Skip to main content
  • ON PREMISES SOLUTIONS
  • Release notes
  • Bitdefender Endpoint Security Tools for Linux

Bitdefender Endpoint Security Tools for Linux

This section contains the release notes for Bitdefender Endpoint Security Tools (BEST) for Linux. For the BEST for Linux user's guide, go to this section.

For BEST for Linux release notes from 2019-2022, refer to this document.

Version 7.5.0.200217

Release date:

  • Fast ring: 2025.04.15

  • Slow ring: 2025.04.24

New features

Product

  • Added support for Suspend protection and Resume protection. These actions are available in the new Network section of the GravityZone Control Center, currently in Early Access. For more information, refer to ??? and ???.

  • Added support for the Allow endpoints to send user login data to GravityZone option from the General > Settings policy section. The information about logged-in users is displayed in the Users tab within the Network grid > endpoint details page.

  • Added support for upcoming features available with the next major GravityZone release.

Resolved issues

Product

  • Resolved an issue where BEST caused a slow system shutdown. The shutdown time is now optimized.

  • Resolved an issue that prevented endpoints from sending crash dumps in specific scenarios, caused by an on-demand scanning bug.

  • Addressed an issue where isolated endpoints lost isolation after a BEST restart, even though GravityZone Control Center still displayed them as isolated. Isolation now persists after product restarts.

Version 7.4.1.200200

Release date:

  • Fast ring: 2025.03.05

  • Slow ring: 2025.03.06

Resolved issues

Antimalware

Resolved an issue where On-demand exclusions were incorrectly applied in particular scenarios.

Product

Security fixes

Version 7.4.1.200195

Release date:

  • Fast ring: 2025.02.18

  • Slow ring: 2025.02.18

Resolved issues

Product

Fixed a crash that occurred after the update to version 7.4.1.200193 due to previously applied invalid SHA256 exclusions.

Version 7.4.1.200193

Release date:

  • Fast ring: 2025.02.13

  • Slow ring: 2025.02.18

Improvements

Antimalware

The bduitool command now supports the -f parameter for malware scans. When this parameter is used, the console remains open during the scan and displays several status messages in real time.

Product

Launching an update with the bduitool command now provides additional details in case of a failure. The error code and cause are now displayed.

Resolved issues

Security Container

Fixed a cluster crash caused by the Security Container exceeding memory limits soon after deployment.

Version 7.4.0.200181

Release date:

  • Fast ring: 2024.11.25

  • Slow ring: 2024.11.26

New features

Antimalware

  • Linux endpoints now support adding hash values to the Blocklist in the Incidents section. To read more, refer to the Add rules to the Blocklist > Adding hash values to the Blocklist section on the Blocklist page.

    Important

    • This functionality is available only with specific kernels. For more information, refer to Linux kernels supported by Blocklist and Application Blacklisting.

    • This is an Antimalware functionality. The EDR Sensor is not required in the installation package.

    • Any blocking rule applied to Linux containers will be ignored. Applications on the container host can be blocked by hash.

    • Adding application paths and connections to the Blocklist is not currently supported.

  • Linux endpoints now support configuring Application Blacklisting in the Network Protection > Content Control > Application Blacklisting section within the policy settings. To read more, refer to the Application Blacklisting section on the Content Control page.

    Important

    • This functionality is available only with specific kernels. For more information, refer to Linux kernels supported by Blocklist and Application Blacklisting.

    • This is an Antimalware functionality. The Content Control is not required in the installation package.

    • Any application rule applied to Linux containers will be ignored. Applications on the container host can be blocked by path.

    • Scripts can be blocked by path only when they are executed directly, not explicitly loaded by an interpreter. They can start with a shebang or they can be shell scripts without a shebang.

  • Added support for upcoming features available with the next major GravityZone release.

Container Protection

Added support for upcoming features available with the next major GravityZone release.

