Bitdefender GravityZone 6.18.1-1 Release Notes
- Security agents: 22.214.171.1241 (Windows); 126.96.36.199 (Linux); 188.8.131.52096 (macOS)
The new Custom Detection Rules functionality enables you to create rules to detect common events and generate incidents specific to your environment, which otherwise GravityZone may not flag as suspicious through its prevention and threat intelligence technologies. This enhances EDR's capabilities of raising alerts and triggering incidents to stop possible breaches in the early stages of an attack.
You can now:
- Create your own detection rule
- View and filter by alerts and incidents generated by a custom rule
- View details of any rule in the dedicated side panel
- Perform multiple actions, including edit, delete, duplicate or ignore a custom rule
- Import list of rules
- Receive notifications each time a new incident is triggered by a custom rule
- Add and filter tags easily maintain your created custom rules
- Added the option to update your Linux EDR modules via product update when you configure policies, for a tighter change control configuration and update staging process.
- The new-incident Syslog notification now includes more information for logging EDR incident data to an external software platform such as SIEM or SOAR.
Make sure to re-check any existing correlation you are currently using and/or add the new information about incidents in the search queries that are running on your SIEM.
- Relabeled the tabs inside the Incidents page as Endpoint Incidents and Detected Threats.Note! Tabs availability may differ in your product, according to your license.
- We now offer you the possibility to obtain raw security data from your endpoints right into a SIEM solution. Use this feature if you need a deeper analysis and correlation of the security events in your network.
Because we care about system performance and a low footprint of exported data, we are filtering out redundant information.
Check out the new General > Security Telemetry section of the security policy to enable and configure this feature, and the endpoint’s Information page to verify the connection status between the endpoint and the SIEM.
Available only for Windows endpoints and Splunk via HTTPS (TLS 1.2 or higher required).
Security Telemetry requires EDR available in GravityZone Ultra.
You have now the option to restore the files encrypted in a ransomware attack, on-demand. Select this option in the policy, for the endpoints where you need more control over. In case of an attack, check the Ransomware Activity page, from where you can view the affected files and then run a restore task.
This option is available for 30 days from the event.
You can now enable sample submission through proxy to local instances in the Sandbox Analyzer > Infrastructure page. To set up a proxy, go to Configuration > Proxy.
Following the deprecation of macOS kernel extensions, Bitdefender added support for the new EndpointSecurity and NetworkExtension APIs. These ensure the compatibility between Endpoint Security for Mac, GravityZone Control Center and endpoints running macOS Big Sur (11.0). More information is available with Endpoint Security for Mac-related documentation.
- New Repair task to quickly fix issues that other way would require agent reinstall.
- The options which provide more control over the data you send to Bitdefender are now available in the Miscellaneous section of the agent package configuration window as well.
- Several content improvements.
- The agent kit download link is now available via the
- The full version of the agent kit may now be retreived via the
- The new
endpointNamefiltering option in the
getEndpointsListmethod allows you to better find the endpoints in your network.
- The instant report is now accessible by email via the
In some situations, Sandbox Portal returned a 404 error when trying to access cached reports after seven days.
iOS devices enrollment in MDM failed when the Identity and Profile Signing certificate password contained bash special characters.
- The automatic updates system was generating the "GravityZone is unable to complete" error repeatedly, although no updates were available.
- Deleted blocked detections remained displayed in the report graph.
- Control Center was displaying the Dashboard portlets in a single row when the resolution was higher than 1080p and browser scaling was at 125%.
- Offline updates failed if the HTTP traffic for GravityZone was disabled.
- Changing the NTP server address in the Control Center > Configuration page had no effect.