Skip to main content

GravityZone Control Center 

May 2025 (Version 6.63.0-1)

New features

Network Vulnerability Scanner

The Network Vulnerability Scanner is a new Network Sensor Virtual Appliance (NSVA) functionality, and part of Endpoint Risk Analytics (ERA). It monitors the network to detect open ports, identify active applications, and locates known vulnerabilities (CVEs) linked to those applications. This feature supports proactive security assessments by offering insights into services exposed on the network and identifying potential security risks.

After updating to this version of GravityZone, the status of any Network Sensor in Sensors management will be set to Action Needed because the Network Vulnerability Scanner needs to be set up.

The status changes as follows:

  • If both Network Sensor and Network Vulnerability Scanner are Active, the status will be Active.

  • If either Network Sensor or Network Vulnerability Scanner is not Active, the status will show the status of Network Sensor by default.

  • If one is Active and the other is not, the status will be set to Action Needed.

Compliance Manager now generally available

With this GravityZone version, the Early Access feature previously known as Compliance is generally available under its new name: Compliance Manager.

Compliance Manager offers continuous visibility into endpoint compliance status based on widely adopted industry standards. As a GravityZone user, you can:

  • Assess compliance posture: View a summary of your organization’s compliance status against specific standards.

  • Review detailed controls: Examine individual compliance controls, with detailed scoring and breakdown to identify areas needing improvement.

  • Simplify reporting and auditing: Generate comprehensive compliance reports with a single click, streamlining audit preparation.

You can find the feature settings on the Compliance manager page in the Control Center main menu, under Risk management.

All companies with access to the Risk management page included in their base license have access the Compliance manager page. Full access to a basic standard (Bitdefender Cyber Hygene Baseline for Windows), including the reporting functionality, is provided at no additional cost.

However, to access and download reports for advanced standards, such as GDPR, PCI DSS, or SOC 2, a Compliance Manager add-on license is required.

The Compliance Manager add-on is available for companies with both yearly and monthly subscriptions.

Improvements

Network

  • Added a right-click menu for multiple selected entities, providing quick access to relevant actions. The menu features categorized drawers and a searchable interface to streamline workflow and improve usability.

  • Two new filters and columns, Deleted (generally available) and Migrated (exclusive to MSP companies), have been introduced for companies to enhance entity management and improve visibility.

Network Protection

  • Added a new Server Traffic Scan section under Network Protection > Network Attacks in GravityZone policies, focusing on scanning incoming traffic on servers. This includes a dedicated subsection for intercepting encrypted traffic on servers, specifically targeting Domain Controllers, to enhance visibility and control over encrypted network communications.

  • Renamed Scan RDP to Inspect RDP Traffic and moved it from Network Protection > General to Network Protection > Network Attacks > Network Attack Defense for improved contextual alignment.

PHASR

Improved the accuracy of rule trigger count calculations.

Policies

Minor improvements to interface texts in several sections of the policy settings.

Public API

The following public API methods were updated to support the Compliance Manager add-on:

  • Companies API

    • The manageComplianceManager and manageComplianceManagerResell parameters are now available for the createCompany method.

  • Licensing API

    • The manageComplianceManager and manageComplianceManagerResell parameters are now available for the setMonthlySubscription method.

    • The getLicenseInfo, getMonthlyUsage and getMonthlyUsagePerProductType methods now return the complianceMonthlyUsage attribute.

  • Network API

    • The getNetworkInventoryItems method now returns the manageComplianceManager and manageComplianceManagerResell attributes.

Risk Management

The CIS compliant smart view has been removed from the Findings and Identity risks page. Users can now create and save their own custom views with this standard.

Reports

The Simplified Monthly License Usage and Monthly License Usage reports have been updated to include information about Compliance Manager.

Resolved issues

Ransomware Mitigation

Fixed an issue where wildcards were incorrectly permitted in folder-type exclusions for the Ransomware Mitigation module in the Configuration profiles section.

GravityZone platform

  • Resolved an issue where certain sections of the GravityZone console were not correctly translated into Chinese and Korean.

  • Security fixes.

XDR

For users from Azure AD with the on-premises sync enabled, the Force credentials reset and Disable user response actions are now persistent and no longer reverted by the synchronization processes.

Network

Fixed an issue where users were unable to create scheduled restart tasks in the redesigned Network section when the account language was set to Portuguese.

Known issues

PHASR

When using policy inheritance, PHASR settings are not passed to the Risk management section. Therefore, settings in a source policy do not apply to inheriting policies. 

May 2025 (Version 6.62.0-2)

Improvements

Proactive Hardening and Attack Surface Reduction (PHASR)

Improved policy configuration capabilities for increased flexibility and granularity, alongside updates and minor fixes to the PHASR Dashboard.

Resolved issues

EDR & XDR

Resolved an issue where, in particular scenarios, the Incidents grid displayed a duplicate incident with an incremented ID. Incidents are no longer duplicated in the grid.

April 2025 (Version 6.61.1-1)

New features

Proactive Hardening and Attack Surface Reduction (PHASR)

PHASR provides a comprehensive view of your internal attack surface, helping reduce exposure by identifying and mitigating exploitable attack vectors within your environment.

The feature capabilities are centered around two key stages:

  • Learning phase

    PHASR begins with a learning phase, where it continuously monitors user behaviors and system interactions to understand typical activity patterns. This phase can last up to 30 days. If EDR is enabled and sufficient historical data is available, the learning phase may complete sooner.

  • Attack surface reduction

    Once the learning phase concludes, PHASR generates targeted recommendations to reduce the attack surface. These recommendations focus on neutralizing potential threats categorized as:

    • Living Off the Land Binaries (LOLBins)

    • Tampering tools

    • Piracy tools

    • CryptoMiners

    • Remote administration tools

Each recommendation is tied to behavioral profiles, which are unique user-device pairs. A single user with multiple devices may appear across different recommendations.

The attack surface includes all potential attack vectors through which a malicious actor could gain unauthorized access or exploit system vulnerabilities. PHASR helps you minimize this surface by proactively detecting and addressing misuse of legitimate tools and binaries before they are weaponized.

Note

PHASR is available only as a separate add-on and requires a license that provides access to the EDR feature. You can enable the feature from the policies applied to your managed endpoints.

New Network in general availability

Starting with this update, the redesigned Network section completely replaces the previous version. The new section provides improved interface and functionality, and a more intuitive navigation, making it easier to view, manage, and organize your network environment.

  • Create companies and groups

  • Rename, move, or delete entities

  • Assign policies or Security Servers

  • Improved visualization:

    • Tree view: Displays endpoints organized by their folder hierarchy. Includes a search function for quickly locating specific endpoints.

    • Smart views: A flat, centralized list of predefined and customizable profiles with advanced filtering and sorting options.

  • Streamlined navigation:

    • The interface enables seamless navigation through the network hierarchy with new filters, additional columns, and enhanced sorting capabilities.

    • Your position is now remembered as you navigate through GravityZone, reducing the time spent returning to your previous view.

  • Inline action menu allowing quick actions:

  • Clipboard integration:

    • Copy entity details directly to the clipboard, streamlining administrative tasks and external reporting.

  • Flexible layout and filtering:

    • Full column customization: Show/hide, reorder, and resize columns to suit your needs.

    • All columns support filtering and sorting, and filters persist even when switching views or navigating.

MSP

  • Companies using monthly subscriptions can now enable EDR data retention add-ons to store raw events for extended periods. To activate a data retention add-on, the EDR add-on must also be enabled for the company. Only one data retention add-on can be active at a time.

  • The PHASR add-on is now available for companies with monthly subscriptions that are using Secure, Secure Plus, or Secure Extra protection models.

GravityZone platform

  • The IntelliZone page is now available. It allows you to access the IntelliZone console directly from GravityZone.

  • Password expiration settings for the Security Server and Network Sensor Virtual Appliance can now be configured directly in the GravityZone console. This option can be found under Configuration > Security Server Settings > Privacy.

  • GravityZone Control Center is now available in dark mode. The new visual theme is designed to enhance user comfort during extended periods of use while maintaining full functionality and accessibility.

    Under the right-hand side user menu you can choose between three themes:

    • Dark theme

    • Light theme

    • System theme (default)

Policies

  • The new Blocklist section allows you to customize your blocklist settings in GravityZone to prevent specific files, applications, or network connections from running or accessing your system.

    The Application Hash feature now supports additional file types: DLL files on Windows, .dylib files on macOS, and .so files on Linux. Script files are also supported on all Operating Systems.

    For more granular control, blocklist rules defined at the company level in GravityZone can now be enabled or disabled within the policy assigned to endpoints.

  • The Relay page in the policy settings includes a new section for whitelisted domains, allowing Live Search API results upload.

EDR & XDR

You can now export your incidents grid as a CSV file by clicking the new Export view icon on the top right of the Incidents page. The entities and resources columns are dynamically generated. If no incidents involve a particular resource or entity, the corresponding column will not be displayed. Up to 10,000 incidents can be exported at a time. We recommend adjusting the search options if your dataset exceeds this number.

Public API

  • EDR data retention and PHASR MSP add-ons

    To facilitate the implementation of the PHASR, EDR Data Retention 90 days, EDR Data Retention 180 days, and EDR Data Retention 1 year add-ons for MSP, the following API methods have been updated:

    • Companies API

      • The edrDataRetention, managePHASR, and managePHASRResell parameters are now available for the createCompany method.

    • Licensing API

      • The edrDataRetention, managePHASR, and managePHASRResell parameters are now available for the setMonthlySubscription method.

      • The getLicenseInfo method now returns the edrDataRetention, managePHASR, and managePHASRResell attributes.

      • The getMonthlyUsage method now returns the edrStorage90DaysUsage, edrStorage180DaysUsage, edrStorage1YearUsage, and phasrMonthlyUsage attributes.

      • The getMonthlyUsagePerProductType method now returns the phasrMonthlyUsage, edrStorage90DaysUsage, edrStorage180DaysUsage, edrStorage1YearUsage, and phasrMonthlyUsage attributes.

    • Network API

      • The getNetworkInventoryItems method now returns the managePHASR attribute.

  • Accounts API

    • The authenticationMethod parameter is now available for the updateAccount method.

    • The getAccountDetails and getAccountsList methods now return the authenticationMethod attribute.

  • Network API

    • The runLiveSearchQuery method is now available. It allows you to use the Live Search function, which retrieves information about events and system statistics directly from online endpoints using Osquery, an operating system instrumentation framework that uses the SQLite query language.

      To upload the results of a live search to an S3 bucket, you need to set up your AWS (Amazon Web Services) cloud platform in advance.

  • Patch Management API

    The Patch Management API provides several methods that allow you to access and integrate key functionalities of the Patch Management module. It is being released with the following methods:

    • getMissingPatches - Retrieves a list of missing patches (security and non-security) for specified endpoints.

    • getInstalledPatches - Retrieves a list of patches that are installed on specific endpoints.

Improvements

Policies

Policies now feature a redesigned layout for the General and Antimalware sections, with improved interface texts and a revamped left-side menu.

  • Settings in the General category are reorganized under three new sections: Policy, Agent, and Relay.

  • All other sections are grouped under a new Protection & Monitoring category.

  • Policy inheritance rules and Antimalware exclusions now appear on separate pages for better visibility.

  • A new search capability helps you quickly find specific pages, sections, and labels, in all languages supported by GravityZone.

  • Status indicators in the menu provide at-a-glance insights into your security posture.

EDR & XDR

  • The New Incident notification has been renamed to Incident activity and has enhanced functionality. You can select the Receive notifications for incident updates option to be notified not only about each new incident, but also about each updated incident within one hour of the last notification for it.

    Only incidents with the configured minimum severity will trigger Incident activity notifications.

  • The new rule target Companies is available for the custom rules. Partners can now apply rules to any selected managed companies.

  • The integration of the Active Directory sensor is now supported on machines with the Certificate Authority role, enabling you to monitor certificate-related incidents across your domain.

    Prerequisite steps must be completed before deployment. For more information, refer to The Active Directory sensor.

    Important

    The integration on these servers requires BEST version 7.9.22.x or later.

  • New details are now available in the Sensors Management grid. The Response status column shows whether you can respond to incidents detected through each integration.

    If the response status is Action needed, the detailed errors will be displayed in the integration's details panel.

    The response status is updated following integration save and disable actions, as well as after performing a related response action.

Raw events

Bitdefender Partners can now view and configure Raw Events settings for managed companies where they have security management rights. Companies are visible only if they have a license that provides access to the EDR feature. Data is available only if the selected company has a license that provides access to EDR data retention data.

Firewall

The Firewall rule mechanisms in GravityZone have been enhanced to improve validation and enforcement. As a result of this update, some Firewall rules within policies may have been disabled due to missing application paths. To restore full functionality, review the affected rules and provide the correct application paths.

Blocklist

The Blocklist feature has been expanded to include the following file types: .exe, .bat, .js, .vbs, .ps1, .jar, .scr, .dll, .hta,  .reg, .lnk, .msi, .cpl, .com, .pif, .tmp, .cmd.

Resolved issues

GravityZone platform

  • The Antiphishing Activity portlet now correctly redirects you to the corresponding detailed report.

  • Resolved an issue where certain sections of the GravityZone console were not correctly translated into Chinese and Korean.

  • Security fixes.

