GravityZone Control Center

Vulnerable drivers

This pre-tampering technology detects vulnerable drivers on endpoints that can be exploited by attackers, posing threats to the integrity of the product. The technology is compatible with Windows and Linux operating systems.

Callback evasion

This post-tampering technology can detect when the security agent callback functions have been maliciously removed or disabled. New threats or unintentional human error could be engineered to potentially allow unauthorized access to the kernel, leading to compromised product integrity. The technology is compatible with Windows operating systems.

GravityZone sections such as Dashboard, Installation Packages, Network, Tasks, Patch Inventory, Maintenance Windows, and User Activity have been updated to support Patch Management for Mac.

When configuring a maintenance window, macOS applications are displayed separately from the Windows and Linux versions in the Vendors and Products section.

Reports such as Network Patch Status and Network Protection Status and notifications such as Missing patch issue now include information related to Patch Management on macOS endpoints.

Patch Management for Mac is available with existing GravityZone keys and it is licensed per managed endpoint, the same as for Windows and Linux.

This feature is available for macOS Big Sur (11.0) and later and requires Full Disk Access for the Bitdefender agent installed on endpoints.

GravityZone email notifications are now available in a modern design and have revised email subjects, notification titles, and email content. Additionally, some notifications in GravityZone Control Center have been renamed. You can find more information in Changes to GravityZone email notifications.

The New incident notification has been improved: all configuration options have been merged into one. Existing users, with any of the three settings activated prior to the update, now have the New incident notification enabled by default.

Maintenance Windows API

Quarantine API

Packages API

On demand endpoint actions executed from an incident graph are now displayed in the response grid of that incident.

The status of tasks resulting from EDR response actions is now changed to Failed after being unresponsive for two days.

The Remediation button and the associated section have been removed from the Endpoint Incidents tab and are now available in the new EDR Response tab.

You can now manually mark endpoint response actions as done or dismissed from the Response grid.

The Sandbox Analyzer page now displays more specific messages for failed detonations.

The Actions button from Configuration Profiles > Exclusions has been removed.

The Export Selection and Delete options, previously located under Configuration Profiles > Exclusions > Actions, have been added to the interface for better accessibility and ease of use.

7.9.5.324 (Windows)

7.0.3.2271 (Linux)

7.14.32.200019 (macOS)

The Update Linux EDR modules using product update option has been removed from the General > Update page in the policy settings.

In some cases, expired Reconfigure agent tasks ran on endpoints after they came back online.

Resolved an issue related to the cleanup of reports that exceeded the retention period.

Endpoints incorrectly connected to a different Security Server when the one configured in the policy was shut down, leading to system slowdown and overloaded Security Servers in the network.

Security fixes.

GravityZone users from companies using Business Security Premium license are not receiving New incident notifications.

The Last modified filter at Configuration Profiles > Web Access Control Scheduler is no longer limited to 90 days.

We are currently developing Patch Management for macOS. Although now you have the option to install macOS patches, they are not yet visible in GravityZone. We recommend you wait until the feature is fully released in 2024.

Users can now edit and delete all existing predefined rules in the policy.

The Firewall can be enabled on the Windows Server operating systems by performing the Reconfigure Task. The activation of the Firewall module is not automatic, even if Firewall is enabled in the policy.

Before enabling the module on their systems, it is important for users to assess and design their Firewall rules for servers. This is necessary to avoid potential service disruptions caused by the configuration of the ruleset, which may block traffic.

The Firewall icon from Installation Packages was updated, and now includes both Windows servers and workstations.

To find the supported Windows Server operating systems refer to this kb article.

In the Endpoint details page, the Content Control module now consists of three separate modules: Content Control, Web Traffic Scan, and Antiphishing.

There is now consistent behavior between the delete button and the drag-and-drop action within the deleted folder. Any endpoint that is moved to the deletion folder, either through the delete button or drag-and-drop, will be uninstalled immediately via the uninstall task or later when it reconnects online and communicates. For more details, visit the Deleting endpoints page.

Multiple schedules are now available in Configuration Profiles > Web Access Control Scheduler. This allows users to have more flexibility in setting up different time windows for Web Access Control. The Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been moved under Policies > Configuration Profiles > Web Access Control Scheduler > Category Scheduler.

Users can now create new schedules with multiple time window settings and assign categories to each schedule. The categories will be removed from the policy and the new schedule will be mapped to a policy.

You can now exclude from scanning any financial domains from Network Protection > General > Network Protection > Intercept Encrypted Traffic > Exclude financial domains.

Incidents generated by the EDR or Prevention Modules now display the name of the endpoint in the Entities column.

