GravityZone (Cloud-based) Release Notes for March 2019 Update
- Live Response via Terminal Sessions.
Establish remote sessions with endpoints from GravityZone Control Center and execute commands in real-time on their operating system:
- Use the Remote Connection tab added to each incident page to establish a terminal session with the involved endpoint.
- Run commands on endpoint in the terminal session to remediate the threat immediately (delete files, terminate processes) or collect data for further investigation (list files, processes, registry keys information).
- Leverage the network isolation action on all Windows operating systems.
The Isolate action for endpoint nodes in incident views is available now for both Windows desktop and server operating systems, whether if the Firewall module is available on the endpoint or not.
- Better visibility on important incidents.
Two new tabs added to the Incidents page help you discriminate between incidents requiring immediate action and the threats already blocked by Bitdefender. All suspicious activity requiring action and investigation appears under Investigate tab, while the Review tab reveals threats contained by automatic block actions.
- Select and edit multiple incidents at once.
New option to change the status of multiple incidents at the same time from the Incidents page. You can select multiple incidents while navigating through several entries, and then easily change their status using the Bulk Operations button.
Full Disk Encryption
- Encryption on macOS is now performed by FileVault for the boot drive and by the diskutil command-line utility for the non-boot drive.
- GravityZone now takes ownership for macOS boot drives encrypted with FileVault.
- You can now submit password-protected archives from the Manual Submission page.
Windows Defender ATP Integration
- A new and optimized integration flow based on Microsoft Azure Active Directory, replacing the existing one. If you have an active integration, follow these guidelines to switch to the new integration.
- New event types (Process create, User session, and Network connections).
- Added response actions from Windows Defender Security Center (Trigger remote scan, Isolate machine).
Future updates related to this integration will be available only for GravityZone Ultra Security. If you want to receive these updates, consider upgrading your GravityZone solution.
- You can now receive notifications for license usage on servers.
- Syslog events are now available in Common Event Format (CEF) via Event Push Service API.
The malware status reported by endpoints is now more accurately calculated and displayed in GravityZone reports and portlets:
- The Still Infected status has been changed to Unresolved.
- Removed the reporting interval options containing "last" ("last week" or "last 2 months") from scheduled reports.
This change affects all existing scheduled reports. You may need to edit your scheduled reports and select another reporting interval option.
- Improvements in policy assignment and deployment troubleshooting.
- The Malware Activity report has become deprecated. The malware information from this report will be moved to another report in a future update.
- Corrected the error messages displayed when creating the AWS integration with incorrect ARN / external ID.
- Several minor bug fixes regarding GravityZone Control Center functionalities.