GravityZone Control Center

Version 6.27.1-1

Release interval: 2021.12.07 - 2021.12.13

Minimum requirements:

  • Security agents: (Windows), (Linux)


Patch Management

  • GravityZone introduces Maintenance Windows in Configuration Profiles, a new and powerful way to configure Patch Management settings outside policies. Maintenance windows provide you with higher control over patch scanning and patch installation than before, with expanded scheduling options.

    In the policy, the old Patch Management module is replaced with a simple interface that allows you to assign the maintenance window you want. You can assign the same maintenance window, created by you or other users, to multiple policies.

    Upon this release, all Patch Management settings from existing policies will automatically be moved into maintenance windows, which then will be assigned to those policies. So, no worries there, your previous hard work is in safe hands.

    The Maintenance Windows feature requires a valid license with Patch Management. Read more about Maintenance Windows.

  • Going beyond Windows… We are currently developing Patch Management for certain Linux distributions, such as SUSE, RHEL, and CentOS. Although you have the option to install Linux patches, we recommend you wait until the feature is fully released in March 2022. Otherwise patches will have no visibility in GravityZone.


  • Antiphishing Activity: The report is now capable of organizing Antiphishing detections and affected endpoints based on different criteria. The new features focus on underlining possible security issues in your network while helping you achieve an effortless analysis.

    The report now includes:

    • Top 10 domains blocked on endpoints, which details the most frequently detected domains.

    • Top 10 affected endpoints, which informs you about the endpoints that have the most Antiphishing detections.

    • Affected endpoints, which presents the total number of endpoints with at least one detection.

    • Total detections, which provides the total number of phishing detections on all endpoints.


    After this update, the last instance of the scheduled report will no longer be available in the View report column. To access the archive containing all instances, select the report, click Download and then select Full archive from the drop-down menu.

  • Security Audit: The new improvements simplify the analysis of Antimalware detections in the Security Audit report. The report now classifies the Antimalware detections and affected endpoints based on different criteria as follows:

    • Top 10 malware by number of endpoints, which details the most frequent Antimalware detections.

    • Top 10 endpoints by number of Antimalware detections, which informs you about the endpoints that have the most Antimalware detections.

    • Endpoints, which presents the total number of endpoints with at least one Antimalware detection.

    • Detections, which provides the total number of Antimalware detections on all endpoints.


  • License expires notifications have been modified to offer more comprehensive license information.

Public API

  • The Incidents API has new methods for managing custom rules: getCustomRulesList, createCustomRule, and deleteCustomRule.

  • Patch Management is now available through API. For the Patch Management API, the following methods have been added: createPatchManagementMaintenanceWindow, getMaintenanceWindowList, getMaintenanceWindowDetails, updatePatchManagementMaintenanceWindow, deleteMaintenanceWindow, assignMaintenanceWindows and unassignMaintenanceWindows.

Resolved issues


  • Firewall rules are now being imported from GravityZone if the protocol is set to ICMP.


  • Exclusion lists from Configuration Profiles now display correct information after importing CSV files.

Version 6.26.4-2

Release date: 2021.11.15

Resolved issues

GravityZone platform

  • Security fixes.

Version 6.26.4-1 (third party updates)

Release date: 2021.10.12

Resolved issues

GravityZone platform

  • Security fixes.

Version 6.26.4-1

Release date: 2021.09.28

Resolved issues

Configuration Profiles

  • GravityZone console failed to delete the exclusions list unless the page was refreshed.

GravityZone platform

  • Security fixes.

Version 6.26.3-1

Release date: 2021.09.14

Resolved issues

GravityZone platform

  • Security fixes.


  • The Allow endpoints to send user login data to GravityZone option was not properly inherited from the main policy.

  • The Power User password was no longer recognized after adding a new exclusion in the Configuration Profiles section.


  • The Full scan logs available in the Scan Logs tab were not properly displayed resulting in a blank page when opened. The issue affected only a small group of endpoints.

Version 6.26.2-1

Release date: 2021.08.24

Resolved issues

Update & Publish

  • An incorrect cleanup was triggered while publishing a new repository version.

