Bitdefender Endpoint Security Tools for Windows

The security agent now uses a new caching proxy mechanism when updating from the local relay. This feature is rolling out gradually and requires no action from your side.

Added support for removing the following incompatible security products:

Enhanced support for removing the following incompatible security products:

Added support for removing the following incompatible security products:

Added support for upcoming features available with the next major GravityZone release.

Resolved an issue where, in some situations, the security agent caused high memory usage.

Fixed an issue where the Event log was cleared after an endpoint or service restart.

Added support for removing the following incompatible security products:

The agent will no longer try to uninstall Microsoft Defender Advanced Threat Protection from endpoints.

Added support for upcoming features available with the next major GravityZone release.

Resolved an issue causing endpoints to receive excessive policy application notifications.

Fixed an issue where, in some situations, the security agent caused high memory usage.

Added support for removing the following incompatible security products:

The agent will no longer try to uninstall Microsoft Defender Advanced Threat Protection from endpoints.

Added support for upcoming features available with the next major GravityZone release.

Resolved an issue causing endpoints to receive excessive policy application notifications.

Fixed an issue where, in some situations, the security agent caused high memory usage.

Fixed an issue that caused the product installation through Relay to fail when communicating with Bitdefender Cloud Services via a proxy.

The Security content version was incorrectly displayed in the Event log area. This issue was fixed.

Resolved an issue where updates were incorrectly reported in the timeline after each service restart or system reboot, even when no updates were downloaded or when updates were disabled in the policy.

Fixed an issue that caused the product installation through Relay to fail when communicating with Bitdefender Cloud Services via a proxy.

The Security content version was incorrectly displayed in the Event log area. This issue was fixed.

Resolved an issue where updates were incorrectly reported in the timeline after each service restart or system reboot, even when no updates were downloaded or when updates were disabled in the policy.

Sentinel Agent 24.x

McAfee 1.x

VMware Carbon Black EDR Sensor 7.x

Trend Micro Apex One 14.x

Sentinel Agent 24.x

McAfee 1.x

VMware Carbon Black EDR Sensor 7.x

Trend Micro Apex One 14.x

Trend Micro Deep Security Agent 8.x

Trend Micro Deep Security Agent 12.x

Sophos Endpoint Agent 2024.x

Avast Business Security 24.x

Resolved a minor translation issue related to an Italian GUI label.

Security fixes.

Red: indicates error messages.

Green: indicates successful commands.

Blue: highlights features, making it easy to distinguish them in the text.

BEST is now compatible with Windows Server 2025 x64.

Added support for upcoming features available with the next major GravityZone release.

In some situations, the security agent caused high memory usage.

Resolved a minor translation issue related to the Vietnamese GUI label.

Fixed an issue that prevented the security agent from being compatible with a certain Security Information and Event Management (SIEM) server.

Resolved an issue where the update process failed with error -2013 during a Reconfigure Agent task.

Security fixes.

Red: indicates error messages.

Green: indicates successful commands.

Blue: highlights features, making it easy to distinguish them in the text.

BEST is now compatible with Windows Server 2025 x64.

Added support for upcoming features available with the next major GravityZone release.

In some situations, the security agent caused high memory usage.

Resolved a minor translation issue related to the Vietnamese GUI label.

Fixed an issue that prevented the security agent from being compatible with a certain Security Information and Event Management (SIEM) server.

Resolved an issue where the update process failed with error -2013 during a Reconfigure Agent task.

You can enable and disable all modules with one command.

You can set the number of minutes after which any changes made with Power User are reverted, and the GravityZone policy is reapplied.

You can add and remove exclusions for the following features: Antimalware On-access scanning, Advanced Threat Control, Ransomware Mitigation, and Network Protection.

Added support for removing the following incompatible products:

Added support for upcoming features available with the next major GravityZone release.

Fixed an issue that caused false positives when untrusted certificates ignored timeout errors during website validations.

Resolved an issue that caused excessive memory usage during the transfer of extremely large files.

