Bitdefender GravityZone Notes to version 6.7.1-1

Date of publication: 02. Last revised: 5. July

BEST-Minimum Version: 6.6.11.159Security Server Multi-Platform-Minimum Version: 6.1.71.8593

Malware

• Improved user-defined exclusions:possibility to use placeholders to define user-defined exclusions.Other types of exclusions have been added: file hash, certificate fingerprint, Threat name and command line. New field to add notes or comments to each exclusion. New option to add ATC/IDS exclusions for folders.
• Possibility to use placeholders to define user-defined exclusions.
• Other exclusion types have been added: file hash, certificate fingerprint, threat name and command line.
• New field to add notes or comments to each exclusion.
• New option to add ATC/IDS exclusions for folders.

• Technology improvements in the centralised scan:Security Server Cache Sharing technology now available. With this implementation, Security Server can exchange scan cache information with each other, leading to a significant increase in scan speed in virtualized environments. Enable to use this function Port 6379 to allow data traffic between security servers. Note:Cache sharing is only possible between security servers of the same type. For example, Security Server Multi-Platform shares its cache only with other Security Server Multi-Platform.Implementation of a new load equalisation mechanism between end points protected by BEST with centralised scan and security servers. From now on, you can determine whether the load should be evenly distributed to the assigned security servers. Improved reports on the load status of security servers help you assess the scalability of security servers in your environment. The Status report of the Security Server now contains two new states: almost overloaded and almost overloaded. Sandbox AnalyzerThe list of supported file types that can be transmitted automatically to the Sandbox Analyzer, Functions for pre-filtering content for the transmission of files to the Sandbox Analyzer have been added. This function can be configured in a new policy section. Error messages have been added for failed detonations in the transmission section on the Sandbox Analyzer page. From now on, you can use a secure connection between security servers and the protected NAS servers, when using SSL via ICAP. Download your security certificate in the Control Center under Configuration Certificates End Point - Security Server Communication.Userfriendliness The Control Center workspace has been optimized with the new display modes in the menu: extended, Reports The Network Protection Status Report was for more detailed status for licenses (expired, pending, The Malware Protection Signatures have been replaced by a new method for identifying known and unknown malware under the name Security Contents. Security Server Updates are now published via Update Rings.Public APIGGeneral: About these New endpoint you can now retrieve the API key details. Network:New option to create a scan task based on the MAC address of the endpoint. The companyId field has been inserted into the results of the getManagedEndpoint Details method.You can now use the setEndpoint Label method to name a endpoint. Sandbox AnalyzerAnalysis results from a manual transmission could not be retrieved if a proxy was active.Update system In Control Center, the option for the weekly recurrence of malware protection updates was reset, if it was only fixed on Sundays. This was only a display problem as the setting was correctly transmitted to the security agents.Malware security server load balancing -The uniform distribution mode was limited in its functionality. The scan load was not evenly distributed to the Security Server.Malware Protection The new custom exclusion types are not available for custom scan tasks on the network page.The following exclusion types for ATC/IDS are only available for Windows desktop operating systems:Process with Placeholder file hash Name of the find name with placeholder command line exclusions per certificate hash (fingerprint) are not available for ATC/IDS.

Technology improvements in centralised scanning:

• Security server cache sharing technology now available. With this implementation, Security Server can exchange scan cache information with each other, leading to a significant increase in scan speed in virtualized environments. Enable to use this function Port 6379 to allow data traffic between security servers. Note:Cache sharing is only possible between security servers of the same type. For example, Security Server Multi-Platform shares its cache only with other Security Server Multi-Platform.

Security server cache sharing technology now available. With this implementation, Security Server can exchange scan cache information with each other, leading to a significant increase in scan speed in virtualized environments. Enable to use this function Port 6379 to allow data traffic between security servers.

• Implement a new load balancing mechanism between end points protected by BEST with centralised scan and security servers. You can now determine whether the load should be evenly distributed to the associated security servers.
• Improved load status reports from security servers help you assess the scalability of security servers in your environment. The Status report of the Security Server now contains two new states: almost overloaded and almost overloaded.

Sandbox Analyzer

• The list of supported file types that can be transmitted automatically to the Sandbox Analyzer has been extended.
• Functions for pre-filtering content for transmitting files to the Sandbox Analyzer have been added. This function can be configured in a new directive section.
• Error messages for failed detonations were added in the transmission section on the Sandbox Analyzer page.

Storage

You can now use a secure connection between security servers and the protected NAS servers if they use SSL via ICAP. Download your security certificate in the Control Center under Configuration Certificates End Point - Security Server Communication.

Usability

The Control Center workspace has been optimized with the new display modes in the menu: extended, reduced (symbol view) and hidden.

Reports

The Network Protection Status Report has been extended to include more detailed status for licenses (expired, pending, test version) and endpoint management (not managed).

Update

• The malware protection signatures have been replaced by a new method for identifying known and unknown malware under the name Security Content.
• Security server updates are now published via update rings.