EDR

Resolved an issue that caused automatic EDR exclusion generation to fail when triggered from incident alerts details displayed in other areas than Incident's Graph tab, such as the Events tab. The action now works consistently across all relevant interface sections.

Network

Fixed a filter issue that caused failures in endpoint visibility and task creation.

Known issues

Blocklist

Application paths blocked on Linux endpoints may incorrectly appear in the Security Audit and Blocked Applications reports as being blocked by Content Control instead of Blocklist.

March 2025 (Version 6.60.1-1)

Improvements

GravityZone platform

Implemented multiple infrastructure enhancements for GravityZone.

Integrations

The minimum requirements for sending events from GravityZone to SIEM platforms without HTTPS listeners have changed. The target server must now run on Ubuntu 24.04 LTS. For more information, refer to Generic integrations for SIEM platforms without HTTPS listeners.

Resolved issues

GravityZone platform

Security fixes.

March 2025 (Version 6.59.2-1)

New features

Antimalware

Advanced Threat Control now includes fresh capabilities. The new Kernel-API Monitoring option enables advanced kernel-level monitoring, allowing the detection of unusual system behaviors and safeguarding against exploitation attempts that target system integrity.

The feature strengthens Advanced Threat Control’s ability to detect and mitigate sophisticated attack techniques early in the attack chain and protects against threats leveraging vulnerable drivers to undermine the security solution.

The option is disabled by default but you can enable it in the policy under Antimalware > On-Execute > Advanced Threat Control. As this feature introduces deep monitoring capabilities, we recommend testing it in a controlled environment first to assess its impact and compatibility with your system.

February 2025 (Version 6.59.1-1)

Early Access

New Network

  • Two brand new actions have been added to the new Network section:

    • Suspend endpoint protection

    • Resume endpoint protection

    These actions enable you to manage endpoint security efficiently while maintaining full control over the suspension process.

    The newly added actions are compatible only with Windows and require agent version 7.9.20 or later.

  • The new Network section has more redesigned actions:

    • Set as AD Integrator

    • Remove AD Integrator

    • Remove AD Integration

    Additionally, new filtering options for AD Integrator and AD Integration make it easier to find relevant entities.

Improvements

Anti-tampering

Anti-tampering detections are now available in Threats Xplorer. You can view security events related to Callback Evasion and Vulnerable Drivers technologies and filter them by module, technology, or threat type.

Product Trials

Companies using GravityZone Small Business Security can now explore newly added products:

  • Web Access and Device Control

  • Network Attack Defense and Risk Management

Accounts

The Concurrent sessions option is now available when creating or editing GravityZone accounts. When the option is enabled for an account, its user is able to log in to the GravityZone console from multiple browser sessions. If disabled, any existing session will be terminated and the user will automatically be logged out when a new session is started.

The option can also be found in the My account window, under the Login Security section.

XDR

  • Custom exclusion rules

    • Criteria in the Exclusion rule definition tab are now displayed in order of technology.

    • If a criterion in the Exclusion rule definition tab has only one applicable operator, it is automatically selected in the Select operator field.

    • You can now automatically create custom exclusion rules when viewing XDR alert information.

    • New criteria compatible with Atlassian Sensor detections are now available.

    • The Registry criterion is now available.

  • Azure AD sensor

    The Azure AD sensor now ensures faster event retrieval from Microsoft Entra ID when integrated using Azure Event Hubs in addition to the previously used Microsoft Graph API.

    The new option requires specific prerequisite steps and providing the Azure Event Hubs credentials. To read more, refer to The Azure AD sensor.

Risk Analytics

A new compliance report is now available for the Risk Analytics feature: Digital Operational Resilience Act (DORA). The report is applicable to endpoints and you can access it from the Risk Management dashboards page.

Blocklist

Path blocklist support now extends across platforms by removing the .exe extension requirement and ensuring compatibility with macOS and Linux path structures.

Resolved issues

Policies

Fixed inconsistent numbers displayed in the Active/Applied/Pending column on the Policies page for Customer company accounts.

GravityZone platform

  • Resolved an issue where the BEST deployments errors link from a failed installation task was incorrect. The link now correctly redirects to the appropriate error details.

  • Security fixes.

January 2025 (Version 6.58.0-1)

Early Access

New Network

The new Network section now has more actions and improved functionalities, including:

  • Assign policy

  • Remote shell

  • Move entities

  • Assign Security Servers

  • Update Security Server

  • Risk scan

  • Run network discovery

  • Submit to Sandbox Analyzer

  • Recovery manager

An inline menu now provides quick access to common actions: create companies and group folders, rename, move, and delete entities, and assign policies and Security Servers. Other improvements include the ability to copy entity details to the clipboard and navigate through GravityZone while remembering your network location.

Improvements

GravityZone platform

This update enhances the GravityZone navigation system by introducing new functionality and usability of menu entries, and more. Each menu entry is now a unique URL that browsers can directly interpret, improving multitasking and bringing a smoother and seamless user experience.

Key updates include:

  • All main menu and header menu items now have unique URLs. You can open a menu entry in a new tab or window, or access it by entering its specific URL.

  • Multiple GravityZone sections provide deeper URLs for navigation.

  • You can use the browser’s Back and Forward buttons to move between previously accessed sections.

  • Refreshing the GravityZone console no longer redirects you to the landing page.

Policies

The Exchange Protection section has a new design and improved interface texts.

Executive Summary

This update brings a few enhancements designed to improve the user experience:

  • Added new buttons on the right corner of the page for enhanced functionality: Refresh, Fullscreen, Hide filters / Show filters, and Reset filters.

  • The Company selector is now positioned on the left side of the page for better accessibility.

  • The Reporting period button is the new time interval selector and is positioned on the left side of the page.

  • The Actions drop-down menu was split and now consists of two separate buttons: Export and Create report.

Control Center

New widgets are available on the MSP landing page, offering additional features and information to create a more complete and engaging user experience. These updates are designed to enhance usability and accessibility.

XDR

  • Threat actor information is now available for XDR incidents in the Incidents page. You can find the data under the Actors column.

    A filter with the same name is also available, allowing you to filter incidents based on associated threat actors.

  • The Suspected Actors section in an incident's Overview tab now includes a new link. This link, found in the Involved in information, directs you to the Incidents page with a pre-applied filter to display related incidents.

GravityZone authentication

When you authenticate via SSO with a 3rd party identity provider (IdP) in GravityZone Control Center and other IdP-linked applications, you will now be automatically logged out of all the applications in either of the following cases:

  • You log out of GravityZone Control Center or any of the other applications.

  • You log out of the identity provider.

Resolved issues

GravityZone platform

  • Resolved an issue that prevented the use of email addresses with multiple dashes when configuring notification settings.

  • Resolved an issue that prevented some users to close the pop-up windows created by the Explore MSP feature.

  • Security fixes.

Container Protection

Resolved an issue causing Container Protection to appear as licensed in the General and Protection tabs under Network > Endpoint details, even though the GravityZone Security for Containers add-on had expired.

November 2024 (Version 6.57.0-1)

Early Access

New Network

The new Network section now has more actions and improved functionalities, including:

  • Resume integrity monitoring

  • Suspend integrity monitoring

  • Update agent

  • Patch scan

  • Delete

Compliance

The Compliance feature is now available for Early Access.

This new feature provides immediate and continuous visibility into your endpoint compliance posture across numerous widely-adopted industry standards. The Compliance page empowers you to:

  • Assess compliance posture - View an at-a-glance summary of your organization’s compliance status relative to specific standards.

  • Review detailed controls - Access a list of individual compliance controls, organized by their respective sections, along with a detailed score for each, helping to pinpoint areas for improvement.

  • Streamline reporting and auditing - Simplify and accelerate your compliance reporting process with our one-click report generation capability, allowing faster and more effective audit preparations.

This new feature enables you to stay proactive in maintaining regulatory standards and optimizing security efforts with comprehensive insights and convenient reporting options.

New features

Antimalware

  • Two new options are now available for all on-demand scheduled scan tasks in Policies and for Network Scan, Memory Scan, and Custom Scan in the Network page:

    • Pause scan when computer is in Battery mode: this option helps you pause the scanning process on endpoints running on battery power and automatically resume it once they are plugged back in.

    • Enable CPU usage control: this option allows you to adjust the CPU usage allocated for the scanning process and tailor the scan performance to your needs. You can choose from three levels: Low, Medium, and High.

  • You can now create exclusions for Sensitive Registry Protection using specific IP addresses or a subnet mask. This allows trusted systems to perform necessary registry changes without triggering protection policies. You can add the exclusion in Configuration Profiles using the new option ATC/Sensitive Registry Protection and the IP/mask object type.

XDR

A new sensor integration is available: Atlassian Cloud.

By integrating with Atlassian Cloud apps, your organization gains extensive threat detection, event monitoring, and response capabilities.. This integration effectively addresses security risks that may impact your Atlassian ecosystem, covering Confluence, Jira, and Bitbucket.

EDR

YARA detection rules are now generally available. This feature allows you to define queries that are used to scan endpoints for malicious actions. You can generate custom alerts and security incidents based on these scans.

You can manage the YARA rules on the Incidents > Custom detection rules page.

This feature is available for EDR licenses, with the exception of those that offer only deployment in EDR (Report only) mode.

Licensing

  • The Buy compatible products section is now available in the Purchase tab of the > My company page.

    The section displays a list of products that are compatible with your current main license which you can purchase directly from GravityZone. You can enter a trial to test out the products, or purchase them directly.

  • The Usage breakdown column in the Companies page has been improved to offer a clearer view of each company's license usage. The same improvements have been applied to the Licensing tab in the My Company window. The improvements apply only to companies using monthly subscriptions.

  • On the Product Hub page, products that are eligible for direct purchase from GravityZone are marked with a Buy now tag. Clicking on their cards will take you to their individual hub page, where a purchase option is available.

Integrations

New integrations are available for the following SIEMS:

  • FortiSIEM

  • Elastic

  • LogRhythm

Accounts

A new authentication method is available in the Login Security section, located in the account settings on the Edit account and Add account pages. This method regards the option Login using GravityZone Identity Provider, which enables you to authenticate using the GravityZone Identity Provider corresponding to your region.

Our identity providers use the existing two-factor authentication, so no new or additional credentials will be required.

For more information about configuring SSO in Control Center using the GravityZone Identity Provider, refer to Configuring SSO in Control Center using the GravityZone Identity Provider.

Improvements

Network Protection

You can now edit the policy assignment of a specific schedule from Configuration Profiles > Web Access Control Scheduler > Edit schedule assignment.

XDR

  • You can now create exclusion rules on XDR parameters to prevent specific interactions between entities and resources in your organization from generating incidents.

    The Historical search section still contains the alerts that would have triggered incidents. You can use the other.rule_id: <rule_id> query to identify them.

    Note

    Rules created prior to this update do not apply to XDR technology, even if they use only criteria parameters with no tags. To adapt these rules, go to the Custom exclusion rules page, open each of them for editing, review the existing settings, and save the rule.

  • New fields are now available for creating custom exclusion rules. The EDR functionality has been enhanced with additional exclusion parameters, allowing you to exclude events and behaviors related to user connections and email activity on your endpoints.

These capabilities are accessible both through the GravityZone console and via the Incidents APIs, specifically the createCustomRule and getCustomRulesList functions.

GravityZone platform

Scan actions were changed throughout the GravityZone console as follows:

  • Ignore and Take no action were renamed Report only.

  • Disinfect was renamed Remediate.

  • Delete was removed entirely, and its functionality has been replaced by Remediate.

  • Only primary actions are now available for infected objects. The alternative actions were removed.

  • All actions for suspicious files were removed.

These changes are visible in the policies, tasks, reports, notifications, and other sections such as Threats Xplorer.

Risk Analytics

  • The Risk Management feature has been redesigned and several pages have been renamed for better cross feature uniformity:

    • The Misconfigurations page is now called Findings.

    • The User behavior risks page is now called Identity risks.

    • The Devices page is now called Resources.

    • The Users page is now called Identities.

    Subsequently, all the columns and headers corresponding to the new names have been adjusted as well.

  • Findings associated to Cloud resources are now available in the Risk Management section, providing a better understanding of the security posture and hardening of the organization.

    To view these findings you require a CSPM+ license and a GravityZone base license that provides access to the Risk Management feature.

  • The Roll back fix option is now available, allowing you to revert fixes applied for findings and resources.

Policies

  • The following sections now feature a new design and improved interface texts:

    • Firewall

    • Network Protection

    These sections add up to those previously revised. The remaining sections will gradually migrate to the new design in future GravityZone releases.

Public API

  • Accounts API

    • The getAccoutDetails method is now available.

  • Incidents API

    • Added additional Detections and exclusion values, criteria, and parameters for the createCustomRule method. You can include them in requests to add exclusion for XDR incidents.

      For more information on custom exclusion rules refer to this KB article.

    • The getCustomRulesList method now returns the filters parameter.

Reports

Made key enhancements to the CSV version of the License Status report for managed service providers (MSPs), including renamed, replaced, and new columns to clarify license allocation and availability details for monthly subscription clients.

If your company is using monthly subscription and you are employing scripts that use of the License Status report, we recommend updating them promptly to ensure continued compatibility with these changes.

Container Protection

A new variable has been added to the command that installs a Security Container on a Linux server with Docker installed. The Certificate Signing Request token BSC_CSRTOKEN is available in the installer.xml file.