Version 6.26.1-1 (third party updates)

Release date: 2021.08.17

Resolved issues
  • Security fixes.

Version 6.26.1-1

New Features

Container protection

Bitdefender protection is now available for container environments. Container protection monitors both the operating system on the host and running containers, providing server workload EDR and anti-exploit and antimalware scanning services based on licensing.

The feature offers visibility into Linux server and container workload malicious activity in real time and a clear understanding of attack risk exposure at each stage of the attack. It detects complex attacks early with Linux native exploit detection technology and performs threat-hunting campaigns using the GravityZone EDR event search. Once licensed, you can deploy Container protection through two solutions:

  • Best for Linux v7 deployed directly on a container host.

  • Security Container instance deployed on a separate container that protects both the host and its managed containers.

This new feature comes with a new report, Security Container Status, which helps you identify any issues that a specific Security Container might have, with the help of various indicators such as Update Status, Upgrade Status and more.

A new notification is also available, Security Container Status Update, informing you when the product update status changes for a Security Container installed in your network.

Advanced Anti-Exploit

The AAE feature is now available for Linux.



  • Virtual Machines view renamed into Cloud Workloads.

  • Containers group added under Cloud Workloads containing container hosts and container endpoints.

  • Physical and VM container hosts now visible under Computers and Virtual Machines.


  • Monthly License Usage report now contains Container Protection information.

Configuration Profiles

The Configuration Profiles section under Policies enables you to create and manage customized exclusion rule lists, and assign them to your company policies, thus enabling you to scale the usage of exclusions across your network more accurately, to lower the rate of false-positive events and improve system performance.

Every exclusion rule you create can be assigned to one or multiple exclusion lists, and every list can be assigned to one or more policies. Furthermore, you can assign multiple exclusion lists to the same policy, for maximum flexibility.


We fine-tuned the formula for how we calculate the Severity Score, to make it more accurate, by taking into account a wider range of parameters, and incident escalation. We also added new mechanics that allow us to update the formula on-the-fly with new parameters from our evolving correlation technologies.

Version 6.25.1-2

Release interval: 2021.07.06 - 2021.07.20


GravityZone platform

  • From now on you can view the usernames of all the active users logged-on an endpoint. The new option is available on Windows and offers support for multiple users logged on an endpoint.

    The newly-introduced users data will become accessible under multiple GravityZone pages:

    • Network - where a new searchable column for logged-on users will be displayed in the Network Inventory and a new tab for logged-on users will be added in the Endpoint Details page.

    • Reports - where a new default and searchable column will be displayed in the Network Protection Status report.

    • Policies- where a new option allows you to control whether endpoints send data regarding user logon sessions such as: username, logon time or logon method.

    This will serve you in multiple ways:

    • As an admin, you can use the usernames in the network and/or reports to be able to reach out to the user in case their input is needed.

    • As a Security Analyst, you can correlate the information about the username with other events from GravityZone or third-party systems.

    Minimum version of Bitdefender Endpoint Security Tools:

  • Renamed a few elements from the Network section: the column Machine type is now Endpoint type.

  • The cleanup rules for offline machines are now more flexible:

    • Name patterns can contain the question mark (?) as wildcard.

    • Name patterns can have any length and no longer require a letter at the beginning. For example, you can use only the asterisk (*) to match any machine name.

    • You can select targets that are offline for less than 24 hours or more than 90 days. The cleanup rules will run hourly for machines offline less than a day, and daily for the other ones.

    • The target selection now covers Active Directory inventory as well.

Report Builder

  • GravityZone Elite and GravityZone Ultra customers can now use Report Builder. Available under Reports > Queries, this feature allows you to create detailed query-based reports, with a higher level of customization than the predefined ones. See GravityZone documentation for details regarding Report Builder requirementsinstallation and operation.


  • The Malware Status report has now the option for exporting report details to PDF.


  • The HyperDetect Activity report now includes the exact name of the detected threat and the file hash.