For a better visualization, you can now expand the following panels further:

The new Smart views feature allows you to customize the information that is displayed by the grid:

A new column and filter is available in the Incidents page:

Manage Networks. Create and download installation packages; install security agents; manage tasks and quarantined files. You can choose between two levels of customization:

Manage Endpoint Settings. View or manage policies, configuration profiles, assignment rules and any other endpoint setting from other GravityZone areas. You can choose between two levels of customization:

Security fixes.

Implemented internal optimizations for enhanced performance and stability of GravityZone.

The GravityZone integration with VMware vCenter failed to synchronize and remained in a loading state when using the Cloud Workloads network view.

The GravityZone console failed to check for kits and repository updates when generating a full archive. This issue affected freshly deployed offline environments.

Security fixes.

The grids and rule configuration pages have a new design.

Rule settings now include targets. You can now decide whether to apply the rule to the entire company or to specific groups by endpoint tags.

Clicking a grid entry brings up the details panel of the rule. It contains information about the rule, options for navigating rules and for editing the current rule.

Korean characters from events in JSON format that were transmitted to a syslog server were converted into ASCII code.

Security fixes.

The Add button has become Create.

All other buttons except Download have been moved under More actions.

The package configuration form also has a new look.

The Network > Tasks page has a new look and new options for a better user experience. Some highlights:

Tasks in the Network page have now more intuitive and consistent names. For example, Scan has become Malware scan, Install is now Install agent, and Reconfigure client has been renamed to Reconfigure agent.

The new names are also reflected in the Network > Tasks page, under the Task type category.

With this update, the User Activity page records actions on tasks under the new names. Existing records under old names remain unchanged.

For the complete list of renamed tasks, refer to Changes to task names in GravityZone On-premises Control Center.

You can now uninstall the Patch Management and Full Disk Encryption modules after their corresponding license keys have expired.

Offline license keys are now generated using a new format. You are no longer able to add previously generated license keys and their corresponding offline codes to your GravityZone On Premise Console.

The Accounts page has been redesigned and restructured. The page now provides an improved overall user account management experience.

In the Policies > Assignment Rules page, you can now apply policies via location rules only to targets you manage.

From now on, the Targets section is always active when you configure a rule to prevent it from being applied outside its scope. If you do not specify targets, GravityZone automatically selects all the available entities when saving the rule.

Old rules with no targets specified will continue to function as before until you manually save them again.

You now receive an explanatory message every time you cannot save a policy due to invalid data in the Sandbox Analyzer > Endpoint Sensor section.

You can now choose to receive notifications via email in plain text format. The new option is available for all notification types and you can find it on the Notifications Settings page.

The notifications email subject is now editable. You can customize the subject according to your needs using the new option Set custom email subject when configuring the notification. The option is available for most notification types.

The Centralized Quarantine Issues notification includes the endpoint name.

The Login from New Device notification includes the username of the account used.

Each tag in the Tags Management page now includes an inline menu to delete it or to easily create copies and apply them in your network. These actions are recorded in the User Activity page.

In the Network page, you can now create custom tags directly in the Assign custom tags window.

In the Unassign custom tags window, you can remove all custom tags from endpoints at once.

The Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been updated with additional categories. All existing policies are automatically updated to reflect the changes made regarding the updated categories.

You can now enable outbound traffic monitoring for Network Attack Defense over SFTP and SCP/SSH protocols on Linux machines. The new options are available in the Network Protection > General section of the policy settings. In addition, the Scan SSL option has been renamed to Intercept Encrypted Traffic and Scan HTTP has become Scan HTTPS.

The Amazon EC2 integration now supports the following optional regions that can be disabled or enabled from the integration: Cape Town, Hong Kong, Hyderabad, Jakarta, Osaka, Spain, Zurich, United Arab Emirates, Milan.

You can now create and restore GravityZone database backups that include your current staging settings and the status of the published packages. The new option is available only for environments with staging enabled.

The Gather logs feature from Network > endpoint details > Troubleshooting tab has been enhanced. You can now select between three new types of logs:

Accounts API

Network API

Fixed an issue on patch blacklisting. Some selected patches were not blacklisted because the selected targets were no longer valid for blacklisting. The error occurred also when trying to restore a patch without selecting valid targets.

User Activity logs for API key creation are now visible to all users with the necessary rights.

Security fixes.

Security improvements for Sandbox Analyzer cloud portal.

Registering an integration with NSX-V Manager failed if the default policy contained exclusion lists.

Security fixes.

The Send a Copy To secondary action is now available for the Replace file with text, Delete file, and Reject/Delete email actions. The settings can be found in the Policies > Exchange protection > Content Control page, under the Attachment filtering section.

Security fixes.

GravityZone experienced delays and errors when processing a large number of policy status events, which affected communication between the Virtual Appliance and endpoints.

Security Containers and Security Container hosts no longer appear as having issues in the Network page despite there being no problems with the endpoints.

Fixed an issue that caused the GravityZone Virtual Appliance to create network entries for the Instant Clone internal templates.

Security fixes.