUI environments.

BEST for Linux v7 no longer takes ownership of certain APT files, making software updates to fail.

Changing the system time on an endpoint that has scheduled custom scans causes Bitdefender product to crash.

Kprobes is no longer failing to load after security content updates.

Fixed issue causing update tasks run on machines with BEST for Linux v7.0.1.1626 installed to fail despite the console showing the update as successful.

Logs folder location has been changed from /tmp to /opt/bitdefender-security-tools/var/tmp.

Network Isolation tasks now work on endpoints which have a proxy configured.

Support tool is now available for BEST for Linux v7. It is currently available only from the command line interface.

The performance of the incidents sensor has been increased by as much as 30% in certain scenarios.

Extended the EDR support to Amazon Bottlerocket.

Policies now correctly apply communication settings to endpoints that have been upgraded from BEST for Linux v6 to v7.

GravityZone now properly detecting new deployments of Patch Management.

Running a Reconfigure Client task now correctly checks available disk space before installing a Relay role. The installation will only begin if sufficient disk space is available.

Uninstalling BEST for Linux v7 from virtual machines no longer results in a crash in certain situations.

BEST for Linux v7 now properly updating on all SLES machines.

Running BEST for Linux installation packages downloaded from a custom host no longer fail.

BEST for Linux v7 now compatible with machines working with FIPS protocol.

Fixed issue causing policies not to apply correctly when done through a Relay.

Security fixes.

Custom scan exclusions now properly loading.

On-Access scans no longer scan removed scan paths specified in your policy settings.

Added exceptions for alerts related to package managers (apt, yum, dnf).

Techniques are now properly displayed for corresponding generated events.

Container logs now properly record Security Container updates.

Restoring a quarantined file to a container now correctly places the file back on the container instead of the host VM.

Security Containers now work properly with Bottlerocket OS.

Security content updates no longer cause On-Demand scans to return no results.

Network Isolation for EDR is now available.

Upgrading BEST for Linux from v6 to v7 no longer causes issue where both BEST versions run on the same endpoint.

Upgrading BEST for Linux from v6 to v7 no longer causes On-Demand scans to return no results.

The Relay role is now supported again.

Network Isolation disconnects endpoints from the network, causing a loss of connectivity with GravityZone. This issue only occurs for endpoints that use policies with proxy configurations.

Policies applied to Security Containers now function independently of policies applied to the host.

Enabling On-Access on policies that have already been applied no longer fails to activate the service.

HTTPS protocol updates no longer fail on certain operating systems.

Running an Update client task for both product and security content no longer fails to perform the security content update.

Scan reports now show the correct number of scanned files.

Podman inventory support now available.

Update tasks now show correct status after failing.

Using On-Access scanning on a Ubuntu container no longer causes Bitdefender services to sometimes crash.

Issues no longer appear when trying to remove malware from certain archives.

Container runtime now registers properly in all environments.

When applying policies to containers, configured actions now apply correctly when malware is detected, including on older kernel versions.

Kprobes no longer being reloaded when no new updates are available.

Product updates no longer failing when no update locations are added to the policy you are using.

Product now correctly showing status for disabled modules.

Performing a scan task during a security content update no longer causes Bitdefender services to sometimes crash.

Using a proxy server no longer prevents EDR incidents from being generated.

Container Protection – protects both the container host and its running containers.

A new anti-exploit module.

A new architecture, created using Kprobes instead of kernel modules, which eliminates the common delays or the need to sacrifice security when upgrading.

Greatly expanded platform compatibility to all Enterprise Linux distributions and cloud native Linux distributions.

Policy per location not supported.

Bduitool not supported.

Relay role not supported.

Remote troubleshooting not supported.

Has issues status not being removed properly from endpoints once the issue has been resolved.

SELinux not supported.

EDR Isolate action not supported.

Shut down computer when scan is finished option not functioning properly after scan is performed. Endpoints are not being shut down.

Restart computer task with Restart now option enabled not functioning properly. Virtual machines and computers are not being restarted.

Files in mounted network directories not being scanned through On-Access scanning.

Machines with 32-bit OS not supported.

Delay in security content update status change after security update.

On-Access scanning ignoring file size limitation. All file sizes are scanned.

Added support for the automatic migration to version 7.