  • The Network > Packages section now includes macOS downloader, which will make it easier for you to install the security agent on different Mac architectures, whether they are Intel x86 or M1. The new downloader automatically detects the processor type and downloads and installs the right kit for that specific architecture.

VMware Integration

  • Enhanced vCenter authentication by allowing you to configure the retry limit interval and the maximum number of retries before your account gets locked out due to invalid credentials.


  • From now on GravityZone is also available in Turkish.

Product documentation

  • A unified self-service support experience with the new online help center. All GravityZone help content that was included in PDF guides, knowledge base articles and release notes, is now under one roof, in a more digestible format. Currently it is available only in English, localizations will follow soon.

Public API

  • Reports API: The createReport method has a new parameter - detailedExport, for including also the report details in the PDF file.

Resolved issues

Patch Management

  • Previously installed patches were not displayed in GravityZone after manually rebooting a virtual machine.

Version 6.24.1-1

Release date: 2021.05.25

Resolved issues

GravityZone platform

  • Security fixes.

  • An HTTP redirect issue prevented the download of kits, updates and patches from Bitdefender servers.

  • A limitation of the GravityZone VA operating system caused the security agents updates to fail.


  • Some icons did not accurately indicate the supported OS platforms for GravityZone modules (Windows servers & workstations, Linux or macOS).

Version 6.22.1-1

Release date: 2021.03.29

Resolved issues

Security for Mobile

Apple Push Notification service (APNs) no longer supports the legacy binary protocol after March 31, 2021. All communication with Apple servers via MDM will be handled by the HTTP/2 protocol from this date forward.

This GravityZone update addresses the changes to APNs, and it is mandatory for the Security for Mobile to continue functioning. After the update, you need to configure your network firewall to allow traffic to api.push.apple.com:443, instead of gateway.push.apple.com, through ports 2195 and 2196.


The changes in APNs affects only the communication between GravityZone and Apple servers. GravityZone Mobile Client is not affected, and you do not need to update it.

Version 6.20.1-1

Minimum requirements:

  • Security agents: (Windows); (Linux); (macOS)

New features

Apple M1 support

Added support for Apple M1 processors. A separate installation package for endpoints, named macOS kit (Apple M1), is available for download in the Network > Packages section. The previous Mac kit has been renamed macOS kit (Intel x86) and is only compatible with Intel-based Macs.

The following protection modules are supported on M1-based systems:

  • Antimalware

  • Device Control

  • Content Control

  • Encryption

Support for other features will be added in time.


After downloading the new macOS kit for Apple M1, you must publish it in Update > Components, otherwise the security agent installation on endpoints will fail.


New kits will not install on OS X El Capitan (10.11). For details about the end of support for this legacy macOS version, refer to this topic.Bitdefender Endpoint Security for Mac: End of support for OS X El Capitan (10.11)


Network Inventory

New options to avoid duplicates of cloned endpoints are available in Configuration > Network Settings:

  • Select Applies to cloned physical endpoints that are joined in Active Directory to resolve cloned HDD drives from decommissioned machines.

  • Select Applies to cloned virtual endpoints that are joined in Active Directory to resolve clones created using VMware Instant Clones.

Resolved Issues


Addressed a situation where inherited security policy sections were editable after migrating to a GravityZone license without the Application Control module.

Network Inventory

Fixed an issue where Oracle Linux 7 machines imported from VMware NSX-T environments were displayed as Windows endpoints.

Version 6.19.1-1

Release period: 2020.11.24 - 2020.12.07

Minimum requirements:

  • Security agents: (Windows); (Linux); (macOS)


EDR & Incidents

The new Custom Detection Rules functionality enables you to create rules to detect common events and generate incidents specific to your environment, which otherwise GravityZone may not flag as suspicious through its prevention and threat intelligence technologies. This enhances EDR's capabilities of raising alerts and triggering incidents to stop possible breaches in the early stages of an attack.

You can now:

  • Create your own detection rule

  • View and filter by alerts and incidents generated by a custom rule

  • View details of any rule in the dedicated side panel

  • Perform multiple actions, including edit, delete, duplicate or ignore a custom rule

  • Import list of rules

  • Receive notifications each time a new incident is triggered by a custom rule

  • Add and filter tags easily maintain your created custom rules

Added the option to update your Linux EDR modules via product update when you configure policies, for a tighter change control configuration and update staging process.