Fixed an issue that caused the Bitdefender Endpoint Security Tools GUI to crash.

The issue with emails not being restored using Release to intended recipient has been fixed.

The Full Scan button in the status area is now working properly for security agents using French and German.

The issue that was causing security agent crashes has been fixed. It affected endpoints with product version 7.9.17.455, released on fast ring.

Fixed a crash during the update process. It affected endpoints with product version 7.9.11.412 or older.

You can enable and disable all modules with one command.

You can set the number of minutes after which any changes made with Power User are reverted, and the GravityZone policy is reapplied.

You can add and remove exclusions for the following features: Antimalware On-access scanning, Advanced Threat Control, Ransomware Mitigation, and Network Protection.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible products:

Fixed an issue that caused false positives when untrusted certificates ignored timeout errors during website validations.

Resolved an issue that caused excessive memory usage during the transfer of extremely large files.

Fixed an issue that caused the Bitdefender Endpoint Security Tools GUI to crash.

The issue with emails not being restored using Release to intended recipient has been fixed.

The Full Scan button in the status area is now working properly for security agents using French and German.

Added support for removing the incompatible security product Trellix Endpoint version 23.x.

BEST is now compatible with Windows 11 version 24H2.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks performed on endpoints with product versions between 7.9.4.313 and 7.9.5.318 require a reboot and are discarded afterwards. After rebooting the target endpoints, you need to run the Reconfigure agent tasks again.

Enhanced support for removing the following incompatible security products:

Added support for upcoming features available with the next major GravityZone release.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks performed on endpoints with product versions between 7.9.4.313 and 7.9.5.318 require a reboot and are discarded afterwards. After rebooting the target endpoints, you need to run the Reconfigure agent tasks again.

Enhanced support for removing the following incompatible security products:

Added support for upcoming features available with the next major GravityZone release.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks performed on endpoints with product versions between 7.9.4.313 and 7.9.5.318 require a reboot and are discarded afterwards. After rebooting the target endpoints, you need to run the Reconfigure agent tasks again.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.14.430, you must run a new Reconfigure agent task.

The issue that was causing security agent crashes has been fixed. It affected endpoints with product version 7.9.14.427, released on fast ring.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.14.428, you must run a new Reconfigure agent task.

Added support for Copilot+ PC endpoints.

Added support for upcoming features available with the next major GravityZone release.

The product installation no longer fails if the Security for Exchange module is not enabled.

The issue with emails not being restored from quarantine has been fixed.

The product installation no longer remains in progress after running a Reconfigure agent task. This issue occurred on Windows 11 systems.

The Relay agent is now completely removed using the Reconfigure agent task.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.14.427, you must run a new Reconfigure agent task.

The Power User GUI module is now available only for endpoints that use Windows 10 and higher and Windows Server 2016 and higher.

The Power User CLI module now offers suggestions when a command is incorrect or incomplete.

You can now submit raw events to both Bitdefender MDR and Security Information and Event Management (SIEM) servers.

You are now notified if the Boot-Start Driver Initialization Policy is set to Good only when installing the security agent using the local interface. This policy can cause critical errors (BSOD).

Added support for upcoming features available with the next major GravityZone release.

The module quarantined DOCX attachments despite the Attachment Filtering rule being set for executable files only.

Blacklisted email addresses managed to deliver messages even after they were added in the Connection Blacklist.

Addressed an issue where Advanced Threat Control caused critical errors (BSOD).

Created or modified files were not moved to quarantine according to active Integrity Monitoring rules.

In some situations, the EDR module caused high memory usage.

The communication between endpoints, and the Incidents server failed when using a Relay.

In some situations, the installation failed. This issue is no longer occurring.

In a particular scenario, the product installation failed on Windows Server 2022 endpoints. This issue affected endpoints with product version 7.9.11.412.

The product updates remained in progress and failed to install after scanning the system for vulnerabilities using Nessus.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.13.423, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Callback Evasion detections have been improved.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Implemented internal optimizations to enhance the performance of the security agent.