Public APIs

• General: You can now access the API key details via this new endpoint.
• Network:New option to create a scan task using the MAC address of the endpoint. The companyId field has been inserted into the results of the getManagedEndpoint Details method.You can now reset the name for an endpoint using the setEndpoint Label method.Introduction of the assignPolicy method.
• New option to create a scan task based on the MAC address of the endpoint.
• The companyId field was inserted into the results of the getManagedEndpoint Details method.
• You can now reset the name for an end point using the setEndpointLabel method.
• Introduction of assignPolicy method.

Sandbox Analyzer

Analysis results from a manual transmission could not be retrieved when a proxy was active.

Update

At the Control Center, the weekly recurrence of malware protection updates has been reset if it was only set on Sundays. This was only an indicator problem as the settings were correctly transmitted to the security agents.

Malware

Security server load balancing -The uniform distribution mode was limited in its functionality. The scan load was not evenly distributed to the security servers.

Malware

• The new custom exclusion types are not available for custom scan tasks on the network page.
• The following exclusion types for ATC/IDS are only available for Windows desktop operating systems:Process with placeholder file hash
• Process with placeholders
• File-hash
• Name of the find
• Name of the find with placeholders
• Command
• Exclusions by certificate hash (fingerprint) are not available for ATC/IDS.
• Possibility to use placeholders to define user-defined exclusions.
• Other exclusion types have been added: file hash, certificate fingerprint, threat name and command line.
• New field to add notes or comments to each exclusion.
• New option to add ATC/IDS exclusions for folders.

Technology improvements in centralised scanning:

• Security server cache sharing technology now available. With this implementation, Security Server can exchange scan cache information with each other, leading to a significant increase in scan speed in virtualized environments. Enable to use this function Port 6379 to allow data traffic between security servers. Note:Cache sharing is only possible between security servers of the same type. For example, Security Server Multi-Platform shares its cache only with other Security Server Multi-Platform.

Security server cache sharing technology now available. With this implementation, Security Server can exchange scan cache information with each other, leading to a significant increase in scan speed in virtualized environments. Enable to use this function Port 6379 to allow data traffic between security servers.

• Implement a new load balancing mechanism between end points protected by BEST with centralised scan and security servers. You can now determine whether the load should be evenly distributed to the associated security servers.
• Improved load status reports from security servers help you assess the scalability of security servers in your environment. The Status report of the Security Server now contains two new states: almost overloaded and almost overloaded.

Security server cache sharing technology now available. With this implementation, Security Server can exchange scan cache information with each other, leading to a significant increase in scan speed in virtualized environments. Enable to use this function Port 6379 to allow data traffic between security servers.

Sandbox Analyzer

• The list of supported file types that can be transmitted automatically to the Sandbox Analyzer has been extended.
• Functions for pre-filtering content for transmitting files to the Sandbox Analyzer have been added. This function can be configured in a new directive section.
• Error messages for failed detonations were added in the transmission section on the Sandbox Analyzer page.

Storage

You can now use a secure connection between security servers and the protected NAS servers if they use SSL via ICAP. Download your security certificate in the Control Center under Configuration Certificates End Point - Security Server Communication.

Usability

The Control Center workspace has been optimized with the new display modes in the menu: extended, reduced (symbol view) and hidden.

Reports

The Network Protection Status Report has been extended to include more detailed status for licenses (expired, pending, test version) and endpoint management (not managed).

Update

• The malware protection signatures have been replaced by a new method for identifying known and unknown malware under the name Security Content.
• Security server updates are now published via update rings.

Public APIs

• General: You can now access the API key details via this new endpoint.
• Network:New option to create a scan task using the MAC address of the endpoint. The companyId field has been inserted into the results of the getManagedEndpoint Details method.You can now reset the name for an endpoint using the setEndpoint Label method.Introduction of the assignPolicy method.
• New option to create a scan task based on the MAC address of the endpoint.
• The companyId field was inserted into the results of the getManagedEndpoint Details method.
• You can now reset the name for an end point using the setEndpointLabel method.
• Introduction of assignPolicy method.
• New option to create a scan task based on the MAC address of the endpoint.
• The companyId field was inserted into the results of the getManagedEndpoint Details method.
• You can now reset the name for an end point using the setEndpointLabel method.
• Introduction of assignPolicy method.

Sandbox Analyzer

Analysis results from a manual transmission could not be retrieved when a proxy was active.

Update

At the Control Center, the weekly recurrence of malware protection updates has been reset if it was only set on Sundays. This was only an indicator problem as the settings were correctly transmitted to the security agents.

Malware

Security server load balancing -The uniform distribution mode was limited in its functionality. The scan load was not evenly distributed to the security servers.

Malware

• The new custom exclusion types are not available for custom scan tasks on the network page.
• The following exclusion types for ATC/IDS are only available for Windows desktop operating systems:Process with placeholder file hash
• Process with placeholders
• File-hash
• Name of the find
• Name of the find with placeholders
• Command
• Exclusions by certificate hash (fingerprint) are not available for ATC/IDS.
• Process with placeholders
• File-hash
• Name of the find
• Name of the find with placeholders
• Command

You don't find the solution to your problem? Please open an e-mail ticket and we will answer your questions or concerns in the shortest time.