The new-incident Syslog notification now includes more information for logging EDR incident data to an external software platform such as SIEM or SOAR.Make sure to re-check any existing correlation you are currently using and/or add the new information about incidents in the search queries that are running on your SIEM.

Relabeled the tabs inside the Incidents page as Endpoint Incidents and Detected Threats.


Tabs availability may differ in your product, according to your license.

Security Telemetry

We now offer you the possibility to obtain raw security data from your endpoints right into a SIEM solution. Use this feature if you need a deeper analysis and correlation of the security events in your network.

Because we care about system performance and a low footprint of exported data, we are filtering out redundant information.

Check out the new General > Security Telemetry section of the security policy to enable and configure this feature, and the endpoint’s Information page to verify the connection status between the endpoint and the SIEM.


Available only for Windows endpoints and Splunk via HTTPS (TLS 1.2 or higher required).

Security Telemetry requires EDR available in GravityZone Ultra.

Ransomware Mitigation

You have now the option to restore the files encrypted in a ransomware attack, on-demand. Select this option in the policy, for the endpoints where you need more control over. In case of an attack, check the Ransomware Activity page, from where you can view the affected files and then run a restore task.

This option is available for 30 days from the event.

Sandbox Analyzer On-Premises

You can now enable sample submission through proxy to local instances in the Sandbox Analyzer > Infrastructure page. To set up a proxy, go to Configuration > Proxy.

Endpoint Protection

Following the deprecation of macOS kernel extensions, Bitdefender added support for the new EndpointSecurity and NetworkExtension APIs. These ensure the compatibility between Endpoint Security for Mac, GravityZone Control Center and endpoints running macOS Big Sur (11.0). More information is available with Endpoint Security for Mac-related documentation.


  • New Repair task to quickly fix issues that other way would require agent reinstall.

  • The options which provide more control over the data you send to Bitdefender are now available in the Miscellaneous section of the agent package configuration window as well.

  • Several content improvements.

Public API

  • The agent kit download link is now available via the getInstallationLinksmethod.

  • The full version of the agent kit may now be retreived via the downloadPackageZip method.

  • The new endpointName filtering option in the getEndpointsList method allows you to better find the endpoints in your network.

  • The instant report is now accessible by email via the createReport method.

Resolved Issues

Sandbox Analyzer

In some situations, Sandbox Portal returned a 404 error when trying to access cached reports after seven days.

Security for Mobile

iOS devices enrollment in MDM failed when the Identity and Profile Signing certificate password contained bash special characters.


  • The automatic updates system was generating the "GravityZone is unable to complete" error repeatedly, although no updates were available.

  • Deleted blocked detections remained displayed in the report graph.

  • Control Center was displaying the Dashboard portlets in a single row when the resolution was higher than 1080p and browser scaling was at 125%.

  • Offline updates failed if the HTTP traffic for GravityZone was disabled.

  • Changing the NTP server address in the Control Center > Configuration page had no effect.

Version 6.17.3-1

Release date: 2020-09-11

Resolved issues


Addressed a vulnerability discovered recently.

Version 6.17.2-1

Release date: 2020.08.12

Resolved Issues


Policy assignment rules failed to apply on endpoints when the list of hostnames or IPs ended with semicolon (;).

Network Inventory

In certain cases, GravityZone incorrectly reported the endpoint license status.


The Malware Status report incorrectly listed unresolved detections as deleted.


Fixed a Communication Server crash caused by invalid events.

Version 6.14.1-1

Release date: 2020.05.12



One of our main concerns is to support security engineers during the COVID-19 pandemic and keep network security measures stable. Therefore, we have decided to postpone Advanced Anti-Exploit technology enforcement until June 30.


Update System

More options to update GravityZone components (security agents, Security Servers). You can configure GravityZone Update Server to download updates from the Bitdefender Servers, a custom update location, or both. The option is available in the Update > Components > Settings window.