Product console commands, including Power User CLI, are no longer case-sensitive.

Added support for upcoming features available with the next major GravityZone release.

Addressed a specific scenario where the module caused critical errors (BSOD). The issue has been fixed.

The security agents could not connect to the Bitdefender Global Protective Network, when the communication was configured through Relay and the DNS was not configured.

The installation could not be completed during certain custom deployments. This issue has been fixed.

Resolved a cleanup issue in the ProgramData folder. This issue affected endpoints with product version 7.9.10.392.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.12.418, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Addressed a specific scenario where the module caused critical errors (BSOD). The issue has been fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.12.415, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Callback Evasion detections have been improved.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Product console commands, including Power User CLI, are no longer case-sensitive.

Added support for upcoming features available with the next major GravityZone release.

The security agents could not connect to the Bitdefender Global Protective Network, when the communication was configured through Relay and the DNS was not configured.

The installation could not be completed during certain custom deployments. This issue has been fixed.

Resolved a cleanup issue in the ProgramData folder. This issue affected endpoints with product version 7.9.10.392.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.12.414, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Addressed a scenario where the module caused critical errors (BSOD). The issue is now fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.412, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

In some cases, executable files added to the Blocklist could still be run. This issue has been fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.407, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

The module blocked a particular website even if it was added as an exclusion. This issue has been fixed.

The CLI version of the module displayed Ransomware Mitigation as disabled, even if it was enabled from the policy.

In some cases, endpoint users were incorrectly notified in Windows Action Center and in the local GUI that the product was out of date.

Advanced Threat Control displayed command line detections with additional spaces, leading to potentially incorrect exclusions.

The Education web category from Content Control was incorrectly translated.

The product installation failed when a reconfigure agent task was in progress, and another task started afterwards.

The security agent failed to install the latest product updates. This issue has been fixed.

In some cases, starting updates from the notifications displayed in the Windows Action Center caused the product update to fail with error 21.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.406, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

The module blocked a particular website even if it was added as an exclusion. This issue has been fixed.

The CLI version of the module displayed Ransomware Mitigation as disabled, even if it was enabled from the policy.

Advanced Threat Control displayed command line detections with additional spaces, leading to potentially incorrect exclusions.

The Education web category from Content Control was incorrectly translated.

The product installation failed when a reconfigure agent task was in progress, and another task started afterwards.

The security agent failed to install the latest product updates. This issue has been fixed.

In some cases, starting updates from the notifications displayed in the Windows Action Center caused the product update to fail with error 21.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.404, you must run a new Reconfigure agent task.

The Anti-tampering module has been removed from the local interface until it becomes available with the next major GravityZone update.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Addressed an issue where the Firewall caused critical errors (BSOD) after updating to version 7.9.10.390.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.10.392, you must run a new Reconfigure agent task.

Added support for the new Anti-tampering feature that will be released with the next major GravityZone update. The module is disabled on endpoints at the moment with no impact on the current capabilities of the security agent.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Osquery has been upgraded to version 5.11.0.

The Command Line Interface (CLI) version of the module is now the default option when selecting Power User from the system tray. The GUI version can still be accessed through the EPPowerConsole.exe file.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and requires no action from your side.

You are now notified in the local interface when:

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

In some situations, applications blocked according to Application Blacklisting rules could still be accessed. This issue has been fixed.

In some cases, the security agent services stopped when product updates remained in progress.

In some cases, the security agent remained in an active state after the uninstall process finished causing system issues.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.10.390, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Osquery has been upgraded to version 5.11.0.

The Command Line Interface (CLI) version of the module is now the default option when selecting Power User from the system tray. The GUI version can still be accessed through the EPPowerConsole.exe file.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

You are now notified in the local interface when:

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

In some situations, applications blocked according to Application Blacklisting rules could still be accessed. This issue has been fixed.

In some cases, the security agent remained in an active state after the uninstall process finished causing system issues.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.10.387, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Starting with this release, we are going to bring improvements to the endpoint update mechanism. These improvements are being rolled out in stages and require no action from your side.