Improvements

Antimalware

  • Optimized the antimalware scanning mechanism to minimize system boot delays when scheduled scans are missed.

  • All on-demand scan tasks now have the Preserve last access time setting available on Linux endpoints, too. Read more: Malware scan.

Security Container

  • You can now configure an optional group ID (GID) parameter when deploying Bitdefender Security Containers on a Linux container host. This prevents potential issues caused by the default GID 10000 already being used.

  • Added support for the following container platforms:

    • Openshift (4.13 – 4.17.2)

    • RKE2 (2.8)

Product

Added support for the following distributions:

  • Zorin OS

  • SLES 15 SP6

  • Linux Mint Debian Edition 6

Resolved issues

Endpoint Detection and Response

Fixed an issue that caused a size increase of the /opt/bitdefender-security-tools/var/edrsubmitter/ directory up to 4 GB.

Antimalware

  • Resolved an issue causing bduitool get ps to display the status of an unsupported feature.

  • Fixed a bug that caused /bin/bash to be wrongly reported as malware inside containers.

  • Internal bugs have been resolved.

Known issues

Antimalware

  • On the Blocklist page, scripts can be blocked by hash only if they start with a shebang (#!).

  • In the Application Blacklisting policy section, applications can be blocked only with the Block All option selected. Blocking rules for scheduled applications are not saved.

  • On-access exclusions take priority over blocking rules. Any application specified in a blocking rule will not be blocked if:

    • Its location is excluded from on-access scanning as an object of type Folder.

    • It is excluded from on-access scanning as an object of type File.

    • Its extension is excluded from on-access scanning.

    • It is accessed by a process excluded from on-access scanning as an object of type Process.

Version 7.4.0.200180

Release date:

  • Fast ring: 2024.11.18

  • Slow ring: –

New features

Antimalware

  • Linux endpoints now support adding hash values to the Blocklist in the Incidents section. To read more, refer to the Add rules to the Blocklist > Adding hash values to the Blocklist section on the Blocklist page.

    Important

    • This functionality is available only with specific kernels. For more information, refer to Linux kernels supported by Blocklist and Application Blacklisting.

    • This is an Antimalware functionality. The EDR Sensor is not required in the installation package.

    • Any blocking rule applied to Linux containers will be ignored. Applications on the container host can be blocked by hash.

    • Adding application paths and connections to the Blocklist is not currently supported.

  • Linux endpoints now support configuring Application Blacklisting in the Network Protection > Content Control > Application Blacklisting section within the policy settings. To read more, refer to the Application Blacklisting section on the Content Control page.

    Important

    • This functionality is available only with specific kernels. For more information, refer to Linux kernels supported by Blocklist and Application Blacklisting.

    • This is an Antimalware functionality. The Content Control is not required in the installation package.

    • Any application rule applied to Linux containers will be ignored. Applications on the container host can be blocked by path.

    • Scripts can be blocked by path only when they are executed directly, not explicitly loaded by an interpreter. They can start with a shebang or they can be shell scripts without a shebang.

  • Added support for upcoming features available with the next major GravityZone release.

Container Protection

Added support for upcoming features available with the next major GravityZone release.

Improvements

Antimalware

  • Optimized the antimalware scanning mechanism to minimize system boot delays when scheduled scans are missed.

  • All on-demand scan tasks now have the Preserve last access time setting available on Linux endpoints, too. Read more: Malware scan.

Security Container

  • You can now configure an optional group ID (GID) parameter when deploying Bitdefender Security Containers on a Linux container host. This prevents potential issues caused by the default GID 10000 already being used.

  • Added support for the following container platforms:

    • Openshift (4.13 – 4.17.2)

    • RKE2 (2.8)

Product

Added support for the following distributions:

  • Zorin OS

  • SLES 15 SP6

  • Linux Mint Debian Edition 6

Resolved issues

Endpoint Detection and Response

Fixed an issue that caused a size increase of the /opt/bitdefender-security-tools/var/edrsubmitter/ directory up to 4 GB.