The same parameter has been added to the command that deploys a Security Container instance on a cluster. You can find the csrtoken value in GravityZone Control Center by selecting your installation package and then clicking Download > Security Container.

Ransomware Mitigation

The new EFS Protection feature has replaced Ransomware Vaccine. You can access EFS Protection under Antimalware > On-Execute > Ransomware Mitigation.

Resolved issues

Risk Analytics

  • Resolved a minor rounding issue causing lower risk score calculations.

  • Fixed an issue causing outdated data to be considered in risk score calculation.

Note

These changes may cause an increase in your company's calculated risk score.

GravityZone platform

  • Company-customized logos are now properly displayed in the GravityZone console.

  • Security fixes.

Network

Fixed an issue where the endpoint details window incorrectly displayed that the policy was edited by Power User after reinstalling the agent.

October 2024 (Version 6.56.0-1)

Early Access

New Network

More actions have been added to the new Network section.

  • Install patches

  • Assign tags

  • Unassign tags

  • Mark as Golden Image

  • Unmark as Golden Image

  • Isolate endpoint

  • Remove from isolation

  • Uninstall agent

  • Restart endpoint

  • Repair agent

New features

Control Center

Partner type companies with a monthly subscription will now experience an improved experience when accessing the Control Center landing page. The page will feature user-friendly content that simplifies basic tasks and provides access to the latest news from Bitdefender.

Improvements

EDR

Some endpoint operations are now going to use the configuration settings in Policies > General > Communication > Communication between Endpoints and Relays/GravityZone. For more information, refer to the section with the same name in the Communication page.

Policies

The following sections now feature a new design and improved interface texts:

  • Device Control

  • Sandbox Analyzer

These sections add up to those previously revised. The remaining sections will gradually migrate to the new design in future GravityZone releases.

Configuration profiles

When cloning a policy, its configuration profiles are duplicated only if they originate from another company. The duplicated configuration profiles include exclusions, maintenance windows, and Web Access Control schedules.

This behavior applies to policies received from partner companies. Learn more.

User activity

Changes to the policy settings are now recorded with greater detail in the User activity section, under the Edited action and the Policies area.

Public API

Incidents API

  • A new method is now available: createResponseAction. You can use it to take response actions on user nodes generated in GravityZone XDR incidents or your own SOC generated incidents. You can make the request based on an XDR incident ID, or based on user data specified in the node. The following actions are available:

    • Disable the user

    • Force reset the user credentials

    • Mark the user as compromised

    • Delete the user's email

    For more information on response actions, refer to this KB article.

  • The getResponseActionStatus method is now available. You can use it to check the status of a requested response action on an XDR incident.

Resolved issues

Network Protection

Fixed an issue where disabling the Network Protection module wouldn't disable the Application Blacklisting option in the policy sent to the endpoint.

GravityZone platform

Security fixes.

September 2024 (Version 6.55.0-1)

Early Access

New Network

Redesigned actions and improved functionalities were added to the new Network section.

New actions:

  • Malware scan

  • IOC scan

  • Exchange scan

New functionalities:

  • Go to location (replacing Go to container from the old Network)

  • Reports

  • Column sorting

Additional

  • New feedback form after opting out of the Early Access Program

Some features are not currently included or might not work as expected. We will address these issues and add new functionalities in upcoming releases. Your feedback is highly appreciated and can help us refine and improve the new Network. Learn moreNew Network

New features

Update staging

You can now test different versions of Bitdefender Endpoint Security Tools on user-controlled update rings before deploying them to your production environment. You have the option to choose between Test ring 1, Test ring 2, and Production ring, in addition to the Bitdefender-controlled fast and slow rings.

The settings are available as follows:

  • In the GravityZone main menu, under Configuration profiles > Update staging.

  • In the policy settings, under General > Update > Update rings.

  • On the Installation packages page, in the Download and Send download links menus.

Products that support update staging:

  • GravityZone Business Security Enterprise

  • GravityZone Security for Endpoints Physical Workstations

  • GravityZone Security for Endpoints Physical Servers

  • GravityZone Security for Virtualized Environments VDI

  • GravityZone Security for Virtualized Environments VS

  • GravityZone Security for Workstations

  • GravityZone Security for Servers

  • Bitdefender MDR, including Bitdefender MDR Premium and Bitdefender MDR Plus

Note

Update staging with Relay requires BEST Relay version 7.9.15.437 or later on Windows, and 7.2.1.200164 or later on Linux. These versions use a new update technology, Reverse Proxy with Caching, which is necessary for this process.

BEST for Mac supports update staging in version 7.17.46.200025 and later.

XDR

  • You can now download XDR NSVA packages from the Network > Installation Packages page.

  • The Suspected actors widget is now available in the Overview tab of the Incidents view window. The widget provides details for identifying and determining the threat actors involved in the incident.

    When integrated with the IntelliZone platform, this feature provides additional context on the actor and allows security analysts to take prevention measures to secure their organization against that actor.

Reports

The Simplified Monthly License Usage report is now available for MSP companies. The report is a lightweight version of the Monthly License Usage report, and contains only the company related usage information, omitting the endpoint related bottom half of the report.

Risk Analytics

Compliance reports are now available in GravityZone. You can access the reports from the Risk Management dashboard page. The feature is currently in controlled availability. To learn more, contact your sales representative.

Compliance reports provide you with a detailed, targeted, overview of your company's compliance with corporate governance policies, enterprise risk management, and company regulatory policies. The report gathers data from your company's managed endpoints, groups it into compliance-relevant topics, and creates an easily readable, single source of insight into endpoint compliance.

All checks are made based on CIS V8 compliance standards.

Improvements

Risk Analytics

The Risk Management feature has been completely redesigned and restructured:

  • The tabs previously available under the Security Risks page have now been redesigned and restructured under separate GravityZone pages.

  • The Risk Management dashboard has been redesigned to improve visualization and enhance your experience while assessing the overall level of risk your company may be facing:

    • Hovering over the Company risk score widget now displays a breakdown of the score.

    • The Industry widget has been renamed to Score breakdown. It displays the company's score breakdown and number of CVEs that apply to it.

  • The UI and functionality of all new and existing pages have been redesigned to offer a better user experience:

    • All pages have been enhanced with the Smart views feature.

    • You can now add any individual misconfiguration, user, or device to a Watchlist. These are available on all pages, as a predefined default view.

    • You can create a scan task from any of the Risk Management pages, using the Scan button.

  • You can now pivot between individual widgets in the dashboard and their corresponding pages. When viewing additional risk information, you can pivot directly to the source of the information.

  • Hovering over the values under the Risk score column displays the breakdown of the score.

Important

The Risk Analytics redesign also comes with a new scoring system, causing old data to no longer be available. Risks previously ignored will be reinstated. To get started with the redesigned feature, start a new scan to gather data.

To ensure optimal results, makes sure all your agents are updated to the latest product and security signatures version.

Policies

This update comes with a new design and improved interface texts for the following policy sections:

  • Live Search

  • Relay

These sections add up to those revised previously. The remaining sections will gradually migrate to the new design in future GravityZone releases.

Public API

  • Companies API

    • Added new values for the industry parameter for the createCompany method.

    • The industry attribute returned by the getCompanyDetails method now returns additional values.

  • Network API

    • The createSubmitToSandboxAnalyzerTask method is now available. You can use this method to create a Sandbox Analyzer task and submit up to five files for analysis.

      The task pulls the files that need to be analyzed from a target endpoint, along with any other files that need to be involved in the process.

    • The killProcess method is now available. You can use this method to terminate an active process using its process ID, its path, the endpoint where it is running, and, if available, the ID of the incident it generated.

  • Packages API

    • The getInstallationLinks method has been updated to match the changes done to the installation package changes:

      • Added the ringId parameter.

      • Adapted method response to provide necessary details.

Network Protection

You can now enable the Inspect TLS Handshake feature in Network Protection > General > Network Protection > Intercept TLS handshake.

This feature intercepts malicious domains during TLS Handshake phase, detecting potential threats without decrypting traffic. It scans outbound processes except the ones defined in Network Protection > General > Network Protection > Intercept encrypted traffic > Scan HTTPS, and allows you to respond by denying access to the page or by resetting the connection.

This feature is compatible only with Windows operating systems.

XDR

The Associated risks widget has been improved and now offers a better graphical representation of the distribution of risks.

User activity

Improved information availability for change partner events.

GravityZone platform

You may notice small design changes at the menu in the upper right corner of the console.

Resolved issues

GravityZone platform

Security fixes.

August 2024 (Version 6.54.0-1)

Improvements

GravityZone platform

  • Implemented internal optimizations for enhanced performance and stability of GravityZone.

August 2024 (Version 6.53.0-1)

Early Access

New Network

The new Network section offers a range of fresh and enhanced features to help you navigate and manage all entities in your network. You are now able to effortlessly monitor the status of endpoints, allocate resources, and resolve any issues that may come up. In addition, the page provides a user-friendly interface to ensure smooth navigation and effective management of network assets.

The functionality of the old Network section remains unaffected by the introduction of the new Network section. The new section can be found in the main GravityZone menu, labeled as EA Network, once you enroll in the Early Access Program.

This is the first iteration of the new Network. Some features are not currently included or might not work as expected. We will address these issues and add new functionalities in upcoming releases. We also expect feedback from you to continue improving the new Network. Learn moreNew Network

External Attack Surface Management

Performed several minor visual changes to the EASM Inventory page to improve the user experience.

New features

Antimalware

Advanced Threat Control now includes a new capability. The option Sensitive Registry Protection is designed to safeguard critical registry keys including those associated with the Security Account Manager from unauthorized access or exploitation such as malicious registry key dumping. This technology ensures comprehensive protection of user authentication data and system security policies on your systems.

The option is located in the policy under Antimalware > On-Execute > Advanced Threat Control.

You can find and further analyze this type of event by generating a Security Audit or Blocked Applications report.

Tasks

A new task named Submit to Sandbox Analyzer allows you to remotely send samples from any managed endpoint running Windows to Sandbox Analyzer. The new option is available in the Tasks menu on the Network page.

Improvements

Incidents

New Blocklist rules, including application paths and connections, can now be added and configured in the Incidents section. You can also import local CSV files to easily add a large number of rules at once. Blocklist rules serve as guidelines for creating and managing a list of entities that are denied access due to potential threats.

EDR

Automatic response actions for custom detection rules are now available. Once set up, these actions execute on protected endpoints even when disconnected from GravityZone Control Center. This new feature ensures your security measures stay robust and responsive.

All actions are visible in GravityZone for complete oversight.

XDR

You are now able to monitor multiple network subnets using a single Network Sensor Virtual Appliance. For more information, refer to this article.

Notifications

The Password expiration reminder has been enhanced to include the affected account's email address.

Public API

Incidents API

  • Version 1.2 is now available for the following methods, providing various user experience improvements:

    • addToBlocklist

    • getBlocklistItems

    • removeFromBlocklist

    Tip

    To use version 1.2, you will have to change the API URL.

    Version 1.0 for these methods, while deprecated, is still available for use. Existing methods remain unchanged and the same parameters and attributes apply.

  • The automaticResponse setting is now available for the settings parameter for the createCustomRule method. You can use it to configure the automatic actions for Custom detection rules.

  • The getCustomRulesList method now returns the enableAutomaticActions and automaticActions settings under the settings object. They provide information regarding automatic actions for Custom detection rules.

Policy API

  • Version 1.1 is now available for the following method, providing various user experience improvements:

    • getPolicyDetails

    Tip

    To use version 1.1, you will have to change the API URL.

    Version 1.0 for this methods, while deprecated, is still available for use. Existing methods remain unchanged and the same parameters and attributes apply.

Resolved issues

GravityZone platform

  • Users can save up to 100 offline cleanup rules in Configuration > Network settings > Offline Machines Cleanup.

  • Security fixes.

Reports

The ATC module is now correctly included in the graph section of the Endpoint Modules Status report.

Risk Management

Fixed an issue causing users to be logged out when trying to load any risk with a large number of affected devices.

July 2024 (Version 6.52.0-1)

Early Access

External Attack Surface Management

External Attack Surface Management (EASM) is now available for Early Access. It is currently in a controlled availability.

EASM solutions help organizations gain a comprehensive view of their external attack surface. These solutions automatically discover and organize all assets, services and potential vulnerabilities that are accessible from the internet. Bitdefender EASM helps companies reduce their attack surface by identifying internal and external assets exposed to the internet, thus enhancing existing GravityZone capabilities.

You can access External Attack Surface Management from the EASM dashboard and EASM inventory pages, under Risk Management.

New features

Antimalware

The Antimalware module capabilities are now enriched with a new feature that enables Unified Extensible Firmware Interface (UEFI) scanning. The new Scan UEFI option ensures the security and integrity of the system's boot process and protects against sophisticated threats that can persist at the firmware level.

The feature is available for on-demand scheduled tasks in the policy and malware scan tasks from the Network page. The option is located under the Miscellaneous section of each Full, Quick, and Custom scan type and is enabled by default when the security level is set to Aggressive.

You can find and further analyze this type of detection event using Threats Xplorer, or by generating a Security Audit report.

Licensing

Company administrators can now make the following changes to their existing yearly licenses:

  • Increase the number of seats of your license up to 100. If you want to extend your license further, you need to purchase an additional license key.