In a specific scenario, the rules set through Network Protection > Application blacklisting were not applied correctly.

Security fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.9.381, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out, on fast ring. This update will be silent, with no action required from your side (no agent reconfiguration required).

In some situations, the Datto RMM integration was not working correctly after updating the security agent to product version 7.9.9.367.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.9.370, you must run a new Reconfigure agent task.

The Power User module is now also available through the Command Line Interface (CLI). This change reduces the disk size of the installed product, eliminates the Chromium dependency and supports more GravityZone features. For more information, refer to Using the Power User module.

A new Network Protection driver is being rolled out, on fast ring. This update will be silent, with no action required from your side (no agent reconfiguration required).

Added support for removing the following incompatible security products:

Enhanced support for removing the following incompatible security product:

In some situations, the Network Protection module caused performance issues.

In a specific scenario, Linux path exclusions added in the policy prevented the Antimalware On-Access scan from working correctly.

The module blocked multiple website categories that were allowed in the policy, after updating the security agent to product version 7.9.8.350.

In some cases, the security agent incorrectly reported the user last login time to the GravityZone console.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.9.367, you must run a new Reconfigure agent task.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.8.350, you must run a new Reconfigure agent task.

The Live Search feature is now compatible with ARM64 architecture CPUs.

Added support for upcoming features available with the next major GravityZone release.

Exclusions were not being taken into account when scanning registries. This issue has been fixed.

In specific cases, the security agent crashed when a new product version was available.

Addressed an internal issue that caused the product update process to fail with error -1007.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.8.346, you must run a new Reconfigure agent task.

The Live Search feature is now compatible with ARM64 architecture CPUs.

Added support for upcoming features available with the next major GravityZone release.

Exclusions were not being taken into account when scanning registries. This issue has been fixed.

In specific cases, the security agent crashed when a new product version was available.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.8.343, you must run a new Reconfigure agent task.

The Content Control module now blocks SSL connections, from non-browser processes to malicious domains. This improvement is going to be gradually enabled on all endpoints.

Added support for removing the following incompatible security products:

Enhanced support for removing the following incompatible security product:

Callback evasion notifications are now displayed for users when:

When enabled in Google Chrome and Mozilla Firefox, the Encrypted ClientHello (ECH) protocol prevented content filtering and traffic scanning.

Discovery Search Mailboxes no longer take license slots for the Security for Exchange module.

Fixed incompatibility with Ninja Agent that prevented the product from updating.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.7.336, you must run a new Reconfigure agent task.

The Content Control module now blocks SSL connections, from non-browser processes to malicious domains. This improvement is going to be gradually enabled on all endpoints.

Enhanced support for removing the following incompatible security product:

Callback evasion notifications are now displayed for users when:

When enabled in Google Chrome and Mozilla Firefox, the Encrypted ClientHello (ECH) protocol prevented content filtering and traffic scanning.

Discovery Search Mailboxes no longer take license slots for the Security for Exchange module.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.7.334, you must run a new Reconfigure agent task.

In some cases, rules configured in the policy were no longer applied after a period of time, resulting in blocked applications.

In some cases, the Firewall module crashed after changing the Network Adapter settings.

In some cases, the Support Tool generated empty or corrupted reports. This issue has been fixed.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.6.331, you must run a new Reconfigure agent task.

In some cases, the Support Tool generated empty or corrupted reports. This issue has been fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.6.330, you must run a new Reconfigure agent task.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

In some cases, the Firewall module crashed after changing the Network Adapter settings.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.6.329, you must run a new Reconfigure agent task.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

Added support for upcoming features available with the next major GravityZone release.

Users are now notified whenever the communication between endpoints and the GravityZone console cannot be established.

Users are now notified whenever communication with the Incidents Server cannot be established.

Implemented internal optimizations for enhanced stability of the security agent.