Antimalware

  • Resolved an issue causing bduitool get ps to display the status of an unsupported feature.

  • Fixed a bug that caused /bin/bash to be wrongly reported as malware inside containers.

Known issues

Antimalware

  • On the Blocklist page, scripts can be blocked by hash only if they start with a shebang (#!).

  • In the Application Blacklisting policy section, applications can be blocked only with the Block All option selected. Blocking rules for scheduled applications are not saved.

  • On-access exclusions take priority over blocking rules. Any application specified in a blocking rule will not be blocked if:

    • Its location is excluded from on-access scanning as an object of type Folder.

    • It is excluded from on-access scanning as an object of type File.

    • Its extension is excluded from on-access scanning.

    • It is accessed by a process excluded from on-access scanning as an object of type Process.

Version 7.3.0.200172

Release date:

  • Fast ring: 2024.10.31

  • Slow ring: 2024.11.04

Resolved issues

Endpoint Detection and Response

Fixed an issue that caused the /opt/bitdefender-security-tools/var/edrsubmitter/ directory to increase to 4 GB.

Version 7.2.1.200170

Release date:

  • Fast ring: 2024.10.03

  • Slow ring: 2024.10.07

Resolved issues

Internal bugs have been resolved.

Version 7.2.1.200168

Release date:

  • Fast ring: 2024.09.18

  • Slow ring: 2024.09.19

Resolved issues

Security Telemetry

Resolved an issue where BEST would repeatedly crash if the SIEM server URL, configured in General > Security Telemetry > SIEM Connection Settings within the policy settings, was invalid or incorrectly formatted.

Update server

Fixed an issue where changing the URLs in Relay > Update > Update Locations within the policy settings had no effect.

Version 7.2.1.200164

Release date:

  • Fast ring: 2024.09.04

  • Slow ring: 2024.09.09

New Features

Security Telemetry

When MDR is enabled, you can now send telemetry data simultaneously to the MDR team and to your own SIEM server configured in the General > Security Telemetry policy section.

Product

Added support for upcoming features available with the next major GravityZone release.

Resolved issues

Product

VirtualBox no longer crashes due to uprobes when you try to run a virtual machine on an endpoint with BEST installed.

Tasks

Resolved an issue where BEST failed to consider whether the Reconfigure task used the proxy setting from the update location.

Version 7.2.0.200144

Release date:

  • Fast ring: 2024.07.29

  • Slow ring: 2024.08.05

New Features

Endpoint Detection and Response

Added support for upcoming features available with the next major GravityZone release.

Improvements

Endpoint Risk Analytics

Any Endpoint Risk Analytics scan that fails, is interrupted, or is incomplete is now automatically retried three times.

Resolved issues

Product

  • Added kprobes support for kernel 6.9.3-76060903-generic.

  • The GDB debug tool no longer gives SIGTRAP error when Bitdefender Endpoint Security Tools for Linux is installed on SUSE Linux Enterprise 15.0, SUSE Linux Enterprise 15.1, or openSUSE Leap 15.0 systems.

Version 7.1.1.200141

Release date:

  • Fast ring: 2024.06.10

  • Slow ring: 2024.06.11

Resolved issues

  • Security fixes

Version 7.1.1.200135

Release date:

  • Fast ring: 2024.05.30

  • Slow ring: 2024.06.04

New Features

Advanced Threat Control

Bitdefender Advanced Threat Control is now available for Linux in report-only mode. This means that whether the preferred security level is Aggressive, Normal, or Permissive, the module takes no action except to report the infected applications detected by Bitdefender.

It can be installed at the creation of a new installation package, by selecting the Advanced Threat Control option. Learn more.

Resolved issues

Product

  • Added On-Access compatibility for kernels 2.6.32-754.50.1.el6.x86_64.rpm and 2.6.32-754.53.1.el6.x86_64.rpm.