Version 6.13.1-1

Release date: 2020.04.23



Added a CDN as the default updates delivery location. Configure your network firewall to allow traffic from and to update-onprem.2d585.cdn.bitdefender.net. For details, refer to the GravityZone Communication Ports article.

Version 6.12.1-1

Release Date: 2020.04.07

Minimum requirements:

  • Security agents: - Windows, - Linux, - macOS

  • Security Server: - Multi-Platform, - NSX-V



You can now configure Security Servers’ cache sharing so that you can enable/disable it or restrict it to Security Servers from the same network. Not to worry about bandwidth consumption between sites anymore.The settings are available in the Configuration > Security Servers Settings page.


Added the option to import and export rules.


You can now set rules to exclude drives from encryption.

Remote Troubleshooting

  • Remote troubleshooting is now available for all Security Server versions.

  • You can now restart a troubleshooting session while maintaining its previous settings.

System Status

Automatic repair capability for metrics encountering issues on any appliance in your environment is now available at the click of a button.


Easily remove installed security solutions from your environment when upgrading to a full product license. The feature is ON by default and will remove any existing security software that creates conflicts when installing the BEST protection modules.


  • View portlets in a single scrolling page and update all the information at once using the Refresh Portlets button.

  • Added time filtering for the Endpoint Protection Status, Policy Compliance and Update Status portlets.


The Antimalware Event notification now includes details about the scan type, security content version and scan engine type.

Removed features


Removed the Malware Activity report. Consider using the Security Audit report as an alternative.


Removed the Malware Activity portlet.


Removed support for scanning Mapped Network drives when On-Demand Device Scanning is used.

Version 6.11.1-1

Release Date: 2020.01.22



Added the following details to the HyperDetect Activity notification:

  • Parent process name

  • Parent process ID

  • Command line (if available)

Removed features

Installation Kits for Windows Legacy

We removed all options to download installation kits for Windows legacy versions such as Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.

Past events in User Activity, where Action is Published and Area is Endpoint Kit, will display N/A instead of the kit name.

For more information related to this subject, refer to these KB articles:

Version 6.10.1-1

Release Date: 2019.12.02


Network Inventory

  • A new type of entities in Network Inventory: golden images.

    Mark the endpoints you use for creating clones and avoid duplicates in Network Inventory. Keep track of your golden images by using the available filters.


    This feature is disabled by default. To enable it, select Avoid duplicates of cloned endpoints in Configuration > Network Settings.

  • More relevant messages in Control Center when Mac clients have issues. For example, now you know if macOS has not granted the agent permissions such as access to the disk drive.

Resolved issues

Network Inventory

Endpoints appeared duplicated in Network Inventory due to system cloning. We introduced a new entity in Network Inventory, called golden image, to avoid such situations. For details, check the Improvements section.


In certain scenarios, Security Servers were not displayed in the drop-down list from the Antimalware > Security Servers section of the policy.

Device Control

Deleting a Device Control exclusion from the policy also deleted the first item in the list.

Version 6.9.1-1

Release date: 2019.11.05

Minimum requirements:

  • Security agents: Windows -

  • Security Server: Multi-Platform -

New features

Network Attack Defense

A brand-new powerful technology focused on detecting network attack techniques designed to gain access on specific endpoints, such as brute-force attacks, network exploits, password stealers.

The Network Attack Defense settings are available under the new Network Protection policy section. A specific notification informs you about incidents in your network, while the Network Incidents report will provide more insight about these detections.


To use the Network Attack Defense module, you need to install it on endpoints. For existing installations, run a Reconfigure Client task with Network Attack Defense selected. For new deployments, edit the installation package to include this module.

Sandbox Analyzer On-premises

Your own Sandbox Analyzer from Bitdefender is here! Born from the Cloud-based version, the new Sandbox Analyzer On-premises is delivered as a virtual appliance deployable on an ESXi hypervisor. The built-in installer allows easy deployment and configuration while the integration with GravityZone console provides a single interface for management.

