GravityZone 6.15.1-2 Release Notes
Release date: 2020.07.07
- Security agents: 220.127.116.113 (Windows); 18.104.22.168 (Linux); 22.214.171.124080 (macOS)
- Security Server: 126.96.36.19916 (Multi-Platform); 188.8.131.5242 (VMware NSX-T); 184.108.40.20637 (VMware NSX-V)
Endpoint Detection and Response (EDR)
Bitdefender brings its state-of-the-art EDR cloud technology to its on-premises solutions.
EDR is an event correlation component, capable of identifying advanced threats or in-progress attacks. As part of our comprehensive and integrated Endpoint Protection Platform, EDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.
For this purpose, you need to install the Incidents Server role on your appliances, add the EDR module on agents, and enable the feature in the policy. Then, you can find all the identified incidents, as well as all events that the Bitdefender prevention technologies have detected, in the Incidents page.
Feature available in: GravityZone Ultra
Root Cause Analysis
This feature informs you of threats detected and blocked by our preventive technologies. It provides you with complex filtering options and graphic representation of incidents, as well as blocklisting capabilities.
For this purpose, you need to install the Incidents Server role on your appliances and enable the Incidents Sensor module in the policy. You can find everything that the Bitdefender prevention technologies have detected, in the Incidents page.
Feature available in: GravityZone Elite
Vaccines give you immunity, but what happens when they come too late? Powered by proactive and award-winning detection technologies, Ransomware Mitigation offers an early solution to ransomware attacks. It detects the attack as it happens, blocks it regardless it was run locally or from a remote endpoint, and then recovers the files encrypted so far.
Find the Ransomware Mitigation settings under the Antimalware > On-execute policy section. After applying protection on endpoints:
- You will receive notifications whenever an attack takes place.
- You can view details about the ransomware attacks in your network in the Ransomware Activity page.
- You will view such events in the Security Audit report.
Feature available in: GravityZone Elite, GravityZone Ultra and GravityZone Enterprise (à la carte)
If you are Korean, you can now experience GravityZone in your own native language.
GravityZone provides a more efficient and proactive way of managing patches:
- A new smart scan mechanism detects and informs you whenever a new application has been installed on the endpoint and what patches are available for it.
- GravityZone reviews regularly the list of available patches and deletes those that are no longer applicable because either the related applications or the endpoints do not exist anymore.
- GravityZone also deletes from the list patches that are no longer available, although they are present on some endpoints.
Advanced Threat Control (ATC)
The ATC/IDS event notification details are enriched with the path and ID of the parent process, and also with the command line that started the process, if the case. These details are sent also via Syslog, in both available formats.
Full Disk Encryption
You can now set exclusion rules for non-system drives in the Encryption policy settings.
Remote troubleshooting is now available for Linux and macOS agents.
You now have control over the data you send to Bitdefender for analysis. You can find these options as follows:
- In the General > Settings > Options section of the policy – for endpoints
- In the Configuration > Security Server Settings page – for Security Servers
- You can now use the Delete button to drop protection management on endpoints joined in Active Directory. This change dismisses and removes the Clear license button from the action toolbar.
- The product updates and security content available on Relay agents are now visible in the new Information > Repository details page.
- Added more information about updates in the Information > Protection page.
You can now start a Reconfigure Client task for the selected endpoints directly from the Endpoint Modules Status report. The report also contains a new filter for the Advanced Threat Control module.
You are now asked to change the initial bdadmin password when accessing the GravityZone virtual appliance via SSH too. This change applies to any user with administrative right used for GravityZone deployment in Microsoft Azure.
- The Security Server updates from the Bitdefender Servers are now downloaded only through an HTTPS encrypted channel. Make sure to have port 443 open for outbound traffic from the following locations:
No changes at updates rolled out from the internal network.
- The product updates available on the Update Server are now visible in the new Configuration > Repository page.
Added several usability enhancements throughout the console. To mention:
- Redesigned the Policies > Assignment Rules and the Reconfigure Client pages for better visibility.
- Enhanced the Endpoint Modules Status report with the Reconfigure Client option.
- Switched to case insensitivity of the login credentials assigned via Access Permissions.
- Moved the option Submit HVI memory violations to Bitdefender from the General > Settings policy section into the new Configuration > Security Servers > Privacy page section. The option will be enabled only if all policies had it enabled.
Active Directory integration
You can now selectively import AD organizational units in GravityZone, for a more flexible management of endpoints joined in AD. Find the available options in the Configuration > Active Directory > Add / Edit Active Directory Domain page. These changes also reflect in the User Activity logs.
- Added support for VMware vSphere and vCenter 7.0, except for the Workload Management vSphere functionality.
- Citrix XenServer integration now automatically updates itself with the new IP address of the pool master. You only need to enable this option from Configuration > Virtualization Providers > Management Platform > Add / Edit XenServer window. After this, GravityZone will notify you whenever it happens.
- Removed the option Prefer basic deployment methods instead of integration from Configuration > Miscellaneous. It is now the default option.
- Added the fourth antimalware scan option - custom scan, to the createScanTask method. This option comes with the additional parameters: scanPath and scanDepth.
- Created the SetSubmitSettings method so that you can state your privacy preferences via API too.
- You can now use the downloadScanLogsZip method to obtain scan logs only for one endpoint.
- Updated the following methods so that you can add the available modules to agents, provided they are covered by license:
The networkMonitor option was renamed to NetworkAttackDefense.
Infected files were deleted even with the Take no action setting selected.
Endpoint Encryption Status and HyperDetect Activity emailed reports did not include the attachment with the results.
If Update Server was removed from the infrastructure, it could not be installed again due to deployment requirements in place.
Succeeding the VMware vCNS / vShield Endpoint integration EOSL notice, Bitdefender removes the option to add/edit this type of integration via the GravityZone update scheduled for end of Q3.