  • Extend the expiration date by a period equal to or shorter than the original license duration.

The changes can be done from the Plans and purchase tab, in the Edit company window.

Important

This feature is only available for licenses with less than 100 seats and purchased online, directly from Bitdefender.

Improvements

GravityZone platform

Security for Amazon Web Services now supports the Asia Pacific (Osaka) mandatory region.

Policies

  • This update comes with a new design and improved interface texts for the following policy sections:

    • Patch Management

    • Integrity Monitoring

    • Encryption

    • Incidents Sensor

    • Storage Protection

    • Risk Management

    The remaining sections will gradually migrate to the new design in future GravityZone releases.

  • All pages with new design now include a link to related GravityZone documentation under Get help from Support Center.

  • As a Partner, when you access the Policies page, your company's policies are automatically displayed. To view policies from other companies, select a different option in the Company column.

  • You can now create a maintenance window directly in the Patch Management section of the policy settings if none is available for selection. This maintenance window includes patch scanning settings only. To install patches, go to the main menu and edit the window in the Configuration profiles section.

  • You now receive relevant messages when trying to import exclusions files with errors in the Storage Protection section.

  • When disabling Use Bitdefender Global Protective Network to enhance protection in the policy settings, the confirmation message now informs you that you must switch to Local Scan engines if you are using Hybrid Scan engines.

Patch Management

Manually approved patches, including Microsoft Windows Feature Updates and security tools, are now available for Windows endpoints. These updates cannot be installed automatically.

Some highlights:

  • GravityZone sections such as Dashboard, Network, Tasks, Patch Inventory, Maintenance Windows, and User Activity have been updated to support Manually approved patches.

  • The Network Patch Status report now includes information related to Manually approved patches.

Network protection

  • The Time Limiter tab, which allowed you to configure time-based access restrictions, has been removed from Network Protection > Content Control > Web Access Control > Settings.

  • The Block/Schedule/Allow selector, previously used for auto-selecting intervals in the Time Limiter feature, has also been removed from the Web Access Control section, simplifying the user interface and reducing complexity.

  • You can now define schedulers in Configuration Profiles > Web Access Control Scheduler without needing to select a category, thus making the Categories field optional.

    You must still indicate the required time and day. This modification enables schedulers to accurately represent time-limiter intervals, offering more flexibility in scheduling without being limited by pre-established categories.

  • You can now add a maximum of 20 schedulers for each Schedule created in Configuration Profiles > Web Access Control Scheduler.

Tasks

The Delete button on the Tasks page now also removes pending subtasks of tasks that are in progress. The confirmation window and the User activity page have been updated to reflect the changes.

Public API

  • Maintenance windows API

    • The manuallyApprovedPatchesSettings setting is now available for the updateType parameter when making requests using the createPatchManagementMaintenanceWindow and updatePatchManagementMaintenanceWindow methods.

    • The response for the getMaintenanceWindowDetails method now includes the manuallyApprovedPatchesSettings setting.

    • A new method is available: getManuallyApprovedPatches.

  • Network API

    • The new deleteTask method now removes pending subtasks of tasks that are in progress.

XDR Sensors

When displaying a network sensor in Sensors management, you can now find the complete details of the NSVA, including all the networks it is monitoring and their user provided details.

Resolved issues

Device Control

Some users faced challenges adding exclusions for wireless headphones in Device Control.

Tasks

Tasks performed on endpoints removed from the GravityZone database showed the computer name as obfuscated.

Policies

In some cases, users were unable to save policies containing entries under Exchange Protection > General > Domain IP Check (Antispoofing).

GravityZone platform

Security fixes.

June 2024 (Version 6.51-01)

New features

MSP Product Trials

The EDR Trial report feature offers a summary of the EDR related activity observed during the trial. The report offers MSPs a comprehensive view of the client's current cybersecurity landscape, highlighting connections to EDR data to emphasize the potential risks of security events and the effectiveness of EDR in addressing them.

Partners can download this summary as a PDF file from the Product Trials Hub tab in the Edit company window. The downloaded document is available for each company that has been, or is, enrolled in an EDR Trial, and contains information specific to that company.

Public API

  • A new method is now available for the Network API: deleteTask. The method allows users to delete a specific task, identifying it using its task ID.

Improvements

Licensing

  • The GravityZone CSPM+ license now also provides access to cloud detection and response features, as follows:

    Note

    Only incidents created from cloud sensors will be made available.

    For access to XDR endpoint incidents or other XDR sensors you still require the appropriate license.

Resolved issues

Health Dashboard

  • Fixed an issue that caused inconsistencies between the number of non-compliant endpoints in the Endpoints policy status widget and the number reported in the Policy Compliance report.

Network

  • Fixed an issue causing endpoints to incorrectly appear as isolated in GravityZone.

  • Due to an internal issue, scheduled Reconfigure agent tasks were running immediately on endpoints.

  • In some cases, users were forcefully logged out of GravityZone after attempting to delete multiple endpoints from the Network grid.

  • In some cases, the endpoints were not displayed in GravityZone despite BEST being successfully installed.

  • In some cases, importing a CSV with Content Control exclusions in Policy > Content Control > Web Access Control > Exclusions resulted in uppercase URLs being converted to lowercase, causing exclusions to fail.

XDR

  • Resolved an issue that caused the Incident Graph to fail loading due to an unexpected error.

Public API

  • Using the updateCompanyDetails method to update a company no longer incorrectly activates its subscription end date, incorrectly adding a value in the company's endSubscription attribute.

Licensing

  • Fixed an issue causing an error message to appear when trying to save changes to a GravityZone company. This would occur due to an inconsistency in the company's recorded subscription end date.

GravityZone platform

  • Security fixes.

April 2024 (Version 6.50.0-1)

New features

Anti-tampering

Anti-tampering enables you to view when vulnerable drivers are detected on endpoints, and when advanced attack attempts are made to disable the security agent, leading to compromised product integrity.

The feature capabilities are divided in two main categories with distinct targets:

  • Vulnerable drivers

    This pre-tampering technology detects vulnerable drivers on endpoints that can be exploited by attackers, posing threats to the integrity of the product. The technology is compatible with Windows and Linux operating systems.

  • Callback evasion

    This post-tampering technology can detect when the security agent callback functions have been maliciously removed or disabled. New threats or unintentional human error could be engineered to potentially allow unauthorized access to the kernel, leading to compromised product integrity. The technology is compatible with Windows operating systems.

You can enable or disable the feature and configure different actions in the policy under the Antimalware > Anti-tampering section.

To view more information about detection events you can generate a Security Audit or Blocked Applications report or use portlets. Additionally, you can be notified whenever the security agent callbacks are maliciously removed or disabled, or vulnerable drivers are detected on endpoints by using the new Anti-tampering event notification.

Control Center

  • Customer type companies without a monthly subscription will now experience an improved experience when accessing the control center landing page. The page will feature user-friendly content that simplifies basic tasks and provides access to the latest news from Bitdefender.

Improvements

Quarantine

  • You can now submit quarantined files to Bitdefender Labs directly from Quarantine. The new option Submit to Bitdefender Labs enables you to submit previously retrieved files for an in-depth analysis that can rule out possible false positive detections. You will receive the analysis results on the email address provided when submitting the file.

  • You can now remotely retrieve and download quarantined files from endpoints with Linux operating systems.

Notifications

  • GravityZone email notifications now have a fresh design, revised email subjects and notification titles. Additionally, some notifications in GravityZone Control Center have been renamed. You can find more information in Changes to GravityZone email notifications.

  • The New incident notification has been improved: all configuration options have been merged into one. Exiting users, with any on the three settings activated prior to the update, now have the New incident notification enabled by default.

Policies

  • The Actions button from Configuration Profiles > Exclusions has been removed.

  • The Export Selection and Delete options, previously located under Configuration Profiles > Exclusions > Actions, have been added to the interface for better accessibility and ease of use.

Cloud Security

  • GravityZone user account permissions now apply to existing roles from the Cloud Security console. Depending on the user rights assigned to your GravityZone account, you will have access only to specific features, actions or sections of the Cloud Security console.

EDR

The Response tab is now also available for EDR incidents.

  • On demand endpoint actions executed from an incident graph are now displayed in the response grid of that incident.

  • The status of tasks resulting from EDR response actions is now changed to Failed after being unresponsive for two days.

  • The Remediation button and the associated section have been removed from the Endpoint Incidents tab and are now available in the new EDR Response tab.

  • You can now manually mark endpoint response actions as done or dismissed from the Response grid.

MSP

The requirements for Partners, and the procedure for licensing, provisioning, and activating the Bitdefender MDR Service for companies using monthly licenses have changed. To facilitate these changes, there have also been some changes made in the GravityZone console.

  • The Contact Details section under the My company page is now called Contact details for GravityZone.

  • A new section is now available under the My company page: Contact details for Bitdefender MDR. This section contains mandatory information required to onboard a partner Company that is new to the MDR console. When saving the information, validation is required, and can be done by sending a code to the email address assigned to the contact.

    The information in this section is mandatory to Partner companies that haven't enabled the MDR service and haven't initiated onboarding prior to this release. Until the information is filled in, they will not be able to enable the MDR service for their client companies own use.

    Once the information has been saved, an Emergency Contact is automatically created in the Bitdefender MDR console. You can not change this information at a later date from GravityZone.

  • The requirements for activating the MDR service for reselling for client Partner companies are:

    • The company must have the The company's Partner can assist with the security management setting enabled.

  • The requirements for the onboarding process to begin for a Partner company are:

    • The company must have the Managed Detection and Response Foundations service enabled for resell.

    • All the information under the direct Partner's Contact details for Bitdefender MDR section is filled in with valid data.

    Once all requirements are met, an automatic activation email is sent to the contact listed under Contact details for Bitdefender MDR.

  • The requirements for activating the MDR service for the own use of client Customer companies are:

    • The Client company's direct partner has the Bitdefender MDR service enabled for reselling.

    • Both the Partner and the Client companies must have the The company's Partner can assist with the security management enabled.

    • At least one of these requirements must be met:

      • All the information under the direct Partner's Contact details for Bitdefender MDR section is filled in with valid data.

      • The Bitdefender MDR service has already been enabled and the onboarding process started prior to this release.

Public API

  • Accounts API

    • The phoneNumber parameter is now available for the createAccount and updateAccount methods.

  • Companies API

    • The mdrContactInformation attribute is now returned by the getCompanyDetails method.

    • The mdrContactInformation parameter is now available for the updateCompanyDetails method.

  • General API

    • A new method is available: generateEmailVerificationCode. This will allow you to send an email verification code to the email address specified in the MDR contact person section.

  • Incidents API

    • Version 1.1 is now available for the updateIncidentNote method.

  • Network API

    • The getTaskStatus method now also includes information for each endpoint the task ran on. The information is organized into subtasks.

      Important

      These changes only apply to version 1.1 of the method.

Resolved issues

Network

  • In some cases, restoring the Docker host resulted in container duplication and the container inventory failing to load in the Network page.

GravityZone platform

  • Security fixes.

Known issues

Notifications

  • GravityZone users from companies using Business Security Premium license are not receiving New incident notifications.

March 2024 (Version 6.49.0-1)

Early Access

YARA detection rules

  • YARA rules are now available on macOS endpoints starting with the following BEST version: 7.16.42.200016.

New features

MSP Product Trials

  • MSP Product Trials enables partners to enroll client companies in trials, allowing them to test out features, add-ons, and services that are not included in their subscription. The feature is being released in stages, in a controlled availability manner.

Improvements

Threats Xplorer

  • You can now filter detection events based on endpoint tags. Using automatic or custom tags helps you view events from specific endpoint groups and efficiently analyze and correlate detections.

Executive Summary

The Incidents status widget was renamed to Incidents breakdown by action taken and for a more granular view, the widget categories are now available as:

  • Reported: includes Endpoint and Organization incidents upon which no action was taken and require further investigation.

  • Partially blocked: includes Organization incidents in which the automatic actions defined in the policies have been taken only on some entities.

  • Blocked: includes Endpoint incidents that were detected and blocked by GravityZone prevention modules.

Help & Support

The Help & Support page has a new design, easier to navigate. Topics are displayed on cards organized in two tabs:

  • Basics - covers GravityZone general use, technical assistance, legal aspects, and more.

  • Advanced Configuration - provides information on specific GravityZone features.

As with the previous Help & Support page, the content depends on the company type and the license you are using.

Public API

  • Packages API

    • A new method is now available: updatePackage. You can use it to update installation packages.

  • Companies API

    • The getCompanyDetails method now returns the ParentCompanyId attribute.

  • API Event Push Service

    • Events sent through the Event Push Service API that fail to deliver are now saved in a buffer, which can hold up to 1000 messages. Once the counter exceeds 1000 messages, Event Push Service will automatically stop sending events, and it will reset the serviceSettings.status field used in the getPushEventsSettings method to 0.

    • The getPushEventStats method now returns the max attribute, which is an object that contains the messageQueueBytes and messageQueueLength attributes.

User Activity

  • Entries related to creating or editing a policy now include the list of changed settings in the Details area. The settings are grouped by sections.

XDR

The Sensors Management feature now provides integration with two new sensors:

  • CSPM+. This new sensor collects telemetry about cloud platforms security posture from Cloud Security to enrich GravityZone XDR incidents and risk information.