The Sandbox Analyzer On-premises release is packed with the following features and capabilities:

  • Virtual appliance packaging with built in graphical installer

  • Out of the box integration with GravityZone console for management, configuration and deployment

  • Integrated with various sensors capable for feeding samples from various sources: network streams, ICAP traffic, file system

  • Unified reporting interface for both Sandbox Analyzer On-premises and Sandbox Analyzer Cloud

  • Detailed detonation reports containing information about malware classification, behavior analysis or timeline view

  • Support for custom detonation environments (golden images)

  • Sample re-analysis using different configuration options

  • REST based API for integration with third-party security solutions.

For more details, visit the Sandbox Analyzer dedicated webpage.

Remote Troubleshooting

The endpoint information page includes a new Troubleshooting tab, from where you can collect basic and advanced logs remotely. You can start a debug session, so that GravityZone collects the logs while the issue is reproducing. This will help our technical support specialists to perform an in-depth analysis of the issue and provide a resolution faster.

You can save the collected data on a network share, on the target endpoint or on both.


From now on we speak Chinese!



Seriously now, you can switch the GravityZone interface to Simplified Chinese, if you please.

System Status

Control Center now includes the System Status section, which displays real-time status information for the main metrics of your GravityZone environment.



We have added the option to create a VPN cluster for a more secure communication between the services on the GravityZone appliances. You can enable this option from the GravityZone appliance menu.


  • Integrating new modules to deployed agents is like playing with modeling clay. We have made the reconfiguring process more flexible.

  • You can choose to install Bitdefender security agents without removing the security software from other vendors. This means zero protection gap and faster deployment. Just remember, you’re doing this at your own risk. Some security solutions may affect the Bitdefender installation. Once you are protected by Bitdefender, you can manually remove any previously installed security solution.

Network Inventory

Goodbye to unused virtual machines from your network inventory. The Configuration page offers you the option to schedule automatic cleanup tasks.


  • The new Antimalware > On-Execute section covers Advanced Threat Control and Fileless Attack Protection.

  • Network Protection, another new policy section, exposes the new Network Attack Defense technology and shields the Content Control features.

  • Content Control went through a big transformation as well:

    • The old Traffic, Web, Data Protection, and Applications sections have been re-organized into new General, Content Control, and Web Protection sections.

    • The new Network Attacks section exposes the Network Attack Defense technology and its settings.

    • The new Global Exclusions option, in the General section, replaces the previous separated Traffic Scan and Antiphishing exclusions. During update, the existing policies will be automatically migrated to the new global exclusions.

    • Network Protection replaces the previous Content Control module in the Inheritance Rules settings.

    • The GravityZone reports keep tracking the Content Control features, but also include information on Network Attack Defense.

    • Location-based policies are now aware of the hostname too. You can to define assignment rules based on endpoint’s hostname.

Advanced Anti-Exploit

  • Three new detection techniques are available: VBScript Generic, Shellcode EAF (Export Address Filtering), and Emerging Exploits. These detections will be present from now on in the Security Audit and Blocked Applications reports.

  • User Activity now includes logs related to Advanced Anti-Exploit.

Patch Management

Added the option to limit reboot postpones at maximum 48 hours from new patches installation. When the set amount of time expires, endpoints will automatically reboot. Endpoint users will receive a notification regarding this action.

You can find this new option in the policy, under the Notifications > Endpoint Restart Notification modular settings.

Sandbox Analyzer Cloud

  • Results from detonation analysis are available with new information-rich reports in HTML format. These reports contain details such as: malware classification, process-level view, network activity, timeline view, registry keys and mutex objects accessed, file systems modifications, IOC attributes.

  • The Filters area is expanded by default, so it is easier for first-time users to discover all the options available with the submission cards.

  • Under the Submission Type filtering category, the Automatic option has been renamed to Endpoint Sensor.


These features are available for Sandbox Analyzer On-premises too.


  • Added network connection details to forensic information. HVI reports details such as active connections, IP addresses, and ports involved, when it detects an attack in user space.

  • HVI now prevents malicious DLL files from being loaded inside a protected process.


These options are available in the HVI > User Space policy settings.