Osquery has been upgraded to version 5.9.1

The Integrity Monitoring module did not generate Change events for files that have been accessed and modified from another endpoint, through Server Message Block (SMB) protocol.

In some cases, the EDR module caused performance issues on Remote Desktop Servers (RDS), when users connected via Remote Desktop Protocol (RDP).

Security fixes.

The update process to version 7.9.5.322 fails with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.5.324, you must run a new Reconfigure agent task.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

Osquery has been upgraded to version 5.9.1

Users are now notified whenever communication with the Incidents Server cannot be established.

In some cases, the EDR module caused performance issues on Remote Desktop Servers (RDS), when users connected via Remote Desktop Protocol (RDP).

Security fixes.

The update process to version 7.9.5.322 fails with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks that are used to add new modules require endpoints reboot. After rebooting the endpoint, you must run the Reconfigure agent task again to complete the process.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

Added support for upcoming features available with the next major GravityZone release.

Users are now notified whenever the communication between endpoints and the GravityZone console cannot be established.

The Integrity Monitoring module did not generate Change events for files that have been accessed and modified from another endpoint, through Server Message Block (SMB) protocol.

In a particular situation, the exclusions defined in Web Access Control for websites did not function as intended. This issue affected endpoints with product version 7.9.4.306.

The Antimalware module can now monitor files that use the .log and .gif extensions.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

The Integrity Monitoring module generated Renamed events instead of Deleted events when a monitored file was deleted.

The module did not detect files transferred at the same time on a network share via Remote Desktop Protocol (RDP).

The security agent did not allow the safe removal of external storage devices when the Antimalware module was installed.

The module blocked a particular web address, which had been excluded in the policy, while the Web Proxy category was configured for blocking.

The Network Protection module blocked certain websites. The issue affected endpoints with product version 7.9.4.303, released on fast ring.

Security fixes.

The Antimalware module can now monitor files that use the .log and .gif extensions.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

The Integrity Monitoring module generated Renamed events instead of Deleted events when a monitored file was deleted.

The module did not detect files transferred at the same time on a network share via Remote Desktop Protocol (RDP).

The security agent did not allow the safe removal of external storage devices when the Antimalware module was installed.

The module blocked a particular web address, which had been excluded in the policy, while the Web Proxy category was configured for blocking.

Security fixes.

The Support Tool and Uninstall Tool are now console applications.

The bruteForce parameter that can be used when uninstalling the security agent is now available only for product versions starting with 7.x.

Added support for removing the following incompatible security product:

The Content Control module did not block web pages when a proxy was used. The issue affected endpoints with product version 7.9.2.290

The update process failed with error –1018 on endpoints with the Network Attack Defense module installed.

The Exchange scan was not working correctly. This issue has been fixed.

The Firewall module caused endpoints to temporarily lose network connectivity when starting services or when changing policies. This issue occurred on Windows 10 and 11 systems.

The Relay agent failed to properly remove old installation kits, leading to high disk usage.

The Sysprep tool did not work properly on endpoints with product version 7.8.3.x and higher.

Internal fixes.

The Firewall module caused endpoints to temporarily lose network connectivity when starting services or when changing policies. This issue occurred on Windows 10 and 11 systems.

The Support Tool and Uninstall Tool are now console applications.

The bruteForce parameter that can be used when uninstalling the security agent is now available only for product versions starting with 7.x.

Added support for removing the following incompatible security product:

The Content Control module did not block web pages when a proxy was used. The issue affected endpoints with product version 7.9.2.290

The update process failed with error –1018 on endpoints with the Network Attack Defense module installed.

The Exchange scan was not working correctly. This issue has been fixed.

The Relay agent failed to properly remove old installation kits, leading to high disk usage.

The Sysprep tool did not work properly on endpoints with product version 7.8.3.x and higher.

You can now create certificate hash exclusions for PowerShell scripts.

Osquery has been upgraded to version 5.8.1.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

In some cases, the Firewall module blocked applications already excluded in the policy.

The module postponed the application of patches if the Relay server was not reachable.