  • Security for Mobile. This new sensor processes mobile device events collected from GravityZone Security for Mobile.

  • The Associated risks widget is now available in the Overview tab of the Incidents view window. The widget provides a graph detailing a breakdown of all known risks per entity type and links to related entities.

Limitations

Custom rules

Custom detection rules and Custom exclusion rules features will only work if your endpoints have the following version of BEST or newer, as announced in GravityZone banner in January:

  • 7.9.5.324 (Windows)

  • 7.0.3.2271 (Linux)

  • 7.14.32.200019 (macOS)

Resolved issues

Security for AWS

  • The Amazon EC2 integration experienced synchronization issues, which resulted in previously removed secured instances being displayed in the Network Inventory.

Network protection

  • Some users experienced an issue where exclusions were still being applied, even when the Use Exclusions option was disabled in the Web access control settings section.

Power User

  • The Network section and the Policy Compliance report did not reflect changes made by Power User to the policy.

GravityZone platform

  • Security fixes.

February 2024 (Version 6.48.0-1)

Early Access

Health Dashboard

  • The export functionality is now available in Health Dashboard. You can use this new option to access and manage the centralized data outside GravityZone Control Center, according to your needs. All events are exported in the widely available CSV format, making it easier to import into other software programs tailored for your business.

  • A new entry is now available in the Endpoint patch management widget. Patches available, not installed provides you with the number of endpoints in your network that have patches available, but no patch installation task was initiated to install them.

New features

Security Telemetry

  • You can now enable sending telemetry data from your BEST protected endpoints to integrated platforms in syslog format. The option can be accessed by editing a policy, going to General > Security Telemetry and selecting Syslog (JSON) from the SIEM solution field under the SIEM Connection Settings section.

XDR demo incident

  • A new demo function is now available on the Incidents page. This feature simulates a scenario from multiple sensors and showcases the capabilities of the XDR feature.

    You can access this new capability from the Show demo incident button, on the upper right side of the Incidents page.

GravityZone platform

  • A new GravityZone Cloud instance hosted in Singapore is now available.

Improvements

Security for AWS

Security for AWS now includes the following improvements:

  • Licensing compatibility extends to all GravityZone standard products with the exception of Free Risk Assessment Tool and GravityZone EDR Cloud.

  • It supports multiple Amazon EC2 inventories per company.

  • Users can now set names for Amazon EC2 integrations.

  • The Amazon EC2 integration aligns on the same level with Computers and Groups in Network Inventory.

  • The Integration tags tab now also displays AWS tags. They are available in the Information window of Amazon EC2 instances. You can use tags in Policies > Assignment Rules.

  • The Tasks Details panel now includes information about the Amazon EC2 integration name.

  • The new Amazon EC2 subscription type has changed notification informs you whenever your subscription type changes from Marketplace to Partner.

  • The User Activity page has been updated.

  • Amazon EC2 Subscription Status report is now available for any company using or managing Amazon EC2 integrations.

  • Partners can now suspend or reactivate integrations directly from the Amazon EC2 Subscription Status report.

  • The Amazon EC2 Monthly Usage report now contains two new columns: Integration Name and AWS Account ID.

  • The Integrations page now includes multiple new columns: Name, Status, Subscription type and Subscription status.

Quarantine

  • You can now submit quarantined files to Sandbox Analyzer directly from Quarantine. The new option Submit to Sandbox Analyzer enables you to submit previously retrieved files for an in-depth behavioral analysis.

  • Filtering quarantined files based on the technology that performed the detection is now available. The new Detecting technology filter and column helps you view manually quarantined files and files detected by multiple Antimalware and Integrity Monitoring technologies.

  • You can now remotely retrieve and download quarantined files from endpoints with macOS operating systems.

Public API

  • A new version (1.1) is now available for the following APIs and methods, providing various quality of life improvements:

    Version 1.0 for these methods is still available for use.

    Existing methods remain unchanged and the same parameters and attributes apply.

    • Network API

      • getEndpointsList

      • getNetworkInventoryItems

      • createReconfigureClientTask

      • getTaskStatus

    • Incidents API

      • createIsolateEndpointTask

      • createRestoreEndpointFromIsolationTask

    • Quarantine API

      • createAddFileToQuarantineTask

      • createRestoreQuarantineExchangeItemTask

      • createRestoreQuarantineItemTask

      • createEmptyQuarantineTask

      • createRemoveQuarantineItemTask

    Tip

    To switch to using version 1.1, you will have to change the API URL.

  • The following changes have been performed for the Integrations API as a result of the changes done to AWS integrations:

    • The configureAmazonEC2Integration method is no longer available.

    • The integrationName parameter is now available for the configureAmazonEC2IntegrationUsingCrossAccountRole method.

    • The procedure and requirements for generating external IDs has changed, impacting requests using the generateAmazonEC2ExternalIdForCrossAccountRole method, and the information returned by the getAmazonEC2ExternalIdForCrossAccountRole and configureAmazonEC2IntegrationUsingCrossAccountRole methods.

    • The integrationName parameter is now available for the disableAmazonEC2Integration method.

  • The licensedServices parameter is now also returned by the getLicenseInfo method for companies using yearly licenses.

  • The possible values of the maxResults parameter have changed for the findCompaniesByName method.

Reports

  • A new option is available when creating a Monthly License Usage report: Only new customer companies. Enabling this option allows you to display monthly usage reports only for companies created between two specific dates.

Advanced Anti-Exploit

  • Added Google Chrome to the Predefined Windows Applications list that you can find in the Antimalware > Advanced Anti-Exploit policy settings. Now you have the flexibility to customize browser protection based on your preferences.

Control Center

  • Customers with CSPM+ licenses will now have an improved experience when accessing the Control Center landing page. The page will feature user-friendly content that simplifies basic tasks and provides access to the latest news from Bitdefender.

Product Trials

  • Companies using GravityZone Small Business Security can now enroll in Product Trials and and explore new features and products.

Policies

  • The settings in the Risk Management section have been changed: scheduled scans can now be set to run only daily or weekly.

XDR

The Node Details panel was improved and now inlcudes:

  • MAC information for the following nodes:

    • Endpoint

    • Server

    • IP

    If Endpoint or Server nodes have multiple IPs, the MAC information may contain multiple values.

  • One or multiple IP addresses for the following nodes:

    • Domain nodes

    • Endpoint

    • Server

  • One or multiple domain names for the IP node.

The Advanced search panel now includes a new field: network.domain_name. You can use this field in your search query.

Removed features

Policies

  • The Update Linux EDR modules using product update option has been removed from the General > Update page in the policy settings.

Resolved issues

Threats Xplorer

  • Fixed an issue that caused inconsistencies between detection events reported in Threats Xplorer and information displayed in HyperDetect Activity report.

Antimalware

  • Sometimes, endpoints under Active Directory integrations could not be used as network scanners for on-demand tasks.

Reports

  • Fixed an issue that was affecting the EC2 Monthly Usage report. Data was being returned for the month previous to the one requested in the report.

MSP

  • Fixed an issue where disabling EDR for own use on a partner company would incorrectly disable the Live Search feature for all their customers.

Network

  • Scanned streams summary in the Scan Logs tab of endpoint details had some information duplicated.

GravityZone platform

  • Security fixes.

Known issues

GravityZone platform

  • Remotely submitting logs using the Troubleshooting tab to Bitdefender Cloud fails for endpoints that communicate with the GravityZone console using a Relay. This issue affects only the new GravityZone Cloud instance introduced with this release.

  • Setting up a Security Server requires you to manually configure the communication server address using the option GZ Cloud Custom Address. This issue affects only the new GravityZone Cloud instance introduced with this release.

January 2024 (Version 6.47.0-1)

Early Access

Health Dashboard

  • The feedback form is now enriched with more details to streamline the way you share your thoughts with us. Your insights, suggestions, and experiences with Health Dashboard play an important role in helping us enhance and refine the feature.

GravityZone Cloud Security

  • The Asset Inventory page is now available in the GravityZone Cloud Security Posture Management console.

    You can use the feature to access an overview of your inventory list across your cloud resources, different cloud providers and accounts that you have onboarded.

    The page consists of two sections:

    • Resources - provides an overview of all existing resources detected across all your integrated cloud accounts.

    • Identities - provides an overview of different identity types.

  • API Integration is now available for GravityZone Cloud Security Posture Management. You can set up the new feature from the Integrations page in the  GravityZone Cloud Security Posture Management console.

  • A new remediation option is now available for supported findings detected on AWS cloud resources. This is available in the Posture Management > Rules page: One-click Remediate. The option is represented by a new icon in the rules table.

    To allow GravityZone Cloud Security Posture Management to make changes to your selected AWS cloud account, an additional setup is required for this capability.

Improvements

Quarantine

GravityZone introduces a new capability that enables you to remotely download quarantined files directly from Quarantine. The new functionality is available in Quarantine > Computers and Virtual Machines.

To get the file of interest, you need to first retrieve it from the endpoint using the new Retrieve button. Once the file is retrieved, you can proceed to download it as a password-protected archive using the Download option.

  • The new functionality is available for all license and company types and for endpoints with Windows operating systems.

  • You require Manage Networks and Manage Company rights to use the feature.

  • Child companies can allow their direct partner to retrieve and download files by enabling the option Your Bitdefender partner can download your quarantined files from the My company section. The Partner download permission changed notification is sent whenever this option is enabled or disabled.

  • The retrieved file is available for download within 24 hours after which it is automatically deleted and requires a new retrieve action.

  • The File size column was added to provide details about the size of the quarantined files.

Assignment rules

  • New descriptions are available for locations and exclusions when defining negative conditions for location rules.

GravityZone platform

  • Bitdefender enforces in GravityZone the use of the HTTPS protocol for Bitdefender Endpoint Security Tools updates to enhance security. For more information, refer to this article.

  • New values are now available for the Field of activity option when creating or editing a company.

Resolved issues

Threats Xplorer

  • The detections calendar failed to display weekdays in the proper order after changing the language from the My account section.

Health Dashboard

  • Fixed an issue that caused inconsistencies in the count of unmanaged endpoints between Health Dashboard and the Network Protection Status report.

XDR / EDR

  • Fixed an issue that caused inconsistencies between the number of open incidents shown in the EDR - Incidents Status portlet and the Incidents view.

Tasks

  • In some cases, expired Reconfigure agent tasks ran on endpoints after they came back online.

Network

  • In some cases, users were unable to view scan logs from the Network inventory > Endpoint details > Scan Logs tab.

Risk Management

  • Fixed an issue causing incorrect search results to be returned in the name filter in the Risk Management > Security Risks > Misconfigurations page.

December 2023 (Version 6.46.0-1)

Early Access

Health Dashboard

  • Security Server status is now enriched with new information and a structure that improves readability. The widget includes the total number of Security Servers in your company and a new category for underloaded Security Servers.

    The new structure emphasizes three main categories: Total, Underloaded, Overloaded.

  • Endpoint update status is now available as two separate widgets to enhance flexibility and ease of use:

    • Product update status

    • Security content update status

  • The Endpoint patch management widget now includes the total number of endpoints that have the Patch Management module installed.

Improvements

Sandbox Analyzer

The Sandbox Analyzer page now displays more specific messages for failed detonations.

Product Trials

You can now access even more products through the Product Trials feature:

  • Advanced Threat Intelligence

  • Managed Detection & Response

  • Cloud Security Posture Management

  • XDR

XDR

  • The name of the sensor is now displayed in the title setup window during integration.

Incidents

For a better visualization, you can now expand the following panels further:

  • Node details panel

  • Alert details panel opened from a node

  • Alert details panel opened from the Alerts/Events section

Network

There is now consistent behavior between the delete button and the drag-and-drop action within the deleted folder.

Any endpoint that is moved to the deletion folder, either through the delete button or drag-and-drop, will be uninstalled immediately via the uninstall task or later when it reconnects online and communicates. For more details, visit the Deleting endpoints page.

Resolved issues

Network

The sorting settings in Network did not accurately reflect the specified sorting settings for the Last Seen filter.

GravityZone platform

  • Security fixes.

December 2023 (Version 6.45.0-1)

Improvements

GravityZone platform

  • Implemented internal optimizations for enhanced performance and stability of GravityZone.

November 2023 (Version 6.45.0-1)

Early Access

GravityZone Cloud Security Posture Management

  • Early Access enrollment is now available for GravityZone Cloud Security Posture Management.

  • With this feature, you can quickly onboard your cloud inventory, identify risky misconfigurations, and report on your adherence to renowned compliance frameworks.

Health Dashboard

  • You can now enroll your company in the Early Access program and use Health Dashboard regardless of the number of seats covered by your license.

  • You can now access and use Health Dashboard without any restrictions based on the network groups assigned to your account. You need to have visibility over at least one endpoint in your company.

New features

Unified Incidents

The Incidents page is improved with multiple new features including a new grid that unifies the Extended Incidents, Endpoint Incidents, and Detected Threats tabs. It offers an improved overall user experience and the possibility to create customized views based on your needs.

This feature correlates host-based EDR incidents with broader attacks detected by XDR, bringing both types of incidents in one place: the Incidents grid.

The new unified grid combines Endpoint and Company incidents in a single view, correlating EDR and XDR child incidents under a parent incident that contains the complete description of an attack. Correlated incidents are displayed in their own column in the grid, in line with the parent incident. They are not listed as separate entries in the grid.