  • Added Blocked Devices notification that alerts you whenever a blocked device connects to the endpoint. This notification is configurable from Notification Settings.

  • The Antimalware notification is now triggered during the scan, each time a malware event is detected.


The Endpoint Modules Status report now includes information on Sandbox Analyzer and HyperDetect.


Added compatibility with NSX-T 2.5, which includes agentless antimalware scanning for Linux virtual machines.

Public API

  • All GravityZone reports are now available via API as well.

  • We have made some improvements here and there:

    • createReconfigureClientTask entered the Network API

    • getManagedEndpointDetails returns all installed modules on a managed endpoint

    • getInstallationLinks returns the installation links for a package

    • getQuarantineItemsList has new filtering options

  • Sandbox Analyzer On-premises provides various API methods for monitoring detonation infrastructure, managing sample submission and downloading analysis reports. For details, refer to the GravityZone API Guide (On-Premises)

Resolved issues


Disabling the Endpoint Issues Visibility option in the Notifications policy section does not disable sub-features as well.

Automatic Update

Automatic product updates failed to start when configuring certain time zones and intervals.


The Mobile Devices view failed to display the Active Directory inventory when creating an integration with the option Sync to Custom Groups enabled.

Known issues

Sandbox Analyzer

  • The HTML reports accessible in the Sandbox Analyzer section are available only in English.

  • Sandbox Analyzer On-premises supports only golden images in English for building detonation virtual machines.

Version 6.8.1-21

Version 6.7.1-1

Release date: 2019.07.02

Minimum requirements:

  • Security agents: Windows -

  • Security Server: Multi-Platform -

New features

Advanced Anti-Exploit

Powered by machine learning, this new proactive technology stops zero-day attacks carried out through evasive exploits. Advanced Anti-Exploit catches the latest exploits in real-time and mitigates memory corruption vulnerabilities that can evade existing solutions.

This security layer is pre-configured with the recommended security settings and you can customize it from the Antimalware > Advanced Anti-Exploit policy section.

You can view Advanced Anti-Exploit events in the Security Audit, Blocked Application, Endpoint Module Status reports.


This security layer addresses Windows-based systems.



  • Improved custom exclusions:

    • Ability to use wildcards when defining custom exclusions.

    • Added more exclusion types: file hash, certificate thumbprint, threat name, and command line.

    • New field for adding notes or remarks for each exclusion.

    • Added the option to add ATC/IDS exclusions on folders.

  • Technology improvements to Central Scan:

    • Security Server cache sharing technology is now available. With this implementation, Security Servers will share scanning cache information with each other, leading to significant scanning speed performance increase in virtualized environments.

      To benefit of this feature, enable port 6379 to allow traffic between Security Servers.


      Cache sharing works only between Security Servers of the same type. For example, Security Server Multi-Platform shares its cache only with other Security Servers Multi-Platform.

    • Implemented a new Load Balancing mechanism between endpoints protected through Bitdefender Endpoint Security Tools with Central Scan, and Security Servers. You can now choose to distribute load evenly between the assigned Security Servers.

    • Improved load status reporting for Security Servers help you assess the scalability of Security Servers in your environment. The Security Server Status report now include two new states: Near overloaded and Near underloaded.

Sandbox Analyzer

  • Expanded the list of supported file types that can be automatically submitted to Sandbox Analyzer.

  • Added content pre-filtering capabilities for submitting files to the Sandbox Analyzer. This functionality is configurable in a new policy section.

  • Added error messages for failed detonations in the submission card section on the Sandbox Analyzer page.

Storage Protection

  • You can now use secured connection between Security Servers and the protected NAS servers, provided they use SSL over ICAP. Load your security certificate in the Configuration > Certificates > Endpoint - Security Server communication section of Control Center.


  • Optimized the Control Center workspace with the new display modes of the menu: expanded, collapsed (icon view) and hidden.


  • The Network Protection Status report has been enriched with more granular statuses for license (Expired, Pending, Trial) and endpoint management (Unamanaged).

Update system

  • Replaced the antimalware signatures with a new method to identify known and unknown malware, called Security Content.