The module could not quarantine Java Archive files, even though the archives could be deleted.

The Network Protection module prevented browsers from accessing web pages when Web Access Control was enabled. The issue occurred after updating the security agent to version 7.9.2.289, released on fast ring.

The local console failed to open when accessed from Start Menu. The issue occurred after updating the security agent to version 7.9.1.285.

The local console displayed the default contact information for technical support when the language was changed, instead of the details defined in the policy.

You can now create certificate hash exclusions for PowerShell scripts.

Osquery has been upgraded to version 5.8.1.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following security products:

In some cases, the Firewall module blocked applications already excluded in the policy.

The module postponed the application of patches if the Relay server was not reachable.

The module could not quarantine Java Archive files, even though the archives could be deleted.

The local console failed to open when accessed from Start Menu. The issue occurred after updating the security agent to version 7.9.1.285.

The local console displayed the default contact information for technical support when the language was changed, instead of the details defined in the policy.

Bitdefender has optimized LSASS detection reporting for less traffic and less disk space required to store events on endpoints.

The endpoint users are no longer distracted by Integrity Monitoring status alerts whenever a Suspend or Resume task runs.

Added support for upcoming features available with the next major GravityZone release.

The Antimalware module caused a system slowdown when copying files from network shares.

Custom scan displayed incorrect paths in the local scan log when multiple scan tasks occurred at the same time.

Addressed an issue where Advanced Threat Control caused critical errors (BSOD) after updating to version 7.9.1.280 released on fast ring.

The Live Search feature was unavailable on endpoints although it was enabled in the policy.

The security agent blocked Remote Desktop connections when the Network Attack Defense module was enabled in the policy along with the Scan RDP option.

In a particular case, the Content Control module prevented PDF files from being downloaded from a website. The website remained in a loading state and eventually displayed the page as inaccessible.

Events generated by the Data Protection rules displayed IPs instead of web addresses when keyword filters were added for web traffic.

The default policy was assigned on endpoints instead of the correct policy when assignment rules applied.  The default policy did not contain the previous assignment rules.

Multiple managed endpoints could not communicate with the GravityZone console and were listed as unmanaged.

The logging session started when gathering support tool logs using command line or from the GravityZone console remained active for long periods of time.

Addressed a specific scenario where the product caused critical errors (BSOD). The issue is now fixed.

Addressed an issue where Advanced Threat Control caused critical errors (BSOD) after updating to version 7.9.1.280 released on fast ring.

Events generated by the Data Protection rules displayed IPs instead of web addresses when keyword filters were added for web traffic.

The endpoint users are no longer distracted by Integrity Monitoring status alerts whenever a Suspend or Resume task runs.

Added support for upcoming features available with the next major GravityZone release.

The Live Search feature was unavailable on endpoints although it was enabled in the policy.

The security agent blocked Remote Desktop connections when the Network Attack Defense module was enabled in the policy along with the Scan RDP option.

In a particular case, the Content Control module prevented PDF files from being downloaded from a website. The website remained in a loading state and eventually displayed the page as inaccessible.

Custom scan displayed incorrect paths in the local scan log when multiple scan tasks occurred at the same time.

The default policy was assigned on endpoints instead of the correct policy when assignment rules applied.  The default policy did not contain the previous assignment rules.

Multiple managed endpoints could not communicate with the GravityZone console and were listed as unmanaged.

The logging session started when gathering support tool logs using command line or from the GravityZone console remained active for long periods of time.

Addressed a specific scenario where the product caused critical errors (BSOD). The issue is now fixed.

The Bitdefender Endpoint Security Service crashed during Patch Management assessment when unavailable patches were returned. The issue occurred on endpoints with version 7.8.4.269, released on fast ring.

Microsoft Office 365 was not included in the Patch Management scan. This issue is now fixed.

Policies were not being assigned on endpoints when using a location assignment rule with hostname.

An incorrect path was created when installing security agents with Relay role. This behavior led to inaccurate rules in Windows Firewall and affected versions starting with 7.7.2.x.