The release comes with a more flexible and improved Smart View, along with new filters and options that allow you to create customized views based on your needs.

Improvements

Unified Incidents

  • Incidents generated by the EDR or Prevention Modules now display the name of the endpoint in the Entities column.

  • You can now click on the number of alerts in the Incident details panel to display the Alerts tab.

  • The new Smart views filtering feature allows you to customize the information that is displayed by the feature, including switching between Organizational and Endpoint incidents Smart views.

  • You can now use the Change Status button from the top of the Incidents grid to change the status of multiple incidents.

  • You can now perform bulk actions on all incident types.

  • New columns and filters are available in the Incidents page:

    • Entities: it indicates the number and types of incidents involved in an event.

    • Resources: it allows users to see and filter for resources involved in Organization incidents.

XDR

  • You can now suspend a user account from an integrated Google Workspace tenant.

  • You can now delete an email resource from a Google Workspace tenant user mailbox.

  • The Sensor Setup page now displays what license each type of sensor requires.

  • Changed the requirements for Azure AD sensor integration: You now require User Administrator and Global Administrator roles for your O365 application.

  • You can now save up to 50 queries in the Advanced search panel.

Patch Management for Mac

GravityZone extends support for Patch Management to macOS endpoints. Using the same settings in Control Center as for Windows and Linux, you can now keep macOS applications and the operating system up to date in a simple, efficient and unified manner.

Some highlights:

  • GravityZone sections such as Dashboard, Installation Packages, Network, Tasks, Patch Inventory, Maintenance Windows, and User Activity have been updated to support Patch Management for Mac.

  • When configuring a maintenance window, macOS applications are displayed separately from the Windows and Linux versions in the Vendors and Products section.

  • Reports such as Network Patch Status and Network Protection Status and notifications such as Missing patch issue now include information related to Patch Management on macOS endpoints.

  • Patch Management for Mac is available with existing GravityZone keys and it is licensed per managed endpoint, the same as for Windows and Linux.

  • This feature is available for macOS Big Sur (11.0) and later and requires Full Disk Access for the Bitdefender agent on endpoints.

To use Patch Management on macOS endpoints, you must reconfigure the security agent installed on them.

Note

GravityZone applies operating system patches only for minor versions, for example from version 13.5 (Ventura) to 13.6 (Ventura), but not from 13.9 (Ventura) to 14.0 (Sonoma).

Executive Summary

The Executive Summary report now includes the custom logo image that you have selected for your company. For the default company settings, the report reflects the general Bitdefender GravityZone logo.

Exchange Protection

  • There are now two methods of restoring emails from Quarantine:

    • Release as attachment: the email is sent using a notification email as an attachment to a custom list of mailboxes. Files attached to the original email are not included.

      Note

      This is the option previously called Restore.

    • Release to intended recipient: releases the email to reach its intended recipient's mailbox, along with all attached files.

  • The following secondary actions are now available when configuring Content filtering rules in GravityZone policies:

    • Notify recipients: Send a notification to the intended recipients when an action is taken on an email. Emails are only sent to mailboxes that belong to a domain accepted by the company email server.

    • Notify the sender: Send a notification to the sender when an action is taken on an email. Emails are only sent to mailboxes that belong to a domain accepted by the company email server.

    • Notify users: Send notifications to the specified mailboxes when when an action is taken on an email.

Firewall

Firewall is now available for Windows Servers. This update focuses on simplifying rule management, ensuring essential network traffic, and providing more flexibility.

  • Users can now edit and delete all existing predefined rules in the policy.

  • The Firewall can be enabled on the Windows Server operating systems by performing the Reconfigure Task. The activation of the Firewall module is not automatic, even if Firewall is enabled in the policy.

  • Before enabling the module on their systems, it is important for users to assess and design their Firewall rules for servers. This is necessary to avoid potential service disruptions caused by the configuration of the ruleset, which may block traffic.

  • The Firewall icon from Installation Packages was updated, and now includes both Windows servers and workstations.

  • To find the supported Windows Server operating systems refer to this kb article.

Antimalware

All on-demand scan tasks now include the setting Preserve last access time. Using this new option you can control whether to preserve the last access time for a file during a scan or to allow the scanning process to modify the timestamp of that file. The option is available in the Options tab of each type of scan task, under Settings > Miscellaneous, and is enabled by default.

Network protection

  • Multiple schedules are now available in Configuration Profiles > Web Access Control Scheduler. This allows users to have more flexibility in setting up different time windows for Web Access Control. The Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been moved under Policies > Configuration Profiles > Web Access Control Scheduler > Category Scheduler.

    Users can now create new schedules with multiple time window settings and assign categories to each schedule. The categories will be removed from the policy and the new schedule will be mapped to a policy.

  • You can now exclude from scanning any financial domains from Network Protection > General > Network Protection > Intercept Encrypted Traffic > Exclude financial domains.

Network

In the Endpoint details page, the Content Control module now consists of three separate modules: Content Control, Web Traffic Scan, and Antiphishing.

Public API

  • Network API

    • A new method is now available: getTaskStatus. You can use it to retrieve information about the status of a given task.

  • Accounts API

    • The manageInventory, managePoliciesRead, and managePoliciesWrite attributes are now available for the rights parameter. The attributes are available for requests made using the createAccount and updateAccount methods and are returned by requests made with the getAccountsList method.

  • Maintenance Windows API

    • The os attribute is now available under vendorProductsPairs for the specificVendorAndProduct parameter. You can use it to specify the operating system the vendor-products pair is compatible with.

      The attribute is available for requests made using the createPatchManagementMaintenanceWindow and updatePatchManagementMaintenanceWindow methods and is returned by requests made with the getMaintenanceWindowDetails method.

  • Quarantine API

    • A new method is now available: createReleaseQuarantineExchangeItemTask. You can use it to release items from the quarantine to their intended recipients.

Accounts

  • Passwords reset links now expire after 24 hours. If the time has passed, you have to repeat the password reset request.

  • The Manage Networks right for GravityZone user accounts has been replaced by the following options:

    • Manage Networks. Create and download installation packages; install security agents; manage tasks and quarantined files. You can choose between two levels of customization:

      • View and Analyze Data

      • Advanced Investigation

    • Manage Endpoint Settings. View or manage policies, configuration profiles, assignment rules and any other endpoint setting from other GravityZone areas. You can choose between two levels of customization:

      • Read only

      • Read and Write

Resolved issues

Health Dashboard

In some cases, the Endpoint issues widget classified and displayed macOS endpoints without major issues as critical.

Installation Packages

In some cases, installation packages created by a partner included all Security Servers from his managed companies.

GravityZone platform

  • Fixed an issue causing Email Security monthly usage to be registered for suspended companies.

  • Security fixes.

November 2023 (Version 6.44.1-1)

Improvements

GravityZone platform

  • Implemented internal optimizations for enhanced performance and stability of GravityZone.

October 2023 (Version 6.44.1-1)

Early Access

Health Dashboard

Health Dashboard is a brand-new feature designed to provide a comprehensive overview of endpoint issues and status within your network. Different widgets offer important insights into the health and performance of endpoints and highlight critical concerns that require your attention.

You can monitor your network's health with the intuitive visuals and customizable features that Health Dashboard provides in this unified view. Using the endpoint tags filter enables you to focus on data that is most relevant to your organization. You can add, remove, resize, or move widgets according to your needs and create smart views to ensure that essential information is readily available in a single view.

Health Dashboard includes details about:

  • Managed, active, unmanaged, or offline endpoints

  • Endpoint types in your network inventory

  • Endpoints update status

  • Endpoints issues

  • Endpoints policy status

  • Modules coverage on your endpoints

  • Licensing information for your company

  • Endpoints encryption status

  • Patch status on your endpoints

  • Permission issues present on macOS endpoints

  • Security Server status

Unified Incidents

You can now copy the incident link directly from the Incidents grid by hovering over a grid entry or selecting one, and clicking the Copy to clipboard button. You can copy the links of the correlated incidents from the Incident info panel.

Improvements

Executive Summary

You can now install security agents directly from Executive Summary, The new options, Install now and Send download links, provide the flexibility to either use the small-size downloader or send an installation package link to multiple users.

Product Trials

  • The Product Trials feature is now available for all companies that own one of these yearly licenses:

    • GravityZone Business Security

    • GravityZone Advanced Business Security

    • GravityZone Business Security Premium

    • GravityZone Business Security Enterprise

    • GravityZone Security for Workstations

    • GravityZone Security for Servers

  • You can now access even more products through the Product Trials feature:

MDR

  • Bitdefender is launching three new MDR products:

    • MDR Foundations

    • MDR Enterprise

    • MDR Premium

  • The Response flavor is no longer available for the Managed Detection and Response service. The remaining flavor, Foundations, is now the default option. As a result, the service is now called Managed Detection and Response Foundations.

    Note

    This change only affects companies with monthly subscription licenses.

Container Protection

You can now delete containers from the GravityZone inventory if their host has been offline for more than 24 hours.

Resolved issues

Public API

The following parameters are now returned by API events of the Antimalware type: cleaned, blocked, deleted, quarantined, ignored, and present. The parameters record how many detections originated from the same file or process in the course of a minute.

September 2023 (Version 6.43.1-2)

Improvements

GravityZone platform

  • Applied new technology optimizations to improve platform performance.

September 2023 (Version 6.43.1-1)

Improvements

GravityZone platform

  • Implemented internal optimizations for enhanced performance and stability of GravityZone.

September 2023 (Version 6.43.0-1)

Early Access

YARA detection rules

YARA rules are queries you can use to scan endpoints for patterns of malicious behavior. Use the YARA detection rules feature to generate custom alerts and security incidents based on the results of these scans.

This feature is available for Windows and Linux endpoints with the following BEST versions:

  • Windows: 7.9.5.318 or newer

  • Linux: 7.0.3.2248 or newer

To create YARA rules, go to Incidents > Custom detection rules, click the Add rule button, and then click YARA. Follow the on-screen instructions.

After you create a YARA detection rule, you cannot convert it into another type of detection rule.

From the Custom detection rules grid, you can enable or disable YARA detection rules, or start on-demand scans by clicking the 151926_1.png vertical ellipsis button and then selecting the Scan option.

Clicking a YARA detection rule from the Custom detection rules grid brings up the YARA details panel. From this panel, you can switch to the Search and Incidents sections to view the alerts and incidents generated by the rule.

Unified Incidents

The Parameter filter is now available in the Incidents section. It contains a series of criteria you can use to further filter your grid results and create highly customized smart views.

Improvements

EDR

The Incidents > Custom Rules section has been divided into two sections: Custom detection rules and Custom exclusion rules.

  • The grids and rule configuration pages have a new design.

  • Rule settings now include targets. You can now decide whether to apply the rule to the entire company or to specific groups by endpoint tags.

  • Clicking a grid entry brings up the details panel of the rule. It contains information about the rule, options for navigating rules and for editing the current rule. For custom detection rules, you can use the View alerts and View incidents buttons to switch to the Search and Incidents sections.

  • In the Incidents > Search section, you can now look up both custom detection rules and custom exclusion rules by using the other.rule_id field in your search query. You can still use the other.exclusion_id field to identify existing alerts for the next 90 days, after which the field will be deprecated.

  • The Custom detection rules and the Custom exclusion rules sections are now available to Partners even if they do not have an active EDR license on their account.

  • Partners can now control rules for their managed companies and can use the Company filter in the grid to view the rules created for each company. Customers can also view the rules Partners have applied on their company.

  • When switching to a new Partner, all custom rules created by the former Partner are disabled. The new Partner will not be able to view the rules applied by the former Partner.

GravityZone platform

  • Companies switching from a trial license to a monthly subscription will automatically have the Email redaction setting disabled.

  • New BEST for Linux installation packages are now available for systems with ARM architecture (AArch64).

  • Minor UI changes to the Add company and Edit company windows, including a different order for the Add-ons displayed in the Licensing tab.

Public API

New limitations are in place to the number of API requests allowed per second. For more information, refer to this kb article.

Resolved issues

Threats Xplorer

In certain instances, when navigating from an Executive Summary widget to Threats Xplorer, the corresponding data did not load successfully.

Reports

  • Fixed an issue that was affecting the Endpoint Encryption Status report, where endpoints were missing, even if they had encryption module installed and active.

  • Fixed an issue that was preventing the On-demand Scanning report from correctly opening scan logs.

Notifications

On the Notification Settings page, a single icon for sending options was visible, despite all options being enabled. The issue occurred when the browser window was horizontally resized to a smaller scale.

GravityZone platform

Fixed an issue preventing virtual endpoints from NSX environments from taking up a license seat. The issue occurred for companies with a GravityZone Security for Virtual Env per CPU license.

August 2023 (Version 6.42.0-1)

Early Access

Product Trials

You can now access even more products through the Product Trials feature:

New features

Process Introspection

Process Introspection encompasses various types of attacks such as exploits, injections, and evasion. The feature performs an in-depth analysis of the process state when a child process is created, examining potential indicators of compromise. The analysis offers an overview of detected parent processes and the child processes they have spawned. You can find the feature in the policy, under Advanced Anti-Exploit > System Wide Detections.

Small Business Security

Bitdefender is launching a new product: Bitdefender Small Business Security. This product is available for online purchase only on the Bitdefender website.