  • Security Server updates are now published using update rings.

Public API

  • General: Through this new endpoint you can now get the API key details.

  • Network:

    • Added the option to create a scan task using the MAC address of the endpoint.

    • Added the companyId field in the results of the getManagedEndpointDetails method.

    • You can now reset the label for an endpoint using the setEndpointLabel method.

    • Introduced the assignPolicy method.

Resolved issues

Sandbox Analyzer

  • Analysis results from a manual submission could not be retrieved if proxy was in place.

Update system

  • In Control Center, weekly recurrence for antimalware updates was resetting upon return, if set only on Sunday. This was only a display issue, the setting being sent correctly to the security agent.


  • Security Server Load Balancing – Equal distribution mode had limited functionality. The scan load was not distributed equally between Security Servers.

Known issues


  • The new custom exclusion types are not available for custom scanning tasks from the Network page.

  • The following exclusion types for ATC/IDS are available only for Windows desktop operating systems:

    • Process with wildcards

    • File hash

    • Detection name

    • Detection name with wildcards

    • Command-line

  • Certificate hash (thumbprint) exclusions are not available for ATC/IDS.

Version 6.6.1-2

Release date: 2019.05.14


Update system

GravityZone comes with a more flexible update system, which offers greater control over the update process. Among improvements, you can notice:

  • Requirements validation before installation

  • Progress tracking for each appliance from Control Center

  • Update synchronization across appliances

  • Automatic resume of the update, if interrupted by appliance reboot or crash

  • Integrity checks when modifying the GravityZone infrastructure

    Starting with this update, installation of GravityZone roles requires using the same major and minor version numbers of GravityZone, for both the image file and the deployment.

    This requirement applies both when you reinstall an existing role, or when you extend your GravityZone deployment.

    The GravityZone version number consists of these sequences: major.minor.patch. For example, at version 6.5.3-1, 6 major version is 6, minor version is 5, and patch version is 3-1.


You need to run this update manually. Automatic update is suspended due to the changes being made to the update system itself.

Version 6.5.5-1

Release date: 2019.04.09

New features

Integration with NSX-T

  • Agentless security with antimalware capability for your NSX-T Data Center 2.4, through the Guest Introspection service platform. Follow these guidelines to learn how to integrate GravityZone with NSX-T.

Integration with BitdefenderNetwork Traffic Security Analytics (NTSA)

  • You can now integrate GravityZone with NTSA and smoothly navigate to NTSA console by a single click in GravityZone Control Center.


Full Disk Encryption

  • Encryption on macOS is now performed by FileVault for the boot drive and by the diskutil command-line utility for the non-boot drive.

  • GravityZone takes ownership for macOS boot drives encrypted with FileVault.

Sandbox Analyzer

  • You can now submit password-protected archives from the Manual Submission page.

Security for Virtualized Environments

  • Effortless host maintenance with the new behavior of Security Server Multi-Platform, configurable in the security policy. When maintenance starts, Security Server is automatically shut down or migrated to another host, depending on the affinity rules. Migration is possible even on hosts with another Security Server in place.

Report Builder

  • The Report Builder roles Database and Processors are delivered with the GravityZone appliance.


  • The malware status reported by endpoints is now more accurately calculated and displayed in GravityZone reports and portlets:

    • The Still Infected status has been changed to Unresolved.

    • Removed the reporting interval options containing "last" ("last week" or "last 2 months") from scheduled reports.


    This change affects all existing scheduled reports. You may need to edit your scheduled reports and select another reporting interval option.

Security for Mobile

  • Added support for push notifications through the Firebase Cloud Management (FCM) service on Android.

Resolved issues
  • Addressed a rare out-of-sync Control Center issue that occurred in certain GravityZone environments with Replica Set. Control Center was resynchronized after restarting the Communication Server services.

  • Some security issues and minor bug fixes regarding GravityZone Control Center functionalities.

Deprecated features
  • The Malware Activity report has become deprecated. For now, you can continue to use this report as before. At the same time, Bitdefender plans to improve the reporting of malware information in a future GravityZone update.