  • Cloud Services are now accessible when the DNS server is not configured and the relay is used as a proxy.

Version 7.1.0.200110

Release date:

  • Fast ring: 2024.04.16

  • Slow ring: 2024.04.23

New Features

Security Telemetry

You can now forward security telemetry events from Linux endpoints to a syslog server in JSON format.

Tip

You can enable this feature on Linux endpoints from the General > Security Telemetry > SIEM Connection Settings section of the policies applied to them. Learn more.

Improvements

Product

  • Reduced the Bitdefender Endpoint Security Tools installation time for virtual machines that are hosted on premises.

  • Optimized the hard disk space occupied by the agent. Unnecessary files are automatically deleted after installation.

Antimalware

  • On-Demand scans now consume less RAM and swap space.

  • Added support for upcoming features available with the next major GravityZone release.

Patch Management

Updated libicu to the latest versions corresponding to the supported distributions by the Patch Management feature.

Warning

For SLES 15 operating systems, Patch Management now supports only SLES 15 SP5 or higher.

Resolved issues

Antimalware

Resolved the timeout error at the bduitool get scanlog command. Now the command completes in less than 60 seconds. In lack of previous scan tasks, the command will finish without any message.

Endpoint Detection and Response

The Endpoint Detection and Response module no longer causes high CPU usage due to processing unnecessary events. For these events, we have added exclusions.

Version 7.0.5.200090

Release date:

  • Fast ring: 2024.03.07

  • Slow ring: 2024.03.11

Important

This update includes all improvements and fixes from version 7.0.5.200087, released on fast ring.

Resolved issues

  • Security fixes

Version 7.0.5.200087

Release date:

  • Fast ring: 2024.02.29

  • Slow ring: -

Resolved issues

  • Resolved an issue causing increased CPU usage on Red Hat Enterprise endpoints running with the EDR Sensor module installed.

  • Security fixes

Version 7.0.5.200075

Release date:

  • Fast ring: 2024.02.06

  • Slow ring: 2024.02.13

Improvements

  • Added support for the Pop!OS operating system with kernel version 6.6.6-76060606-generic.

Resolved issues

  • You can now properly install and use the Patch Management module on endpoints with SUSE Linux Enterprise Server 15 SP5.

  • Malware detections on virtual machines are now properly transmitted and displayed under Incidents, Threats Xplorer, Executive summary and the Security audit report. The issue sometimes occurred when Container Protection was not installed on the machine.

  • Resolved an issue causing Malware Status reports to be displayed under Scan Logs when viewing endpoint details from the Network page.

  • Fixed an issue causing scans to add folder and subfolder paths to scan lists despite being excluded in the policy applied to the endpoint. This was causing increased RAM usage.

  • Security fixes

Version 7.0.5.200049

Release date:

  • Fast ring: 2023.12.11

  • Slow ring: 2023.12.12

Important

This update includes all improvements and fixes from version 7.0.5.200046 released on fast ring.

Improvements

  • Stability fixes.

Version 7.0.5.200048

Release date:

  • Fast ring: 2023.12.06

  • Slow ring: -

Improvements

  • Security and stability fixes.

Version 7.0.5.200046

Release date:

  • Fast ring: 2023.12.04

  • Slow ring: -

Improvements

  • Incidents are now created when Integrity Monitoring rules with the critical severity level are triggered.

  • BEST for Linux is now limited at using 50% of an endpoint's CPU usage when performing On-Demand scans with low priority.

  • The Paused/Suspended, and Stopped statuses are now available for container endpoints when displayed in the the GravityZone console.

  • BEST for Linux is now compatible with the following distributions:

    • Fedora 39 x64

    • OpenSUSE Leap 15.5 x64

  • You can now use ** wild card exclusions for On-Access scans. The feature works for both files and folders.

Resolved issues

  • BEST for Linux now properly identifies Amazon Web Service EC2 with IMDSV2 when deployed with the automatic scan mode.