Improvements

GravityZone platform

  • The Help & Support page has been redesigned and restructured. The page now provides an improved overall user experience.

  • Companies using the Bitdefender MDR service can no longer disable the Your Bitdefender partner can assist you with security management setting.

  • Partners can no longer disable the The company's Partner can assist with the security management setting for managed companies that use the Bitdefender MDR service.

  • You can only enable the Bitdefender MDR service for companies (either for own use, or resell) that have the Your Bitdefender partner can assist you with security management setting enabled.

XDR

  • The Remote Shell feature now supports file upload and download options on Linux endpoints, starting with BEST version 7.0.3.2217.

  • New Resource types have been added to the XDR Incidents feature.

  • The Reader role is required for the XDR sensor integration with Azure Cloud. For more information on how to adjust your sensor configuration, refer to Azure Cloud sensor prerequisites.

Configuration Profiles

A new exclusion type is now available in Configuration Profiles. You can use the new option Command line with regex to efficiently define exclusions using regular expressions. By leveraging the power of regular expressions, intricate exclusion patterns can be easily constructed, providing greater control and customization.

Public API

  • APIs keys are visible only at the time of creation. This now also includes the ones created prior to March 2023. Make sure you save all API keys in a safe location and do not share it with anyone.

  • Licensing API

    • The getMonthlyUsage and getMonthlyUsagePerProductType methods now returns the aLaCarteMonthlyUsage, mspSecureMonthlyUsage, mspSecurePlusMonthlyUsage, and mspSecureExtraMonthlyUsage attributes.

    • The getLicenseInfo method now returns the assignedProtectionModel and additionalProtectionModels attributes.

    • The getLicenseInfo and getNetworkInventoryItems methods now return the manageEventCorrelator, manageSandboxAnalyzer, and manageHyperDetect settings under the ownuse attribute.

    • The getLicenseInfo and getNetworkInventoryItems methods now return the manageEventCorrelatorResell, manageSandboxAnalyzerResell, and manageHyperDetectResell settings under the resell attribute.

    • The assignedProtectionModel and additionalProtectionModels parameters are now available for the setMonthlySubscription method.

  • Network API

    • The getNetworkInventoryItems method now returns the assignedProtectionModel and additionalProtectionModels attributes under the 1 (company) item type.

    • The getNetworkInventoryItems now returns the manageEventCorrelator, manageSandboxAnalyzer, and manageHyperDetect settings under the ownuse attribute.

    • The getNetworkInventoryItems now returns the manageEventCorrelatorResell, manageSandboxAnalyzerResell, and manageHyperDetectResell settings under the resell attribute.

    • The options parameter is now available for the getManagedEndpointDetails method, along with the includeScanLogs option.

    • The includeScanLogs option is now available for the options parameter for the getEndpointsList method.

    • The includeScanLogs option is now available for the options parameter for the getManagedEndpointDetails method.

    • The includeScanLogs setting is now available for the endpoints option under the options parameter for the getNetworkInventoryItems method.

  • Companies API

    • The assignedProtectionModel and additionalProtectionModels parameters are now available for the createCompany method.

    • The email attribute is now mandatory when including the contactPerson parameter in createCompany and updateCompanyDetails methods requests.

    • If any field under the contactPerson attribute is populated, all fields under the attribute will be returned by the getCompanyDetails method (fullName, email, phoneNumber, companyRole), regardless if hey have a value assigned or not.

    • The manageEventCorrelator, manageSandboxAnalyzer, and manageHyperDetect settings are now available under the ownuse parameter for the createCompany and setMonthlySubscription methods.

    • The manageEventCorrelatorResell, manageSandboxAnalyzerResell, and manageHyperDetectResell settings are now available under the resell parameter for the createCompany and setMonthlySubscription methods.

ERA

The Endpoint Risk Analytics feature now has set limits for the number of vulnerabilities it displays: top 100 vulnerabilities per application, and top 500 vulnerabilities per endpoint. The vulnerabilities are ranked by severity. After resolving existing vulnerabilities, you can run a Risk Scan task to discover and display more.

Network Protection

  • The toggle used for reverting to the previous version of the Installation Packages was removed.

  • The Reconfigure client task has undergone a redesign and has a new name: Reconfigure agent. It allows for the customization of settings that were initially configured during the installation of the endpoint protection solution.

    A new Show all modules option has been added to the Remove menu and allows Admins/Partners to view all modules, regardless of license restrictions. The new option enables them to remove modules that were previously installed but are no longer usable/visible due to license changes or downgrades. This only applies to the Remove option in Reconfigure agent task.

    The Scan mode option in Match list becomes available only when the selected endpoints belong to the same company and the Detection and prevention operation mode is chosen. If endpoints from different companies are selected, the Scan Mode section will not be visible.

Reports

You can now filter companies by License Type in MDR Service Status reports.

Resolved issues

XDR

Fixed an issue that was causing the notifications for Sensor integration status to have misaligned text in the body of the email.

GravityZone platform

  • Deleted virtual machines no longer appear as licensed.

  • Resolved an issue causing the license usage of a company to remain the same after an endpoint had been moved to another company.

Public API

Users that do not have the Manage Companies right enabled now properly receive an error when attempting to use any method included in Accounts API.

June 2023 (Version 6.41.0-1)

Improvements

XDR

  • GravityZone eXtended Detection and Response now supports events from Google Cloud Platform through a new sensor integration. The new sensor collects and processes audit information related to Google Cloud resources. The sensor can be configured through the Sensors Management.

  • A new notification type has been implemented: Sensor integration status. This notification informs you when the status of a sensor integration changes.

Public API

  • Licensing API

    • The manageContainerProtection and manageContainerProtectionResell settings has been added to the ownUse and resell parameters for the setMonthlySubscription method.

  • Company API

    • The manageContainerProtection and manageContainerProtectionResell settings has been added to the ownUse and resell parameters for the createCompany method.

  • Network API

    • The getNetworkInventoryItems method now returns the manageContainerProtection option under the ownUse object and the manageContainerProtectionResell option under the resell object.

  • Packages API

    • You can now use the userControl, antiphishing, and trafficScan settings instead of contentControl under the modules parameter when using the createPackage method. This modification mirrors the changes done to the GravityZone installation packages.

    • The getPackageDetails method now returns the userControl, antiphishing, and trafficScan parameters.

Notifications

The default interval after which notifications are automatically deleted is now 7 days. This change applies to both existing and newly created accounts. To customize the interval according to your needs, refer to Configuring notification settings.

Accounts

Starting with this update, users who have not logged in to the GravityZone console at least once will no longer receive the majority of notifications. This applies to both existing and newly created accounts.

Policies

The Automatic Network Discovery option can now be enabled in the policy under Relay > Communication > Automatic Discovery of new endpoints.

  • Enabling the option will prompt the Relays to execute the Network Discovery task every 4 hours.

  • New customers have the option disabled by default, while the option remains enabled for any existing custom policies.

Network

  • The Antiphishing and Traffic Scan features are now available as separate options under the Network Protection module when creating an installation package.

  • Renamed Network Protection > Web Protection > Traffic Scan to Web Traffic Scan in both GravityZone new and existing packages.

Tasks

  • On the Tasks page, the new default value for the Company filter is All recursively, while for Start period it is Last 7 days.

Resolved issues

XDR

Fixed an issue that was causing the deployed Network sensors to be counted as unlicensed endpoints, even though the necessary licenses were active on the company.

Antimalware

Load Balancing options were not saved in the policy when configuring the Redundancy mode for the Security Server.

Reports

In some cases, attached CSV files were not correctly included in certain reports sent via email. The issue is now fixed.

Threats Xplorer

The company selector in Threats Xplorer now accurately displays all companies using the Bitdefender EDR product.

May 2023 (Version 6.40.0-1)

New features

Mobile Security

The Bitdefender GravityZone Security for Mobile is a mobile security solution able to protect mobile devices having Android or iOS operating systems against multiple threat vectors. It is designed to protect an employee’s corporate-owned or BYOD from advanced persistent threats without sacrificing privacy or personal data.

GravityZone Security for Mobile provides the following:

  • Protection of corporate-owned or BYOD devices from advanced persistent threats, which includes implementing endpoint protection software, keeping software and firmware up to date, implementing network segmentation, and using multi-factor authentication.

  • Risk intelligence and forensic data necessary.

  • Detection across all four threat categories — device compromises, network attacks, phishing attempts and malicious apps.

  • Visibility for the Incident Response teams into mobile threats and risks through integrations with leading UEM, SIEM, SOAR, and XDR systems.

  • Application vetting to detect malicious apps (Android and iOS) and out of compliance application detection.

  • Network Protection by detecting network borne threats, recon attempts, weak security connections, MiTM attacks.

  • Device Protection by detecting OS vulnerabilities as well as vulnerable devices that cannot be updated, and missing encryption, jailbreak/root, system tampering.

Improvements

XDR

You can now remotely upload and download files using the Remote Shell feature. The Upload and Download options are available after you begin a remote shell session.

  • The files are encrypted throughout the upload and download processes.

  • You can upload no more than 20 files at a time.

  • You can view and cancel file downloads by accessing the Network inventory > endpoint details > Investigation tab. You can also retrieve the downloaded files from this section.

  • If you want to be notified when the files are uploaded or downloaded, configure the New Investigation Files Activity notification type.

Network Protection

  • The Web rules action categories found in Content Control > Web Access Control Settings > Web Categories Filter have been updated with the new Warn action.

  • The new action type aims to enhance the administrator's comprehension of the report's warnings and blocks.

  • In the Security Audit Report, the Event Type column was updated to also filter events by Warned Websites, and Warned & Disregarded Websites.

GravityZone platform

  • A full installation kit is now available for BEST Windows endpoints that use ARM CPUs.

  • Search behavior in the company filter is now consistent across multiple pages such as Threats Xplorer, Quarantine, Tasks, Accounts, Installation Packages, Executive Summary, and Tags Management.

    This is the expected behavior:

    • After typing a sequence of characters, GravityZone displays all entries starting with those characters.

    • When using the asterisk (*) as wildcard, GravityZone displays all entries containing that sequence of characters.

Public API

  • Licensing API

    • The manageRemoteEnginesScanning and manageRemoteEnginesScanningResell settings has been added to the ownUse and resell parameters for the setMonthlySubscription method.

    • The manageMobileSecurity parameter is now available for the setMonthlySubscription method.

    • The getLicenseInfo method now returns the manageRemoteEnginesScanning option under the ownUse object and the manageRemoteEnginesScanningResell option under the resell object.

    • The getLicenseInfo method now returns the manageMobileSecurity setting.

    • The getMonthlyUsage and getMonthlyUsagePerProductType methods now returns the mobileSecurityMonthlyUsage object.

  • Company API

    • The manageRemoteEnginesScanning and manageRemoteEnginesScanningResell settings has been added to the ownUse and resell parameters for the createCompany method.

    • The manageMobileSecurity setting has been added under the licenseSubscription for he createCompany method.

  • Network API

    • The getNetworkInventoryItems method now returns the manageRemoteEnginesScanning option under the ownUse object and the manageRemoteEnginesScanningResell option under the resell object.

    • The getNetworkInventoryItems method now returns the manageMobileSecurity object.

  • Reports API

    • A new report type is available under the type parameter for the getReportsList method: 38 - Mobile Security Monthly License Usage.

    • A new report type is available under the type parameter for the createReport method: 38 - Mobile Security Monthly License Usage.

Network Inventory

  • Unmanaged endpoints discovered more than 30 days ago will be subject to a removal process in this release.

  • Unmanaged devices can be discovered by using Relays or on-demand Network Discovery tasks.

Resolved issues

Tasks

  • Failed tasks displayed the same message that they took more than 48 hours to complete, regardless of the actual reason.

GravityZone platform

  • Security fixes.

April 2023 (Version 6.39.0-1)

Early Access

Product Trials

Product Trials enable you to try out other products directly from the GravityZone console, even if you already have an active license.

Available product trials will be displayed in the Product Trials Hub page, depending on your current license. Enabling a product trial will make new features available to you for a limited period of time. The feature will be released in stages and has limited availability at the moment.

New features

Live Search

Live Search is now available for all GravityZone users that have access to EDR / XDR. With this feature you can search for real time events and system information from the online endpoints in your network, using OSquery, an SQL-compatible query system.

Improvements

Tasks

  • The Network > Tasks page has a new look and new options for a better user experience. Some highlights:

    • Filters and search boxes

    • Expandable and sortable columns

    • New details panel for sub-tasks.

  • Tasks in the Network page have now more intuitive and consistent names. For example, Scan has become Malware scan, Install is now Install agent, and Reconfigure client has been renamed to Reconfigure agent.

    The new names are also reflected in the Network > Tasks page, under the Task type category.

    With this update, the User Activity page displays actions on tasks under the new names. Existing records under old names remain unchanged.

    For the complete list of renamed tasks, refer to Changes to task names in GravityZone Cloud Control Center.

  • When you, as a Partner, assign a task to multiple companies in the Network page, GravityZone creates individual tasks for each company in the Network > Tasks page. In such a case, a sub-task includes only endpoints from one company.

  • When accessing the Network > Tasks page as a Partner, you view by default all managed companies recursively.