The security agent installation crashed on Windows Server 2016 endpoints with a very large number of certificates.

Live Search is no longer supported for x86 architecture endpoints.

Policies were not being assigned on endpoints when using a location assignment rule with hostname.

Microsoft Office 365 was not included in the Patch Management scan. This issue is now fixed.

An incorrect path was created when installing security agents with Relay role. This behavior led to inaccurate rules in Windows Firewall and affected versions starting with 7.7.2.x.

The security agent installation crashed on Windows Server 2016 endpoints with a very large number of certificates.

Live Search is no longer supported for x86 architecture endpoints.

The Content Control exclusions did not work properly when using a blocking action in Web Access Control Scheduler on endpoints with product version 7.8.3.263.

You can now execute Live Search queries using the command line interface. The Live Search feature is part of the Early Access programs.

Security content updates are now automatically performed with each product update to ensure optimal performance. 

Added support for upcoming features available with the next major GravityZone release.

Bitdefender Endpoint Security Tools has removed some processes and folders from the exclusions lists on Exchange servers to improve performance and stability. For more information, refer to the official Microsoft documentation.

In certain scenarios, endpoints encountered critical errors (BSOD) when the Advanced Threat Control module was active.

Fixed an issue that caused Content Control to create a temporary Windows profile for automatic logins.

The Content Control module prevented the GravityZone console from properly reporting blocked web addresses and the applied web rules in the Blocked Websites report.

Removed the unused caching database files on partitions smaller than 1GB.

Fixed an issue where the Antimalware module failed to report detections of infected browser plugins in certain scenarios.

Fixed an issue that caused cached DNS servers to be used for EDR submission.

Fixed an issue that caused Integrity Monitoring to generate empty reports.

The security agent caused high CPU usage on Microsoft Windows Server 2019.

You can now execute Live Search queries using the command line interface. The Live Search feature is part of the Early Access programs.

Security content updates are now automatically performed with each product update to ensure optimal performance. 

Added support for upcoming features available with the next major GravityZone release.

In certain scenarios, endpoints encountered critical errors (BSOD) when the Advanced Threat Control module was active.

Fixed an issue that caused Content Control to create a temporary Windows profile for automatic logins.

The Content Control module prevented the GravityZone console from properly reporting blocked web addresses and the applied web rules in the Blocked Websites report.

Removed the unused caching database files on partitions smaller than 1GB.

Fixed an issue where the Antimalware module failed to report detections of infected browser plugins in certain scenarios.

Fixed an issue that caused cached DNS servers to be used for EDR submission.

Fixed an issue that caused Integrity Monitoring to generate empty reports.

The security agent caused high CPU usage on Microsoft Windows Server 2019.

Fixed an issue that prevented the Network Attack Defense module from updating security content.

GravityZone assigned the default policy instead of the new policy when applying new assignment rules.

Fixed an issue that prevented policies from being applied to endpoints.

Fixed an issue that caused the security agent to create database registry files on partitions smaller than 1 GB.

In certain scenarios, endpoints encountered critical errors (BSOD) when the Antimalware module was active.

Fixed an issue that caused the Antimalware module to prompt users to take actions on clean files.

Fixed an issue that prevented the Reconfigure Client task from being applied to BEST Linux endpoints when using Windows Relay as an update server.

Fixed an issue that prevented Content Control from blocking websites on newer editions Windows Server 2019 and Windows Server 2022.

The security agent caused high CPU usage on Microsoft Windows Server 2019.

The security agent now automatically scans USB devices before users log into the Windows system.

Added support for Windows 11 Enterprise Multi-Session (22H2).

Added support for Windows ARM64 CPUs. The following features are supported:

The following features are not yet supported:

Support for these features on Windows ARM64 will be added in time.

In some cases, the Bitdefender Endpoint Protected Service generated high RAM usage after updating endpoints to version 7.8.1.241.

Fixed an issue that caused multiple website false positives when using Bitdefender EDR.