EDR events are now properly received from endpoints communicating through a Relay.

Security fixes

Prior to each deployment of BEST for Linux v6, endpoints will be checked by the system. If BEST for Linux v7 is already installed, the deployment will not be initiated.

Security fixes.

Endpoints with BEST for Linux v7 now properly update on SUSE systems when using BEST for Linux v6 Update Servers.

Security Server instances now publishing accordingly on Update Servers that use BEST for Linux v6.

Changes were made to Update Server in preparation for BEST for Linux v7 launch.

Extended the supported kernels list for the EDR module. For more information, refer to the Endpoint Detection and Response (EDR) and supported Linux kernels section.

Extended the supported kernels list for the EDR module. The new kernel versions are available here.

The EDR module caused intermittent reboots and crashes on endpoints that use the DazukoFS module.

Security fixes.

The security agent led to system crashes on Red Hat Enterprise Linux after the update to version 8.3.

Security fixes.

Added support for the newest update locations necessary for the Security Server update process.

Extended the supported kernels list for the EDR module. For more information, refer to the Endpoint Detection and Response (EDR) and supported Linux kernels section.

Fixed multiple crashes that affected systems with product version 6.2.21.135, released on fast ring.

The remote deployment of the security agent failed due to permission issues when non-root credentials were used.

The EDR module caused system crashes when the kubectl command was used.

Fixed multiple crashes that affected systems with product version 6.2.21.135, released on fast ring.

The remote deployment of the security agent failed due to permission issues when non-root credentials were used.

The EDR module caused system crashes when the kubectl command was used.

Improved the bduitool scan options as follows:

These improvements do not impact the current system requirements.

For more information, refer to the Bitdefender Endpoint Security Tools for Linux User's Guide section.

The product led to system crashes after updating to Red Hat Enterprise Linux 8.3.

A corrupted system configuration file (/etc/fstab) prevented successful reboots on Red Hat Enterprise Linux 5 and 6.

The Bitdefender Crash Handler mechanism caused multiple applications to hang leading the system into an unresponsive state.

Oracle Linux Server systems with the security agent installed reported errors when elevated commands were run.

Added improvements for product crash scenarios.

Added improvements for better resource consumption.

Added support for the latest Red Hat Compatible Kernels (RHCK) versions of Oracle Linux 7.

Added support for upcoming features available with the next GravityZone release.

A task ID is provided when an On-Demand scan task is initiated. Using this unique identifier you can easily manage tasks and find the necessary information.

The users can now query the status of previous and current On-Demand scan tasks using a task ID. The result consists of an individual summary for each scan task. The summary includes details like scan type, scanned items, a path to the full report, and others.

On-Demand scan tasks initiated via bduitool now support wildcards that expand the full directory path.

Added support to display the latest security content in the Repository details tab, in GravityZone console.

Extended the EDR supported kernels list with version 2.6.32.

Minor improvements related to backing up quarantined files.

In some cases, start time for On-Demand scheduled scan tasks was set to UTC regardless of the local time zone.

The product failed to apply the option Copy files to quarantine before applying the disinfect action enabled in the GravityZone console.

The product returned operating system and EDR commands without logging feature enabled.

The EDR module caused high latencies on Linux systems such as CentOS 7.6.

In certain conditions, the Patch Management module failed to download patches properly.

Changing standard umask settings to comply with custom security guidelines caused incorrect product installation.

Addressed a vulnerability discovered recently.

The security agent caused disk space usage on Linux systems.

The endpoint reported infected files as blocked when the scan action was set to Take no action.

In some cases, suspicious or infected files were reported as deleted instead of unresolved in the Malware Status report.

The security agent caused disk space usage on Linux systems.

The endpoint reported infected files as blocked when the scan action was set to Take no action.

In some cases, suspicious or infected files were reported as deleted instead of unresolved in the Malware Status report.

The product monitoring mechanism failed to use the Full Scan settings to determine the infection status of the endpoint.

Stopping the Bitdefender services while the product was checking the status of an existing infection caused the loss of some files from the monitoring mechanism.

The On-Access and On-Demand features may report the same files with different names when HyperDetect is set to Aggressive or when the option Extend reporting on higher levels is selected. This issue causes the Malware Status report to display the files as deleted instead of unresolved.