  • When you, as a Partner, assign a task in the Network page to multiple companies, you can no longer select the parent company, but only its child companies of Customer type.

XDR / EDR

  • Now you can see the date when a domain controller was last reported to the Active Directory sensor integration. Find the Last reported field in the integration's details panel.

  • Now you can delete individual domain controllers from an Active Directory sensor integration.

Accounts

  • The Accounts page has been redesigned and restructured. The page now provides an improved overall user account management experience.

Notifications

  • You can now choose to receive notifications via email in plain text format. The new option is available for all notification types and you can find it on the Notifications Settings page.

  • The notifications email subject is now editable. You can customize the subject according to your needs using the new option Set custom email subject when configuring the notification. The option is available for most notification types.

  • The HyperDetect Activity notification is now enriched with details such as the detection type, user, company, and the command line used.

  • The Login from New Device notification includes the email address of the account used.

Policies

  • In the Policies > Assignment Rules page, you can now apply policies via location rules only to targets you manage.

    From now on, the Targets section is always active when you configure a rule. If you do not specify targets, GravityZone automatically selects all the available entities when saving the rule.

    Old rules with no targets specified will continue to function as before until you manually save them again.

  • When you access Policies > Assignment Rules as a Partner, you now view your company rules instead of a blank page with no company selected.

Public API

  • Accounts API

    • The following Notifications Visibility Options are now available:

      • setCustomEmailSubject - if true, it changes the default subject used in GravityZone notification emails.

      • emailSubject - it contains the custom text to be used for GravityZone notification emails if setCustomEmailSubject is set to yes.

      Note

      These options are only available for specific notification types.

    • The sendOnlyPlainTextEmail parameter is now available for the configureNotificationsSettings method. Enabling this option sends all notification emails in plain text format.

    • The getNotificationsSettings method now returns an additional option: sendOnlyPlainTextEmail.

    • The passwordLifetime, and accountLockdown parameters are now available for the getAccountsList method.

  • Network API

    • The productOutdated parameter is now available for the getEndpointsList method. The parameter indicates if the endpoint is missing one or more agent updates.

    • The createScanTask method now return all task IDs created as a result of the request instead of the most recent one.

  • Companies API

    • The country, state, industry, and contactPerson parameters are now available for the createCompany and updateCompanyDetails methods.

    • The industry parameter is now available for the getCompanyDetails method.

Patch Management

  • All Partner companies can now use Patch Management for their managed companies, regardless of their own use licensing settings.

  • Patch Management features are no longer applicable to companies that have the associated license expired.

Integrity Monitoring

  • The Integrity Monitoring grid now provides better visibility of the actions within its columns.

Installation Packages

The Network > Packages page has a new design and a new name: Installation Packages.

  • The Add button has become Create.

  • All other buttons except Download have been moved under More actions.

  • The package configuration form also has a new look.

For a limited time, the old design is still accessible via the toggle in the upper right corner of the console.

Network Protection

The Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been updated with additional categories. All existing policies are automatically updated to reflect the changes made regarding the updated categories.

  • Newly added categories:

    • Astrology

    • Auto

    • Food

    • Kids

    • Lifestyle

    • Occult

    • Pets

    • Real Estate

    • Society

  • Updated categories:

    • Drugs category was split into the following categories: Alcohol, Tobacco, Pharmacy.

    • Video Online category was replaced by the Videos category.

    • Banks category was replaced by the Financial category.

    • Casual Games, Online Games and Computer Games categories have been merged into the Games category.

GravityZone platform

  • Raw Events now offers support for Linux. The OS type column in the Raw Events grid indicates which fields are available for Linux endpoints.

  • The Gather logs feature from Network > endpoint details > Troubleshooting tab has been enhanced. You can now select between three new types of logs:

    • Product general issues

    • Malware infection

    • Malware infection (no cloud services)

  • The eXtended Detection and Response sensor integration licensing options have been renamed:

    • Identity providers (includes Active Directory, Azure AD, and Microsoft Intune)

    • Productivity apps (includes Microsoft Office 365 and Google Workspace)

    • Network (includes Network sensor)

    • Cloud workloads (includes AWS, Azure Cloud, and GCP)

Exchange protection

  • Policy changes to content filtering rules now properly save when adding lookaround assertions in the rule settings. The issue occurred for rules containing body content filters of expression type.

Resolved issues

Policies

  • Exclusions configured in Configuration Profiles did not propagate to inherited policies.

XDR / EDR

  • Fixed an issue that was preventing the Incident history tab from displaying the analyst's name correctly after changing the incident status.

  • The other.event_id parameter in the Incidents > Search feature of XDR now returns results when using wildcards.

Tasks

  • In some cases, users could not delete finished tasks created by accounts no longer active.

Reports

  • Fixed an issue that caused timezone inconsistencies in the Security Audit Report chart.

Troubleshooting

  • Fixed an issue that prevented gathering logs from GravityZone using a network share for Linux and macOS endpoints.

GravityZone platform

  • User Activity logs for API key creation are now visible to all users with the necessary rights.

  • Selecting the Download > Security container action in the Packages page no longer causes the Download Security Container window to freeze while loading.

  • Security fixes.

Public API

  • Partners can now properly use the createRemoveQuarantineItemTask method to remove an item from quarantine for a client company. Previously, the request would return an Invalid params / At least one specified target is invalid. message.

March 2023 (Version 6.38.1-2)

Resolved issues

GravityZone platform

  • Fixed compatibility issues between the Active Directory and Security for AWS integrations. Starting with this release, Active Directory is going to be prioritized (for inventory, policy assignments, license flow, etc.).

  • Users who log in with SAML single sign-on can now access the Investigation Package options without any additional steps.

XDR / EDR

  • In certain situations, incidents could not be deleted from the Incidents grid when they went past their retention period, resulting in incidents with no details. The issue is now fixed.

Integrity Monitoring

  • Integrity Monitoring did not display some events for Linux endpoints. The issue is now fixed.

March 2023 (Version 6.38.0-0)

Early Access

Live Search

  • You can now filter endpoints by their GravityZone tags by using the Tags filter.

  • The Reset filters button is now available in the Live Search page.

  • You can inspect the database schema and search for available tables and fields using the new side panel.

  • Improved the Metadata window:

    • you can now filter endpoints based on Status and Sent rows

    • a new button is available that allows you to assign tags to endpoints

  • Multiple graphical elements have been modified to offer a better user experience.

Improvements

Endpoint tags

This update brings several new options, support for tags management on child companies, and introduces the feature to the GravityZone Cloud Security for MSP users.

  • In the Network page, you can now create custom tags directly in the Assign custom tags window.

  • In the Unassign custom tags window, you can remove all custom tags from endpoints at once.

  • As a Partner, you can control endpoint tags on child companies by using new company columns, filters and selectors in the Network and Tags Management pages.

  • Each tag in the Tags Management page now includes an inline menu to delete it or to easily create copies and apply them in your company or other companies.

  • You can review actions taken on tags in each company in the User Activity page.

  • Non-MSP Partners can now manage endpoint tags on child companies that use a compatible GravityZone product, regardless of their own license. However, Partners need a compatible license to manage tags in their own companies.

    For existings GravityZone products that support endpoint tags, refer to the list included in GravityZone November 2022 (version 6.34.0-1) release notes.November 2022 (Version 6.34.0-1)

  • For the first time, endpoints tags are available to GravityZone Cloud Security for MSP users, for both Endpoint Security and Bitdefender EDR product types.

    MSP Partners have access to tags in their own companies with either a license key or monthly subscription. They can also manage tags on child companies provided those companies meet the licensing conditions.

    To manage endpoint tags, Customer companies need a compatible license key or, if they use monthly subscription, they also must have the Advanced Threat Security add-on, with at least one of its components (HyperDetect or Sandbox Analyzer) active.

Note

As a Partner, when you go to the Network page after this update, you will see by default your own company tags. To view endpoint tags for a child company, make sure the Company column is enabled and use its filter to select the company you are interested in. Once the child company has been selected, the Tag filter loads all its tags.

Public API

  • APIs keys are now visible only at the time of creation. Make sure you save all API keys in a safe location and do not share it with anyone.

    Note

    Keys generated prior to the release are still visible from the edit window.

  • The productOutdated field has been moved under the Details member for getNetworkInventoryItems API responses.

Quarantine

  • The Company filter now has two new entries: All directly managed and All recursively. You can use them to view quarantined files from all the companies you directly manage or from all companies to which you have access.

  • The Clear button was renamed to Reset filters and you can use it to readjust filters to their default values.

Exchange Protection

  • The Send a Copy To secondary action is now available for the Replace file with text, Delete file, and Reject/Delete email actions. The settings can be found in the Policies > Exchange protection > Content Control page, under the Attachment filtering section.

GravityZone platform

  • Security for Amazon Web Services now supports the following optional regions that can be disabled or enabled from AWS: Cape Town, Hong Kong, Hyderabad, Jakarta, Osaka, Spain, Zurich, United Arab Emirates, Milan.

  • New event types are now available in Configuration > Raw Events grid. Before enabling them, make sure you first check the Requirements column.

Resolved issues

Integrity Monitoring

  • Fixed an issue that prevented the directory path validation from working when users added a custom rule.

  • Fixed an issue that caused Integrity Monitoring to generate empty reports.

Network inventory

  • Folders indicated issues (red exclamation mark) when endpoints inside them had the Encryption module disabled.

Integrations

  • Fixed an issue causing the GravityZone integration with Microsoft Azure Sentinel to fail.

eXtended Detection and Response

  • A partner is now able to delete a pre-existing Network sensor integration for a customer even if the customer has the EDR feature disabled.

GravityZone platform

  • The GravityZone console displayed a few incorrect translations on French and German interfaces.

February 2023 (Version 6.37.0-2)

Resolved issues

XDR

  • In certain situations, connecting through Remote Shell using a single sign-on authentication resulted in a connection timeout. The issue is now fixed.

February 2023 (Version 6.37.0-1)

Early Access

Unified Incidents

  • You can now perform a search from the Incidents grid to view all events and alerts related to an incident. Click the 151926_1.png vertical ellipsis button at the right end of the grid entry and then the View events and alerts option. You will be redirected to the Search page, filled with the requested events.

  • You can now trigger a search from the side panel of entities or resources to view all related events and alerts. Click the 151926_1.png vertical ellipsis button and then the View events and alerts option. You will be redirected to the Search page, filled with the requested events.

Live Search

  • The OS filter is now available for Live Search. You can use it to perform a query for specific endpoints based on their operating system.

  • Live Search queries will no longer wait for unresponsive endpoints before returning results. This significantly improves query wait time.

  • The Company filter is now only visible to Partner companies.

  • When searching for a query, both the name and the syntax are now checked for matches.

  • Multiple graphical elements have been modified to offer a better user experience.

Improvements

XDR

  • Information about security risks is now available in the incident Overview > Summary > Root cause section. The text includes links to Endpoint Risk Analytics (ERA), where you can view further details.

  • The incidents Search function has two new fields, which you can use in queries : email.sender_address and email.sender_name.

    The field email.sender, which currently contains the same information, will be deprecated in 90 days.

  • Remote Shell now supports single sign-on authentication. Once single sign-on is configured, you will be redirected to your company's login page whenever you start a remote shell session.

GravityZone platform

  • Improved the communication mechanism between the GravityZone console and endpoints in network-restricted environments. This change requires a firewall rule to be created. The rule should whitelist a new set of web addresses that are used to verify the server certificate revocation and enhance security. For more information, refer to GravityZone (cloud) communication ports.

  • The Partner Changed notification now clearly indicates if a client company has joined or left your management.

Policies

  • You now receive an explanatory message every time you cannot save a policy due to invalid data in the Sandbox Analyzer > Endpoint Sensor and Integrity Monitoring > Real Time sections.

Public API

Network API
  • The returnTaskId parameter is now available for the createscantask and createscantaskbymac API methods. The parameter allows you to include the newly created task ID in the API response.

  • The productOutdated paramater is now available for the getnetworkinventoryitems API method. This parameter allows you to include information about the update status of all the endpoints of a given company in the API response.

Incidents API
  • The returnRuleId parameter is now available for the createcustomrule API method. The parameter allows you to include the newly created rule ID in the API response.

Push API
  • A new Event Push API alert is now available: partner-changed. This event triggers when a client company joins or leaves your management.

Resolved issues

Integrity Monitoring

  • The License Expires notification now includes the name of the Data Retention Add-on that is soon to expire.

XDR

  • XDR trial users who installed Network sensor will no longer encounter the "Not licensed" error message when switching to a full license.

GravityZone platform

  • Security Containers and Security Container hosts no longer incorrectly appear in the Network page as having issues.

  • Security fixes.

January 2023 (Version 6.36.0-1)

Improvements

GravityZone platform

The way Bitdefender partners view incidents from their companies and child companies has changed:

  • Partners can view their company's incidents and receive incident notifications only if they have manage rights over the company's network.

  • Partners can view the Custom Rules page of their company only if they have manage rights over the company's network.

  • Partners can view incidents and receive incident notifications only from the child companies they have access to.

  • EDR portlets count incidents only from the companies the partners have access to.

Resolved issues

EDR

  • In some cases, users could not change the incident Status, Assignee or Priority values. The issue has been fixed, but the fix does not apply retroactively.

Archived Release Notes

For GravityZone release notes covering 2019–2022, refer to this document.