Directly contact our Support Team

GravityZone 6.23.1-1 Release Notes

Release date: 2021.04.20

New features

EDR for Everyone

A lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems, powered by top-notch machine learning and cloud scan technologies, with low resource footprint, easy deployment and maintenance, which can run alongside any third-party endpoint protection platform.

This lightweight solution includes technologies from state of the art GravityZone features such as:

  • Endpoint Detection and Response (EDR)
  • Fileless Attack Protection
  • Network Attack Defense
  • Advanced Threat Control (ATC)
  • Sandbox Analyzer
note Note:
Available as Bitdefender EDR, a standalone security solution.

Improvements

GravityZone platform

  • Control Center leaves the old blue theme behind and comes with a couple of readability and usability improvements such as:
    • Replaced the scroll bar from the main menu with the More button to reveal additional items.
    • Increased the font size for lower screen resolutions.
    • Removed the top blue bar to make room for actual data.
    • Increased the contrast to the top banner for alerts.
  • The Update Security Server task has two options now, for each type of update you can run, when available:
    • Feature update, for installing the Bitdefender new features, improvements and fixes, and security fixes
    • OS update, for upgrading the operating system of the Security Server VA
      note Note:
      Run the task with this option to bring the OS of the Security Server to Ubuntu 20.04 LTS, the only supported version until new upgrade.
  • The grid in the Network page now includes new columns and several improvements, designed to help you better identify and find endpoints in the inventory:
    • Name. It can now display the MAC address appended to the hostname, to uniquely identify endpoints that may have the same hostname or IP address.
      You need to enable this option in the Configuration > Network Settings > Network Inventory Settings page.
    • Machine type. It shows whether the endpoint is a server or a workstation.
    • OS type. It displays the type of operating system installed on the endpoint.
    • OS version. It shows the version of the operating system installed on the endpoint.
  • Virtual Machines view of Network Inventory has now become Cloud Workloads view.
  • When creating an installation package in the Packages page, you have now the option to choose the operation mode of the security agent:
    • Detection and prevention, which allows you to choose the modules to include in the package, and to enable their full capabilities.
    • EDR (Report only), which creates an EDR package with a predefined list of modules, their functionality being limited to report-only actions. The package includes the following modules:
      • Advanced Threat Control (ATC)
      • EDR Sensor
      • Network Protection (Content Control, Network Attack Defense)
    note Note:
    Available only with GravityZone Ultra, and GravityZone Ultra Plus.
  • Updated the wizard at the Install Security Server task with new requirements.
  • Removed the option to scan the endpoint before agent installation to speed up the installation process. Nevertheless, it is recommended to run a scan task as soon as possible after the agent installed on the endpoint.

VMware integration

Improved the performance of GravityZone processors and decreased CPU usage when synchronizing VMware inventory in high load environments.

Security for Storage

Storage Antimalware notification now includes information about the Security Server and security content versions.

Sandbox Analyzer On-premises

Files detected on the ICAP server as malicious are now sent to Sandbox Analyzer to remove the doubt of a false positive.

Ransomware Mitigation

The Ransomware Activity page now links to the endpoint details page when clicking an endpoint name.

Security Telemetry

New options for configuring Security Telemetry:

  • Bypass validation of the SSL certificate on HTTP collector, in case your HTTP collector uses a self-signed SSL certificate.
  • Granular event type selection, if you are interested in sending to the SIEM only certain types of events.

Resolved issues

Active Directory integration

When an endpoint joined in Active Directory changed its SSID, Control Center was still displaying the old entity as managed, and not the new one.

Patch Management

Completed Patch install tasks could not be deleted from the Tasks page, returning the error "Items you selected cannot be deleted”.


Rate this article:

Submit