  • On-Access scans that run on container hosts with BEST for Linux deployed with Container protection now exclude folders where container engines unpack image layers and mount overlay file systems.

  • Fixed an issue where Docker container namespaces were still protected by BEST for Linux after the container was removed.

  • Incidents now show the correct action taken for events where items were quarantined as a result of a malware detection.

Version 7.0.3.2322

Release date:

  • Fast ring: 2023.11.16

  • Slow ring: 2023.11.16

Resolved Issues

  • Resolved an issue causing some security updates to fail when performed through a Relay.

Version 7.0.3.2319

Release date:

  • Fast ring: 2023.11.13

  • Slow ring: 2023.11.14

Resolved Issues

  • Resolved an issue causing some log files to be mistakenly generated in the "/" directory during security updates.

  • Security fixes

Version 7.0.3.2312

Release date:

  • Fast ring: 2023.11.13

  • Slow ring: -

Resolved Issues

  • Security fixes

Version 7.0.3.2271

Release date:

  • Fast ring: 2023.09.04

  • Slow ring: 2023.09.07

New features

  • Added support for upcoming features available with the next major GravityZone release.

Resolved issues

  • The Network Attack Defense module no longer blocks SSH connections with other endpoints.

Known issues

  • Custom detection rules that have a Parent Name matching criteria with a wildcard currently do not work.

  • The Antimalware feature does not currently work on CentOS 7 operating systems using ARM architectures (aarch64).

Version 7.0.3.2248

Release date:

  • Fast ring: 2023.08.17

  • Slow ring: -

New features

  • Added support for upcoming features available with the next major GravityZone release.

Resolved issues

  • The Network Attack Defense module no longer blocks SSH connections with other endpoints.

Known issues

  • Custom detection rules that have a Parent Name matching criteria with a wildcard currently do not work.

  • The Antimalware feature does not currently work on CentOS 7 operating systems using ARM architectures (aarch64).

Version 7.0.3.2239

Release date:

  • Fast ring: 2023.07.25

  • Slow ring: 2023.07.26

Improvements

  • Security fixes

Version 7.0.3.2225

Release date:

  • Fast ring: 2023.07.13

  • Slow ring: 2023.07.24

New features

  • You can now upload and download files when using the Remote Shell feature on Linux endpoints. Learn more

  • You can now cancel any ongoing or pending file transfers resulted from the use of the Remote Shell feature.

  • The Delete all button is now available: all the entries will be removed from the Investigation grid and all pending or ongoing downloads will be canceled.

Improvements

  • BEST for Linux v7 is now compatible with the following distributions:

    • Kylin v10 x64 (RPM-based)

    • SLED 15 SP4 x64

    • Ubuntu 23.04 x64

    • Ubuntu 22.10 x64

    • Debian 12 x64

    • Fedora 38 x64

  • BEST for Linux us now compatible with ARM architecture (aarch64).

  • The curl table used by the Live Search feature is now disabled on endpoints with BEST for Linux installed. This was done to protect against exploits involving lateral movement attacks.

  • Added the efivar library in BEST for Linux packages, covered under GNU Lesser General Public License, version 2.1.

Resolved issues

  • Removed support for several DazukoFS module kernel archives. The following archives are still supported:

    • 2.6.32-754.35.1.el6.x86_64

    • 2.6.32-754.35.1.el6.centos.plus.x86_64

    • 2.6.32-754.35.1.el6.i686

    • 2.6.32-754.35.1.el6.centos.plus.i686

  • Updated the OpenSSL library to version 1.1.1u.

  • Updated libssh library to version 0.10.5.

  • Endpoints using the Network Attack Defense feature now use the netfilter conntrack helper component to avoid routing all ports for FTP connections.

  • Network Attack Defense no longer blocks access to the Oracle MySQL Workbench 8.0.29 database when deployed with BEST for Linux.

  • Resolved an issue causing File, Folder or Process scanning exclusions to not include subfolders when a / is added at the end of the folder path.

  • Launching BEST for Linux now properly cleans Bitdefender AuditD rules at startup.

  • Downloading an installation kit on a relay now properly removes older kits from the endpoint. An issue was causing the maximum number of kits that are allowed on a relay endpoint to be exceeded by 1.

  • Fixed an issue causing endpoints with BEST for Linux to display the Connection to the Cloud services cannot be established notification, despite it being disabled from the policy applied on the endpoint. The setting can be found under General > Notifications > Endpoint Issues Visibility > Modular Settings > Cloud Services notifications.

  • Endpoints with BEST for Linux installed are no longer connecting directly to the GravityZone cloud services despite them being configured to connect through a proxy.

  • On-demand scans are no longer interrupted when performed on archives larger than 4 GB.

  • Fixed an issue which could lead to potential deadlocks within the EDR module.

  • BEST for Linux now stops querying update servers once a connection is established.

  • Fixed an issue causing BEST for Linux updates to fail, returning error 403.

  • Failed product updates now properly fall back to the next available update server.

Removed features

  • Removed support for Patch Management for the following distributions:

    • RedHat 6

    • CentOS 6

Known issues

  • Decrypting documents downloaded from Remote shell sessions returns an error (decryption forced to fail!), despite the decryption being successful.

  • BEST for Linux sometimes fails to start after the endpoint where it is deployed is upgraded from init.d to systemd. To resolve this issue refer to this article.

  • Remote shell sessions are currently not displaying certain special characters.

  • Moving to the /opt/bitdefender-security-tools/ directory during a remote shell session incorrectly returns error 123 instead of error 313.

  • Trying to use a read-only network mount as an upload path during a remote shell session incorrectly returns error 0 instead of error 5 - access denied.

Version 7.0.3.2193

Release date:

  • Fast ring: 2023.05.15

  • Slow ring: 2023.05.17

Resolved issues

  • BEST updates no longer refresh update repositories on SLES operating systems.

  • Fixed an issue causing BEST to mount NFS shares as a result of on-demand scans.

  • Updating BEST no longer restores NAD module script execution rights to default.

Improvements

  • On-demand scans that run with low priority now only use half of available endpoint resources.

Version 7.0.3.2177

Release date:

  • Fast ring: 2023.04.11

  • Slow ring: 2023.04.19

Improvements

  • BEST for Linux is now compatible with the PopOS and Amazon Linux 2023 distributions.

  • KProbes now support security content update rings.

  • You can now use On-Access scanning for files in the root (/) directory on containers protected by BEST.

  • The Support Tool now gathers additional logs.

  • You can now use the Support Tool with Bitdefender Security for Containers.

  • Added support for upcoming features available with the next major GravityZone release.

  • Security containers are now deployed in a dedicated namespace on Kubernetes: bitdefender-security-container.

  • Security containers now use a dedicated Kubernetes service account: bitdefender-security-container.

Removed features

  • All RHEL and RHEL derivatives (for example, CentOS and Oracle) prior 6.10 are no longer supported.

Limitations

  • Deploying Security Containers on OpenShift 4.12 and later environments using the Helm package manager is currently unsupported.

Resolved issues

  • Fixed multiple compatibility issues between BEST for Linux and NFS mounts.

  • Fixed an issue that was causing BEST for Linux to fail sending data to incident servers.

  • Security and stability fixes.

Version 7.0.3.2120

Release date:

  • Fast ring: 2023.01.31

  • Slow ring: 2023.02.07

Resolved issues

  • Endpoints with the Network Attack Defense module deployed are no longer experiencing connectivity issues.

  • Reconfigure client tasks configured with the Match List option no longer fail when the endpoints are communicating through a Relay.

  • Fixed an issue causing the Antimalware module to sometimes crash when performing On-access scan tasks.

  • Deploying BEST for Linux on endpoints not using the default package manager of their operating system no longer fails.

In this section: