Bitdefender GravityZone Business Security Changelog

What's new in Bitdefender GravityZone Business Security March 2024 (Version 6.49.0-1)

Mar 21, 2024

Early Access:
YARA detection rules:
YARA rules are now available on macOS endpoints.
New features:
MSP Product Trials:
MSP Product Trials enables partners to enroll client companies in trials, allowing them to test out features, add-ons, and services that are not included in their subscription. The feature is being released in stages, in a controlled availability manner.
Improvements:
Threats Xplorer:
You can now filter detection events based on endpoint tags. Using automatic or custom tags helps you view events from specific endpoint groups and efficiently analyze and correlate detections.
Executive Summary:
The Incidents status widget was renamed to Incidents breakdown by action taken and for a more granular view, the widget categories are now available as:
Reported: includes Endpoint and Organization incidents upon which no action was taken and require further investigation.
Partially blocked: includes Organization incidents in which the automatic actions defined in the policies have been taken only on some entities.
Blocked: includes Endpoint incidents that were detected and blocked by GravityZone prevention modules.
Help & Support:
The Help & Support page has a new design, easier to navigate. Topics are displayed on cards organized in two tabs:
Basics - covers GravityZone general use, technical assistance, legal aspects, and more.
Advanced Configuration - provides information on specific GravityZone features.
As with the previous Help & Support page, the content depends on the company type and the license you are using.
Public API:
Packages API:
A new method is now available: updatePackage. You can use it to update installation packages.
Companies API:
The getCompanyDetails method now returns the ParentCompanyId attribute.
API Event Push Service:
Events sent through the Event Push Service API that fail to deliver are now saved in a buffer, which can hold up to 1000 events. Once the counter exceeds 1000 events, Event Push Service will automatically stop sending events, and it will reset the serviceSettings.status field used in the getPushEventsSettings method to 0.
The getPushEventStats method now returns the max attribute, which is an object that contains the messageQueueBytes and messageQueueLength attributes.
User Activity:
Entries related to creating or editing a policy now include the list of changed settings in the Details area. The settings are grouped by sections.
XDR:
The Sensors Management feature now provides integration with two new sensors:
CSPM+. This new sensor collects telemetry about cloud platforms security posture from Cloud Security to enrich GravityZone XDR incidents and risk information.
Security for Mobile. This new sensor processes mobile device events collected from GravityZone Security for Mobile.
Limitations:
Custom rules:
Custom detection rules and Custom exclusion rules features will only work if your endpoints have the following version of BEST or newer, as announced in GravityZone banner in January:
7.9.5.324 (Windows)
7.0.3.2271 (Linux)
7.14.32.200019 (macOS)
Resolved issues:
Security for AWS:
The Amazon EC2 integration experienced synchronization issues, which resulted in previously removed secured instances being displayed in the Network Inventory.
Network protection:
Some users experienced an issue where exclusions were still being applied, even when the Use Exclusions option was disabled in the Web access control settings section.
Power User:
The Network section and the Policy Compliance report did not reflect changes made by Power User to the policy.
GravityZone platform:
Security fixes.

New in Bitdefender GravityZone Business Security February 2024 (Version 6.48.0-1) (Feb 19, 2024)

Early Access:
Health Dashboard:
The export functionality is now available in Health Dashboard. You can use this new option to access and manage the centralized data outside GravityZone Control Center, according to your needs. All events are exported in the widely available CSV format, making it easier to import into other software programs tailored for your business.
A new entry is now available in the Endpoint patch management widget. Patches available, not installed provides you with the number of endpoints in your network that have patches available, but no patch installation task was initiated to install them.
New features:
Security Telemetry:
You can now enable sending telemetry data from your BEST protected endpoints to integrated platforms in syslog format. The option can be accessed by editing a policy, going to General > Security Telemetry and selecting Syslog (JSON) from the SIEM solution field under the SIEM Connection Settings section.
XDR demo incident:
A new demo function is now available on the Incidents page. This feature simulates a scenario from multiple sensors and showcases the capabilities of the XDR feature.
You can access this new capability from the Show demo incident button, on the upper right side of the Incidents page.
Improvements:
Security for AWS:
Security for AWS now includes the following improvements:
Licensing compatibility extends to all GravityZone standard products with the exception of Free Risk Assessment Tool and GravityZone EDR Cloud.
It supports multiple Amazon EC2 inventories per company.
Users can now set names for Amazon EC2 integrations.
The Amazon EC2 integration aligns on the same level with Computers and Groups in Network Inventory.
The Integration tags tab now also displays AWS tags. They are available in the Information window of Amazon EC2 instances. You can use tags in Policies > Assignment Rules.
The Tasks Details panel now includes information about the Amazon EC2 integration name.
The new Amazon EC2 subscription type has changed notification informs you whenever your subscription type changes from Marketplace to Partner.
The User Activity page has been updated.
Amazon EC2 Subscription Status report is now available for any company using or managing Amazon EC2 integrations.
Partners can now suspend or reactivate integrations directly from the Amazon EC2 Subscription Status report.
The Amazon EC2 Monthly Usage report now contains two new columns: Integration Name and AWS Account ID.
The Integrations page now includes multiple new columns: Name, Status, Subscription type and Subscription status.
Quarantine:
You can now submit quarantined files to Sandbox Analyzer directly from Quarantine. The new option Submit to Sandbox Analyzer enables you to submit previously retrieved files for an in-depth behavioral analysis.
Filtering quarantined files based on the technology that performed the detection is now available. The new Detecting technology filter and column helps you view manually quarantined files and files detected by multiple Antimalware and Integrity Monitoring technologies.
You can now remotely retrieve and download quarantined files from endpoints with macOS operating systems.
Public API:
New values are now available for the industry parameter of the createCompany and updateCompanyDetails methods.
The same values are returned by the getCompanyDetails method.
A new version (1.1) is now available for the following APIs and methods, providing various quality of life improvements:
Network API:
getEndpointsList
getNetworkInventoryItems
createReconfigureClientTask
getTaskStatus
Incidents API:
createIsolateEndpointTask
createRestoreEndpointFromIsolationTask
Quarantine API:
createAddFileToQuarantineTask
createRestoreQuarantineExchangeItemTask
createRestoreQuarantineItemTask
createEmptyQuarantineTask
createRemoveQuarantineItemTask
Version 1.0 for these methods is still available for use.
The following changes have been performed for the Integrations API as a result of the changes done to AWS integrations:
The configureAmazonEC2Integration method is no longer available.
The integrationName parameter is now available for the configureAmazonEC2IntegrationUsingCrossAccountRole method.
The procedure and requirements for generating external IDs has changed, impacting requests using the generateAmazonEC2ExternalIdForCrossAccountRole method, and the information returned by the getAmazonEC2ExternalIdForCrossAccountRole and configureAmazonEC2IntegrationUsingCrossAccountRole methods.
The integrationName parameter is now available for the disableAmazonEC2Integration method.
The licensedServices parameter is now also returned by the getLicenseInfo method for companies using yearly licenses.
The possible values of the maxResults parameter have changed for the findCompaniesByName method.
Reports:
A new option is available when creating a Monthly License Usage report: Only new customer companies. Enabling this option allows you to display monthly usage reports only for companies created between two specific dates.
Advanced Anti-Exploit:
Added Google Chrome to the Predefined Windows Applications list that you can find in the Antimalware > Advanced Anti-Exploit policy settings. Now you have the flexibility to customize browser protection based on your preferences.
Control Center:
Customers with CSPM+ licenses will now have an improved experience when accessing the Control Center landing page. The page will feature user-friendly content that simplifies basic tasks and provides access to the latest news from Bitdefender.
Product Trials:
Companies using GravityZone Small Business Security can now enroll in Product Trials and and explore new features and products.
Policies:
The settings in the Risk Management section have been changed: scheduled scans can now be set to run only daily or weekly.
XDR:
The Node Details panel was improved and now inlcudes:
MAC information for the following nodes:
Endpoint
Server
If Endpoint or Server nodes have multiple IPs, the MAC information may contain multiple values.
One or multiple IP addresses for the following nodes:
Domain nodes
Endpoint
Server
One or multiple domain names for the IP node.
The Advanced search panel now includes a new field: network.domain_name. You can use this field in your search query.
Removed features:
Policies:
The Update Linux EDR modules using product update option has been removed from the General > Update page in the policy settings.
Resolved issues:
Threats Xplorer:
Fixed an issue that caused inconsistencies between detection events reported in Threats Xplorer and information displayed in HyperDetect Activity report.
Antimalware:
Sometimes, endpoints under Active Directory integrations could not be used as network scanners for on-demand tasks.
Reports:
Fixed an issue that was affecting the EC2 Monthly Usage report. Data was being returned for the month previous to the one requested in the report.
MSP:
Fixed an issue where disabling EDR for own use on a partner company would incorrectly disable the Live Search feature for all their customers.
Network:
Scanned streams summary in the Scan Logs tab of endpoint details had some information duplicated.
GravityZone platform:
Security fixes.

New in Bitdefender GravityZone Business Security January 2024 (Version 6.47.0-1) (Jan 15, 2024)

Early Access:
Health Dashboard:
The feedback form is now enriched with more details to streamline the way you share your thoughts with us. Your insights, suggestions, and experiences with Health Dashboard play an important role in helping us enhance and refine the feature.
GravityZone Cloud Security:
The Asset Inventory page is now available in the GravityZone Cloud Security console.
You can use the feature to access an overview of your inventory list across your cloud resources, different cloud providers and accounts that you have onboarded.
The page consists of two sections:
Resources - provides an overview of all existing resources detected across all your integrated cloud accounts.
Identities - provides an overview of different identity types.
API Integration is now available for GravityZone Cloud Security. You can set up the new feature from the Integrations page in the GravityZone Cloud Security console.
A new remediation option is now available for supported findings detected on AWS cloud resources. This is available in the Posture Management > Rules page: One-click Remediate. The option is represented by a new icon in the rules table.
To allow GravityZone Cloud Security to make changes to your selected AWS cloud account, an additional setup is required for this capability.
Improvements:
Quarantine:
GravityZone introduces a new capability that enables you to remotely download quarantined files directly from Quarantine. The new functionality is available in Quarantine > Computers and Virtual Machines.
To get the file of interest, you need to first retrieve it from the endpoint using the new Retrieve button. Once the file is retrieved, you can proceed to download it as a password-protected archive using the Download option.
The new functionality is available for all license and company types and for endpoints with Windows operating systems.
You require Manage Networks and Manage Company rights to use the feature.
Child companies can allow their direct partner to retrieve and download files by enabling the option Your Bitdefender partner can download your quarantined files from the My company section. The Partner download permission changed notification is sent whenever this option is enabled or disabled.
The retrieved file is available for download within 24 hours after which it is automatically deleted and requires a new retrieve action.
The File size column was added to provide details about the size of the quarantined files.
Assignment rules:
New descriptions are available for locations and exclusions when defining negative conditions for location rules.
GravityZone platform:
Bitdefender enforces in GravityZone the use of the HTTPS protocol for Bitdefender Endpoint Security Tools updates to enhance security. For more information, refer to this article.
New values are now available for the Field of activity option when creating or editing a company.
Public API:
New values are now available to use in the industry parameter for the createCompany and updateCompanyDetails methods.
The same values are returned by the getCompanyDetails method.
A new version (1.1) is now available for the following methods, providing various quality of life improvements:
getEndpointsList
createRestoreEndpointFromIsolationTask
createIsolateEndpointTask
createReconfigureClientTask
createAddFileToQuarantineTask
createRestoreQuarantineExchangeItemTask
createRestoreQuarantineItemTask
createEmptyQuarantineTask
createRemoveQuarantineItemTask
Version 1.0 for these methods is still available for use.
Resolved issues:
Threats Xplorer:
The detections calendar failed to display weekdays in the proper order after changing the language from the My account section.
Health Dashboard:
Fixed an issue that caused inconsistencies in the count of unmanaged endpoints between Health Dashboard and the Network Protection Status report.
XDR / EDR:
Fixed an issue that caused inconsistencies between the number of open incidents shown in the EDR - Incidents Status portlet and the Incidents view.
Tasks:
In some cases, expired Reconfigure agent tasks ran on endpoints after they came back online.
Network:
In some cases, users were unable to view scan logs from the Network inventory > Endpoint details > Scan Logs tab.
Risk Management:
Fixed an issue causing incorrect search results to be returned in the name filter in the Risk Management > Security Risks > Misconfigurations page.

New in Bitdefender GravityZone Business Security December 2023 (Version 6.46.0-1) (Dec 5, 2023)

New in Bitdefender GravityZone Business Security October 2023 (Version 6.44.1-1) (Oct 5, 2023)

Early Access:
Health Dashboard:
Health Dashboard is a brand-new feature designed to provide a comprehensive overview of endpoint issues and status within your network. Different widgets offer important insights into the health and performance of endpoints and highlight critical concerns that require your attention.
You can monitor your network's health with the intuitive visuals and customizable features that Health Dashboard provides in this unified view. Using the endpoint tags filter enables you to focus on data that is most relevant to your organization. You can add, remove, resize, or move widgets according to your needs and create smart views to ensure that essential information is readily available in a single view.
Health Dashboard includes details about:
Managed, active, unmanaged, or offline endpoints
Endpoint types in your network inventory
Endpoints update status
Endpoints issues
Endpoints policy status
Modules coverage on your endpoints
Licensing information for your company
Endpoints encryption status
Patch status on your endpoints
Permission issues present on macOS endpoints
Security Server status
Unified Incidents:
You can now copy the incident link directly from the Incidents grid by hovering over a grid entry or selecting one, and clicking the Copy to clipboard button. You can copy the links of the correlated incidents from the Incident info panel.
Improvements:
Executive Summary:
You can now install security agents directly from Executive Summary, The new options, Install now and Send download links, provide the flexibility to either use the small-size downloader or send an installation package link to multiple users.
Product Trials:
The Product Trials feature is now available for all companies that own one of these yearly licenses:
GravityZone Business Security
GravityZone Advanced Business Security
GravityZone Business Security Premium
GravityZone Business Security Enterprise
GravityZone Security for Workstations
GravityZone Security for Servers
You can now access even more products through the Product Trials feature:
Security for Containers
Security for Storage
Integrity Monitoring
MDR:
Bitdefender is launching three new MDR products:
MDR Foundations
MDR Enterprise
MDR Premium
The Response flavor is no longer available for the Managed Detection and Response service. The remaining flavor, Foundations, is now the default option. As a result, the service is now called Managed Detection and Response Foundations.
Container Protection:
You can now delete containers from the GravityZone inventory if their host has been offline for more than 24 hours.
Resolved issues:
Public API:
The following parameters are now returned by API events of the Antimalware type: cleaned, blocked, deleted, quarantined, ignored, and present. The parameters record how many detections originated from the same file or process in the course of a minute.

New in Bitdefender GravityZone Business Security September 2023 (Version 6.43.1-1) (Sep 14, 2023)

New in Bitdefender GravityZone Business Security June 2023 (Version 6.41.0-1) (Jun 8, 2023)

Improvements:
GravityZone platform:
Bitdefender is launching a new product: Bitdefender Small Business Security.
A full installation kit is now available for BEST Linux endpoints that use ARM CPUs.
XDR:
GravityZone eXtended Detection and Response now supports events from Google Cloud Platform through a new sensor integration. The new sensor collects and processes audit information related to Google Cloud resources. The sensor can be configured through the Sensors Management.
A new notification type has been implemented: Sensor integration status. This notification informs you when the status of a sensor integration changes.
Public API:
Licensing API:
The manageContainerProtection and manageContainerProtectionResell settings has been added to the ownUse and resell parameters for the setMonthlySubscription method.
Company API:
The manageContainerProtection and manageContainerProtectionResell settings has been added to the ownUse and resell parameters for the createCompany method.
Network API:
The getNetworkInventoryItems method now returns the manageContainerProtection option under the ownUse object and the manageContainerProtectionResell option under the resell object.
Policies:
The Automatic Network Discovery option can now be enabled in the policy under Relay > Communication > Automatic Discovery of new endpoints.
Enabling the option will prompt the Relays to execute the Network Discovery task at every 30 minutes.
New customers have the option disabled by default, while the option remains enabled for any existing custom policies.
Network:
The Antiphishing and Traffic Scan features are now available as separate options under the Network Protection module when creating an installation package.
Renamed Network Protection > Web Protection > Traffic Scan to Web Traffic Scan in both GravityZone new and existing packages.
Resolved issues:
XDR:
Fixed an issue that was causing the deployed Network sensors to be counted as unlicensed endpoints, even though the necessary licenses were active on the company.
Antimalware:
Load Balancing options were not saved in the policy when configuring the Redundancy mode for the Security Server.
Reports:
In some cases, attached .CSV files were not correctly included in certain reports sent via email. The issue is now fixed.

New in Bitdefender GravityZone Business Security May 2023 (Version 6.40.0-0) (May 18, 2023)

New features:
Mobile Security:
The Bitdefender GravityZone Security for Mobile is a mobile security solution able to protect mobile devices having Android or iOS operating systems against multiple threat vectors. It is designed to protect an employee’s corporate-owned or BYOD from advanced persistent threats without sacrificing privacy or personal data.
GravityZone Security for Mobile provides the following:
Protection of corporate-owned or BYOD devices from advanced persistent threats, which includes implementing endpoint protection software, keeping software and firmware up to date, implementing network segmentation, and using multi-factor authentication.
Risk intelligence and forensic data necessary.
Detection across all four threat categories — device compromises, network attacks, phishing attempts and malicious apps.
Visibility for the Incident Response teams into mobile threats and risks through integrations with leading UEM, SIEM, SOAR, and XDR systems.
Application vetting to detect malicious apps (Android and iOS) and out of compliance application detection.
Network Protection by detecting network borne threats, recon attempts, weak security connections, MiTM attacks.
Device Protection by detecting OS vulnerabilities as well as vulnerable devices that cannot be updated, and missing encryption, jailbreak/root, system tampering.
Improvements:
XDR:
You can now remotely upload and download files using the Remote Shell feature. The Upload and Download options are available after you begin a remote shell session.
The files are encrypted throughout the upload and download processes.
You can upload no more than 20 files at a time.
You can view and cancel file downloads by accessing the Network inventory > endpoint details > Investigation tab. You can also retrieve the downloaded files from this section.
If you want to be notified when the files are uploaded or downloaded, configure the New Investigation Files Activity notification type.
Network Protection:
The Web rules action categories found in Content Control > Web Access Control Settings > Web Categories Filter have been updated with the new Warn action.
The new action type aims to enhance the administrator's comprehension of the report's warnings and blocks.
In the Security Audit Report, the Event Type column was updated to also filter events by Warned Websites, and Warned & Disregarded Websites.
GravityZone platform:
A full installation kit is now available for BEST Windows endpoints that use ARM CPUs.
Search behavior in the company filter is now consistent across multiple pages such as Threats Xplorer, Quarantine, Tasks, Accounts, Installation Packages, Executive Summary, and Tags Management.
This is the expected behavior:
After typing a sequence of characters, GravityZone displays all entries starting with those characters.
When using the asterisk (*) as wildcard, GravityZone displays all entries containing that sequence of characters.

New in Bitdefender GravityZone Business Security April 2023 (Version 6.39.0-1) (Apr 18, 2023)

New features:
Live Search:
Live Search is now available for all GravityZone users that have access to EDR / XDR. With this feature you can search for real time events and system information from the online endpoints in your network, using OSquery, an SQL-compatible query system.
Improvements:
Tasks:
The Network > Tasks page has a new look and new options for a better user experience. Some highlights:
Filters and search boxes
Expandable and sortable columns
New details panel for sub-tasks
Tasks in the Network page have now more intuitive and consistent names. For example, Scan has become Malware scan, Install is now Install agent, and Reconfigure client has been renamed to Reconfigure agent.
The new names are also reflected in the Network > Tasks page, under the Task type category.
With this update, the User Activity page displays actions on tasks under the new names. Existing records under old names remain unchanged.
For the complete list of renamed tasks, refer to Changes to task names in GravityZone Cloud Control Center.
When you, as a Partner, assign a task to multiple companies in the Network page, GravityZone creates individual tasks for each company in the Network > Tasks page. In such a case, a sub-task includes only endpoints from one company.
When accessing the Network > Tasks page as a Partner, you view by default all managed companies recursively.
When you, as a Partner, assign a task in the Network page to multiple companies, you can no longer select the parent company, but only its child companies of Customer type.
XDR / EDR:
Now you can see the date when a domain controller was last reported to the Active Directory sensor integration. Find the Last reported field in the integration's details panel.
Now you can delete individual domain controllers from an Active Directory sensor integration.
Accounts:
The Accounts page has been redesigned and restructured. The page now provides an improved overall user account management experience.
Notifications:
You can now choose to receive notifications via email in plain text format. The new option is available for all notification types and you can find it on the Notifications Settings page.
The notifications email subject is now editable. You can customize the subject according to your needs using the new option Set custom email subject when configuring the notification. The option is available for most notification types.
The HyperDetect Activity notification is now enriched with details such as the detection type, user, company, and the command line used.
The Login from New Device notification includes the email address of the account used.
Policies:
In the Policies > Assignment Rules page, you can now apply policies via location rules only to targets you manage.
From now on, the Targets section is always active when you configure a rule. If you do not specify targets, GravityZone automatically selects all the available entities when saving the rule.
Old rules with no targets specified will continue to function as before until you manually save them again.
When you access Policies > Assignment Rules as a Partner, you now view your company rules instead of a blank page with no company selected.
Public API:
Accounts API:
The following Notifications Visibility Options are now available:
setCustomEmailSubject - if true, it changes the default subject used in GravityZone notification emails.
emailSubject - it contains the custom text to be used for GravityZone notification emails if setCustomEmailSubject is set to yes.
Note
These options are only available for specific notification types.
The sendOnlyPlainTextEmail parameter is now available for the configureNotificationsSettings method. Enabling this option sends all notification emails in plain text format.
The getNotificationsSettings method now returns an additional option: sendOnlyPlainTextEmail.
Network API:
The productOutdated parameter is now available for the getEndpointsList method. The parameter indicates if the endpoint is missing one or more agent updates.
The createScanTask method now return all task IDs created as a result of the request instead of the most recent one.
Patch Management:
All Partner companies can now use Patch Management for their managed companies, regardless of their own use licensing settings.
Patch Management features are no longer applicable to companies that have the associated license expired.
Integrity Monitoring:
The Integrity Monitoring grid now provides better visibility of the actions within its columns.
Installation Packages:
The Network > Packages page has a new design and a new name: Installation Packages.
The Add button has become Create.
All other buttons except Download have been moved under More actions.
The package configuration form also has a new look.
For a limited time, the old design is still accessible via the toggle in the upper right corner of the console.
Network Protection:
The Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been updated with additional categories. All existing policies are automatically updated to reflect the changes made regarding the updated categories.
Newly added categories:
Astrology
Auto
Food
Kids
Lifestyle
Occult
Pets
Real Estate
Society
Updated categories:
Drugs category was split into the following categories: Alcohol, Tobacco, Pharmacy.
Video Online category was replaced by the Videos category.
Banks category was replaced by the Financial category.
Casual Games, Online Games and Computer Games categories have been merged into the Games category.
GravityZone platform:
Raw Events now offers support for Linux. The OS type column in the Raw Events grid indicates which fields are available for Linux endpoints.
The Gather logs feature from Network > endpoint details > Troubleshooting tab has been enhanced. You can now select between three new types of logs:
Product general issues
Malware infection
Malware infection (no cloud services)
The eXtended Detection and Response sensor integration licensing options have been renamed:
Identity providers (includes Active Directory, Azure AD, and Microsoft Intune)
Productivity apps (includes Microsoft Office 365 and Google Workspace)
Network (includes Network sensor)
Cloud workloads (includes AWS, Azure Cloud, and GCP)
Exchange protection:
Policy changes to content filtering rules now properly save when adding lookaround assertions in the rule settings. The issue occurred for rules containing body content filters of expression type.
Resolved issues:
Policies:
Exclusions configured in Configuration Profiles did not propagate to inherited policies.
XDR / EDR:
Fixed an issue that was preventing the Incident history tab from displaying the analyst's name correctly after changing the incident status.
The other.event_id parameter in the Incidents > Search feature of XDR now returns results when using wildcards.
Tasks:
In some cases, users could not delete finished tasks created by accounts no longer active.
Reports:
Fixed an issue that caused timezone inconsistencies in the Security Audit Report chart.
Troubleshooting:
Fixed an issue that prevented gathering logs from GravityZone using a network share for Linux and macOS endpoints.
GravityZone platform:
User Activity logs for API key creation are now visible to all users with the necessary rights.
Selecting the Download > Security container action in the Packages page no longer causes the Download Security Container window to freeze while loading.
Security fixes.
Public API:
Partners can now properly use the createRemoveQuarantineItemTask method to remove an item from quarantine for a client company. Previously, the request would return an Invalid params / At least one specified target is invalid. message.

New in Bitdefender GravityZone Business Security March 2023 (Version 6.38.1-2) (Mar 28, 2023)

New in Bitdefender GravityZone Business Security March 2023 (Version 6.38.0-0) (Mar 7, 2023)

Live Search:
You can now filter endpoints by their GravityZone tags by using the Tags filter.
The Reset filters button is now available in the Live Search page.
You can inspect the database schema and search for available tables and fields using the new side panel.
Improved the Metadata window:
you can now filter endpoints based on Status and Sent rows
a new button is available that allows you to assign tags to endpoints
Multiple graphical elements have been modified to offer a better user experience.
Improvements:
Endpoint tags:
This update brings several new options, support for tags management on child companies, and introduces the feature to the Cloud Security for MSP users.
In the Network page, you can now create custom tags directly in the Assign tags window.
In the Unassign tags window, you can remove all custom tags from endpoints at once.
As a Partner, you can control endpoint tags on child companies by using new company columns, filters and selectors in the Network and Tags Management pages.
Each tag in the Tags Management page now includes an inline menu to delete it or to easily create copies and apply them in other companies.
You can review actions taken on tags in each company in the User Activity page.
Non-MSP Partners can now manage endpoint tags on child companies that use a compatible GravityZone product, regardless of their own license. However, Partners need a compatible license to manage tags in their own companies.
For existings GravityZone products that support endpoint tags, refer to the list included in GravityZone November 2022 (version 6.34.0-1) release notes.
For the first time, endpoints tags are available to Cloud Security for MSP users, for both Endpoint Security and Bitdefender EDR product types.
MSP Partners have access to tags in their own companies with either a license key or monthly subscription. They can also manage tags on child companies provided those companies meet the licensing conditions.
To manage endpoint tags, Customer companies need a compatible license key or, if they use monthly subscription, they also must have the Advanced Threat Security add-on, with at least one of its components (HyperDetect or Sandbox Analyzer) active.
Public API:
APIs keys are now visible only at the time of creation. Make sure you save all API keys in a safe location and do not share it with anyone.
The productOutdated field has been moved under the Details member for getNetworkInventoryItems API responses
Quarantine:
The Company filter now has two new entries: All directly managed and All recursively. You can use them to view quarantined files from all the companies you directly manage or from all companies to which you have access.
The Clear button was renamed to Reset filters and you can use it to readjust filters to their default values.
Exchange Protection:
The Send a Copy To secondary action is now available for the Replace file with text, Delete file, and Reject/Delete email actions. The settings can be found in the Policies > Exchange protection > Content Control page, under the Attachment filtering section.
GravityZone platform:
Security for Amazon Web Servicesnow supports the following optional regions that can be disabled or enabled from AWS: Cape Town, Hong Kong, Hyderabad, Jakarta, Osaka, Spain, Zurich, United Arab Emirates, Milan.
New event types are now available in Configuration > Raw Events grid. Before enabling them, make sure you first check the Requirements column.
Resolved issues:
Integrity Monitoring:
Fixed an issue that prevented the directory path validation from working when users added a custom rule.
Fixed an issue that caused Integrity Monitoring to generate empty reports.
Network inventory:
Folders indicated issues (red exclamation mark) when endpoints inside them had the Encryption module disabled.
Integrations:
Fixed an issue causing the GravityZone integration with Microsoft Azure Sentinel to fail.
eXtended Detection and Response:
A partner is now able to delete a pre-existing Network sensor integration for a customer even if the customer has the EDR feature disabled.
GravityZone platform:
The GravityZone console displayed a few incorrect translations on French and German interfaces.

New in Bitdefender GravityZone Business Security January 2023 (Version 6.36.0-1) (Jan 17, 2023)

New in Bitdefender GravityZone Business Security November 2022 (Version 6.34.0-1) (Nov 10, 2022)

Early Access:
XDR Live Search:
The Company filter is now available for Live Search. As an MSP, you can use it to perform a query on endpoints from a specific company.
Unified Incidents:
This feature correlates host-based EDR incidents with broader attacks detected by XDR, bringing both types of incidents in one place: the Incidents grid.
Correlated incidents are displayed in their own column in the grid, in line with the parent incident. They are not listed as separate entries in the grid.
A new notification type is now available, Correlated incident, informing you when an incident assigned to you is correlated with another incident.
New columns are now available:
Actions taken: shows you whether an attack was blocked by other prevention technologies.
Resources and Entities : replace the former Organization impact. For more information, click an entity or a resource to open their specific side panel.
Filters enhancements include multiple select for the Companies option and a new filter for Correlated incidents.
Views offers you the option to save your current filter and column settings for later use. You can also name, rename, delete or add your views to the Favorites category. The default views are All incidents and Assigned to you.
The Incident - Suspicious activity status and Incident - Suspicious activity portlets in Monitoring > Dashboard now reflect both EDR and XDR incidents. The dashboards count the parent incidents. Correlated incidents are not represented in the charts. Severity scores are grouped by: High (75 - 100), Medium (40 - 74) and Low (10 - 39).
New features:
Integrity Monitoring:
Integrity Monitoring reviews and validates changes made on Windows and Linux endpoints to assess the integrity of multiple entities.
Integrity Monitoring operates based on default rules, provided by Bitdefender, and custom rules. These rules are available in the Policies > Integrity Monitoring Rules page of Control Center.
Based on these rules, Integrity Monitoring takes action when events are generated for files, folders, registry entries, users, and services. These events are displayed on the Reports >Integrity Monitoring Events page of Control Center.
You can also create a portlet, as well as two types of reports based on Integrity Monitoring events:
Integrity Monitoring activity, which displays events from the events page.
Integrity Monitoring configuration changes, which displays Bitdefender Trusted as well as Unapproved events.
Integrity Monitoring also comes with restrictors, to cover human errors. They are a layer of protection with the sole purpose of reducing alert fatigue.
Integrity Monitoring is available for all standard products, except for GravityZone EDR and Bitdefender FRAT. It is delivered as an add-on for products with a license key, and as a licensing option for monthly subscriptions.
By default, it stores the detected events for 7 days. In addition, it comes with a data retention add-on to store the events. You have three options from which can choose: 30 days, 90 days and 1 year of data retention.
GravityZone platform:
Raw Events is a new feature that helps you filter which Windows or macOS events GravityZone processes. This feature becomes available in the Configuration tab if you have the following:
GravityZone Business Security Enterprise or Bitdefender EDR Cloud license
One of the storage add-on licenses: GravityZone EDR 90 days Data Retention Add-on, GravityZone EDR 180 days Data Retention Add-on, or GravityZone EDR 365 days Data Retention Add-on.
EDR or XDR module enabled
You can only send raw events to one feature at a time: either to a SIEM, to Advanced search, or to MDR.
Endpoint tags:
You can now assign security policies to endpoints based on tags, in addition to the existing location and user rules. With this release, you can create, edit, delete, and assign tags manually or automatically. As a partner, you can manage endpoint tags only for your own company.
We updated several areas in GravityZone Control Center to accommodate this feature:
Endpoint tags are configurable in the new Network > Tags Management page.
Tag rules are configurable under the new category Endpoint Tag Rule in the Policies > Assignment Rules page.
The Network page includes a new button to assign and unassign tags to endpoints, and a new column that allows tag filtering.
The Accounts > User Activity page records actions such as create, edit, delete, assign and unassign tags.
Email Security:
Sandbox for Email Security:
The feature adds a powerful layer of protection to your user's email accounts, sending attachments in email messages to be analyzed in depth and awaiting results before delivering the message.
Sandbox serves as a safe virtual environment for testing potentially malicious files. A real environment is simulated where threats are triggered and payloads are detonated, in order to analyze their behavior and identify malicious intent.
The technology provides:
Advanced threat protection and zero-day exploit detection.
Machine learning algorithms, behavior analysis, anti-evasion techniques and memory snapshot comparison to detect threats.
The capacity to uncover malicious files, including threats designed for undetectable targeted attacks.
Support for a broad range of file types.
Dynamic analysis to detect and defeat advanced malware.
Improvements:
GravityZone platform:
Emails sent to new GravityZone users now contain one-time links instead of temporary passwords. Users can use the links to create a new password and log in.
The Incident status portlet in Monitoring > Executive Summary now groups incidents based on whether the attacks were blocked by prevention technologies or not. The new values for this portlet are: Blocked attacks and Requires investigation.
You can now view in the endpoint details in Network when the Patch Management and Full Disk Encryption modules are expired and why.
GravityZone now generates and sends email notifications when the license limit for Patch Management or Full Disk Encryption is about to be reached, has been reached or exceeded.
You can now install the Microsoft Hyper-V Security Server for second generation VM hardware.
You now have visibility over tasks created by other users in the same company. You cannot take actions on them, but you can sort and filter them by user name in the new Owner column in the Tasks grid.
Actions taken on your tasks, such as create, edit and delete, are now visible in the Accounts > User Activity page.
The default period for trusted browsers with two-factor authentication (2FA) has been set to 7 days.
XDR:
A new response action is now available in the Incidents Graph and Response tabs: Deactivate AWS account. This action creates and applies a policy that deactivates the AWS user account and deletes the associated access keys.
The Sensors Management feature now provides integration with Google Workspace. The new sensor collects and pre-processes activity and usage data related to Google Workspace accounts and services.
Prerequisites for the Active Directory sensor have changed. With the exception of Global Object Access Auditing policies, all group policies in Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies must be set to audit all login events.
The default retention period for alerts has changed to 90 days. Extend retention periods for alerts, incidents or raw events by enabling a different storage add-on: GravityZone EDR 180 days Data Retention Add-on or GravityZone EDR 365 days Data Retention Add-on.
Threats Xplorer:
The Detection details panel now includes the web address involved in the attack for each event that is based on the Network Attack Defense technology.
Improved the exclusions mechanism for LSASS Protection events. Now when you add an exclusion from the Detection details panel, the necessary details are automatically configured in the Configuration Profiles page.
Public API:
API support is now available for the new Integrity Monitoring feature. The following methods have been updated: getManagedEndpointDetails, getNetworkInventoryItems, createReconfigureClientTask, createPackage, createCompany, setMonthlySubscription, getLicenseInfo, getMonthlyUsage, getMonthlyUsagePerProductType, createReport, getReportsList.
Resolved issues:
Licensing:
The Patch Management and Full Disk Encryption modules will now be disabled when applied to endpoints after the seat limit on the corresponding license keys has been reached.
Threats Xplorer:
The Detection details panel displayed the policy directly assigned to endpoints instead of the active policy at the moment of the detection applied through assignment rules.
GravityZone platform:
The Policy tab in the endpoint details no longer displays the status "Cannot determine". The message appeared due to an issue with the cleanup rules that was fixed.
Fixed issue causing Antiphishing reports to display incorrect data for the current month. This issue occurred when the reporting interval was set for the last 2 or 3 months.
Security fixes.
Known issues:
Integrity Monitoring:
Integrity Monitoring events are not generated for monitored entities that are modified by processes excluded from Advanced Threat Control scanning.
Integrity Monitoring events are not generated for files that have been modified through Server Message Block (SMB).

New in Bitdefender GravityZone Business Security October 2022 (Version 6.32.0-2) (Oct 3, 2022)

New in Bitdefender GravityZone Business Security September 2022 (Version 6.31.0-2) (Sep 20, 2022)

Early Access programs:
XDR:
Early Access enrollment is now available for Live Search. With this feature you can directly search for events and system information from the online endpoints in your network, using OSquery, an SQL-compatible query system.
New features:
Early Access:
Early Access allows you to try out specific products, features or functionalities that are still in development, by enrolling in beta programs.
Remote troubleshooting:
Remote troubleshooting is now available for GravityZone Security for Containers.
Improvements:
GravityZone platform:
You can now export the data displayed in the My companies page as a CSV file.
A new filter is available for the Product Status column in the My companies page: you can select between companies with active, expired, trial or no licenses.
Licensing information is now available for the Full Disk Encryption, Integrity Monitoring and Patch Management add-ons in the My Company page.
The primary update location for endpoints and relays is now https://update-cloud.2d585.cdn.bitdefender.net. The previous location will still be used as a fallback. You can view the changes in the General and Relay sections of the policy under the Update tab.
XDR:
Auto-complete functionality is now available when adding tags in Incidents > Custom Rules.
The Sensors Management feature now provides integration with Azure Cloud. The new Azure Cloud sensor can collect and pre-process cloud activity data.
A new filter is available for the Status column in the Configuration > Sensor management page.
Integrations with Azure AD can now provide Risky user information in Incidents > Graph. Enable this functionality by setting up the Azure AD sensor with the IdentityRiskyUser.Read.All permission.
Integrations with O365 now allow you to delete a suspicious email directly from Incidents > Graph.
Policies:
As GravityZone administrator, you can take ownership over policies created by users that have been deleted. The new Take Ownership is now available in the Policies page, and the Created by column has been renamed Owner.
For user assignment rules, you can select organizational units (OUs) in Active Directory inventories as targets.
Quarantine:
You can now filter and view quarantined items regardless of the time interval. Using the Quarantined on filter you can customize any interval that suits your needs.
Reports:
The Network Protection Status report now indicates when the Full Disk Encryption and Patch Management modules are expired.
Resolved issues:
API:
getNetworkInventoryItems no longer returns an internal server error when users with no rights granted over their own company use the method for child companies.
Known issues:
GravityZone platform:
When viewing the expiration date for the Full Disk Encryption, Integrity Monitoring and Patch Management add-ons, the company's main license expiration date is shown instead.

New in Bitdefender GravityZone Business Security July 2022 (Version 6.27.2-1) (Jul 26, 2022)

New in Bitdefender GravityZone Business Security July 2022 (Version 6.26.2-2) (Jul 1, 2022)

New features:
Integrations:
You can now integrate GravityZone data into Microsoft Azure Sentinel, allowing automatic transfer of GravityZone events to the Microsoft platform.
Improvements:
XDR:
Added a new response action to the Incidents Graph and Response tabs: Mark user as compromised. This action marks the user as compromised in Azure AD Identity Protection security tool. The Azure AD and Office 365 sensor requirements have been updated to reflect the type of permissions required for this response action.
As a Partner, you can now view and deploy sensors for all managed companies under your account.
As an MSP, you can collect investigation packages on endpoints from any company under your management.
User activity records are now available for actions taken in the Sensors Management page.
Threats Xplorer:
Threats Xplorer now provides you with enriched information about each security event and possible actions that you can take, all in a single view. The new Detection details panel is available when selecting any event from the grid and includes the following:
Details about the threat such as threat type and name, the action taken, the detecting module, and others.
Details about the detected object including the category and object-specific information like process ID, file path, URL, email subject, and others.
Endpoint details such as endpoint name, type and risk score, the assigned policy, any existing vulnerabilities or misconfigurations, and others.
Several investigation and remediation actions like scanning or isolating the endpoint, adding exclusions for files and processes or add detected objects to the Blocklist.
The option to view all the security events on a specific endpoint within the last 24 hours.
A link to a specific endpoint within the Network Inventory.
Licensing:
MDR Foundations is now available as an add-on to the Bitdefender Managed Detection and Response service.
XDR is now available as an add-on. Additional licenses need to be enabled for each type of sensor platform. When reselling XDR, all types of sensor platforms will automatically be enabled for client companies.
License trials now offer a maximum of 50 seats.
New trial keys are now generated with 12 characters.
Company Administrators can now enable or disable XDR sensor categories when the XDR add-on is enabled.
Monthly Trial licenses now include XDR and all sensor categories.
Exclusions:
Editing exclusions and list assignments now reflects in more detail in the User Activity section, with separate entries for the affected exclusions, lists, and policies.
In Policies > Configuration Profiles, you can assign multiple exclusions to multiple lists by using the new Assign to lists option.
Minor name changes to various buttons and options for more consistency.
GravityZone authentication:
The options and messages related to two-factor authentication (2FA) are now referring to “trusting the browser” rather than “remembering the device”, as the settings actually apply per browser. This addresses the scenario where a user might use a computer with multiple browsers to log in to GravityZone Control Center.
Some buttons and options related to 2FA have been redesigned, alongside other minor visual changes.
A new message informs you when you cannot log in to GravityZone Control Center because of an ongoing update.
Sandbox Analyzer:
As a partner, you now can see submissions from other companies in the Sandbox Analyzer section of the Control Center main menu. Use the search box or the new drop-down list on the page to switch from the default view of your company's submissions to those from all direct companies or from a specific company.
In the Sandbox Analyzer > Manual Submission section, you can select from the drop-down list a company on whose behalf to submit samples.
Starting with this release, you can retrieve detailed Sandbox Analyzer HTML reports via API. The Sandbox Analyzer Results report, which contains only a summary, is no longer deprecated.
Quarantine:
The Quarantine page has a new modern design and includes the following changes:
The views selector was redesigned into two new subsections that are available in the GravityZone menu under Quarantine.
Filters and columns allow more control and customization. You can show or hide filters, add or remove columns and use a compact view.
The company selector is available in a new format as a customizable column and filter for partner companies.
Added new time intervals for the quarantined items.
Renamed a few elements on the page.
Companies:
Multiple graphical elements have been modified to offer a better user experience:
For companies that use multiple products, only the total number of products is displayed. You can use the arrow button on the left side of the screen to display all used products.
Multiple buttons have been redesigned, moved, or included under the More actions menu.
Improved the page navigation.
Added the Settings menu, which allows you to customize the information displayed for each company. The menu also provides additional features, including Reset view, Compact View and a search box to find specific columns.
Several improvements have been made to the list of companies:
Added additional filters.
A new Show or hide filters button is available in the upper right side of the page.
You can customize the filters displayed on your screen by using the More menu or by removing individual filters using the Remove button.
A Clear button, allowing you to revert all filter settings to default.
Added several columns, providing access to additional company, product, and usage information.
Renamed License usage to Usage Breakdown and License validity to Expiry date for improved clarity.
The information under Company ID has been moved to a new field called Company hash. Replacing it, will be the company's database ID, which mainly used for API requests.
Companies now have two identifiers in Control Center:
Company ID, the company identifier in GravityZone Database. Use this ID when making API requests.
Company hash, previously shown in Control Center as Company ID. Use the hash when changing the Bitdefender partner via Control Center.
Network:
Added two new tasks in the Network > Tasks section: Isolate and Remove from isolation.
API:
You can now use the Reports API to download Sandbox Analyzer HTML reports.
Several methods under the Companies, Licensing and Network API have been updated to support the addition of the XDR add-on.
Localization:
From now on GravityZone Control Center is available in Japanese.
Resolved issues:
GravityZone platform:
Companies are now suspended when reaching subscription end date.
API:
The 201 response status code is no longer handled as an error for the Event Push Service.
Reports:
In some situations, the Security Audit report did not include Advanced Anti-Exploit events.
Risk Management:
The Devices grid in Security Risks used to count all misconfigurations, regardless of whether they had been marked as Ignore risks.

New in Bitdefender GravityZone Business Security June 2022 (Version 6.26.2-1) (May 31, 2022)

New features:
EDR:
EDR alerts in the Incidents > Search section now display additional information in the JSON tab of the Details panel. The key-value pairs in this tab cannot be used for building queries. However, you can copy the entire data to clipboard for ease of access in your investigations.
Licensing:
Early Access Program licenses have been reworked:
You can now add the license on top of any other standalone license that includes EDR.
The license no longer has usage limitations.
Note:
Previously generated Early Access Program licenses will be invalidated. Companies currently in the program will need to acquire a new license key.
Improvements:
XDR:
Only the first two types of attacks are now visible in the Summary section of the incident Overview tab. You may expand the list to view all types of attacks.
The Resources section inside the incident Graph has been redesigned:
The resources under the transition panel are now displayed as a list under each associated alert. The list displays groups of resources, organized by type, and includes the number of items for each type. The full resource details can be accessed from each alert panel.
The list of resources within the alert's details panel is now collapsible, making the details easier to observe.
All details gathered from an email are now grouped under a single resource. Along with the information aggregated from the previously existing resources (subject, URLs, and attachments) additional information will be made available:
Resource type: Email
Email Subject
Email ID
Received on
Sender
Receiver (to / cc / bcc lists)
Attachments
URLs
Remote Shell is now available for Bitdefender XDR. You can find it in the incident Graph tab, in the details panel of endpoints or server nodes.
Network Sensor details are now available in Configuration > Sensors Management.
EDR:
The EDR incident page has been redesigned:
A floating bar is now displayed above the Critical path of the incident and contains two functionalities: Search entities and Incident trigger.
The elements of the Incident status bar have been rearranged and the endpoint name is no longer displayed.
Exclusions:
You can now add exclusions to Configuration Profiles right from the Blocked Applications report. Use the new Back option at the top-left corner in Configuration Profiles to return to the report if needed.
In Configuration Profiles, the menu option Assign to list has been modified to Edit list assignment. The name of the corresponding configuration page also reflects this change.
The Exclusions grid area in Configuration Profiles includes a new sortable column named Added on, which by default lists the exclusions in reverse chronological order. Only exclusions added after this GravityZone update will display date and time.
Exclusions in Configuration Profiles and in the policy now support the %SystemDrive% variable.
You can now use the asterisk (*) as wildcard for searching exclusions in the Configuration Profiles section.
To accommodate Linux requirements, exclusions now support up to 4096 characters when defining paths in Configuration Profiles and in the policy. To apply this on Windows systems, make sure MAX_PATH is set to support this value on the target machines.
Maintenance Windows:
New messages warn you when deleting maintenance windows assigned to policies, and when you remove the last maintenance window from a policy.
You can now sort maintenance windows by name, status, modification time, users who last edited the window, permissions, and policies.
The grid area in Configuration Profiles now displays the list of maintenance windows on multiple pages instead of a page with infinite scrolling.
Minor text changes to the Patch Management section in the policy and in Configuration Profiles.
Policies:
You can now scroll through sections inherited from another policy.
Resolved issues:
Device Control:
Creating a Device Control exclusion rule with multiple devices IDs, separated by commas or space, now correctly saves all information.
GravityZone platform:
Security fixes.

New in Bitdefender GravityZone Business Security May 2022 (Version 6.26.1-2 EFX) (May 31, 2022)

New in Bitdefender GravityZone Business Security May 2022 (Version 6.26.1-2) (May 31, 2022)

New in Bitdefender GravityZone Business Security May 2022 (Version 6.26.1-1) (May 31, 2022)

New in Bitdefender GravityZone Business Security April 2022 (Version 6.24.0-1) (Apr 5, 2022)

Improvements:
GravityZone platform:
Two-factor authentication (2FA) becomes mandatory for all GravityZone Cloud accounts on April 12, 2022. From now on, when logging into Control Center, you need to enter a six-digit code from an authenticator app in addition to your GravityZone credentials.
If you do not use 2FA yet, you will be prompted to set it up in a configuration page. You can skip the configuration page up to 5 times.
Bitdefender supports any TOTP authenticator compatible with the standard RFC6238, installed on devices such as smartphones and computers. Learn how to configure an authenticator on your smartphone or computer.
This update comes with the following new options:
Remember this device, on the Control Center login screen. Select this option to trust the device used for accessing Control Center and to skip entering the six-digit code. Different browsers on the same computer means different devices.
Allow users to remember their device, in the Authentication tab of the company settings. As an administrator, use this option to configure the time interval for skipping 2FA.
Forget all remembered devices and Forget current remembered device, in the account settings, to reset those devices that skip 2FA when signing into GravityZone.
Two-factor authentication cannot be disabled. In case you forget your credentials or lose your authentication device, ask your administrator to reset 2FA from your account settings.
Public API:
Enforcing two-factor authentication brings the following changes to the public API:
The API calls that had the parameter enforce2FA set to false are now automatically set to true for createCompany and updateCompanyDetails methods. This change does not return an error message.
The new optional parameter skip2FAPeriod is available for createCompany and updateCompanyDetails methods. This parameter allows you to configure the time interval in days for skipping two-factor authentication by specifying one the values: 0, 1, 3, 7 14, 30, 90. 0 (zero) means this option is disabled and the user must enter the six-digit code when logging into GravityZone.

New in Bitdefender GravityZone Business Security April 2022 (Version 6.23.0-1) (Mar 29, 2022)

New features:
XDR in general availability:
Extended Detection and Response (XDR) consolidates security-relevant endpoint detections with telemetry from non-endpoint sources such as network visibility, email security, identity and access management, or cloud security. XDR focuses on optimizing threat detection, investigation, and real-time threat hunting.
XDR provides advanced investigation tools such as:
The Overview tab - Here you can evaluate the impact of an incident on your organization, and quickly act to contain threats.
The Graph tab - Here you can analyze in detail the Initial access, Exit points, as well as the interactions between the multiple elements of your environment, and affected resources.
Every graph element provides relevant information in their details panel, as well as specific mitigation actions. The Graph displays data correlated from endpoint, network, productivity, identity, and cloud sensors.
The Alerts tab - Here you can see in detail all the security events that make an extended incident, and search for specific events by multiple criteria.
The Response tab - Here you can view and take recommended actions to mitigate threats to your organization, and analyze actions already executed from within the incident graph.
XDR also includes new powerful investigation features such as:
An advanced Search feature you can use to analyze any element or company resource involved in an incident. It provides:
Improved data visualization.
Automatic suggestions for field names, values and operators when typing queries.
Ability to save and name search queries: they will be displayed in the Smart views panel. You can also edit or delete them.
Ability to view more details about an event using the Details panel.
An interactive full Remote Shell feature you can use to connect remotely to any endpoint in your environment, and take immediate action to minimize threats or perform advanced forensics.
An Investigation Package feature you can use to collect data from any endpoint involved in an incident. You can download and analyze data such as BEST product logs, system info, registry files, Windows, macOS and Linux event logs.
To bring all these together, XDR uses advanced correlation engines to process data from multiple sources, such as:
The Incidents sensor
The Network sensor
Productivity sensors:
The O365 Mail and Audit sensors
Identity sensors:
The Active Directory sensor
The Azure AD sensor
Cloud sensors:
The AWS sensor
Threats Xplorer:
Bitdefender introduces Smart Views, a brand-new GravityZone feature focused on optimizing user experience by adding a new level of personalization in Threats Xplorer. You can now create your own customized views or use predefined ones and quickly switch between them as needed. In a single view, you can customize filters, different time intervals, add or remove columns and scale their size.
Improvements:
GravityZone platform:
Bitdefender has launched a new product portfolio. We have changed several product names to offer a better representation of our current vision. Learn more.
The Edit Company page has been redesigned to match the Add Company and My Company pages, providing an improved overall company management experience.
The package configuration page includes new privacy options in the Miscellaneous section.
The list of supported internet browsers has updated. Learn more.
Threats Xplorer:
The company selector is available in a new format as a customizable column and filter for partner companies. Furthermore, the improved filter now helps partners analyze detection events from multiple companies all at once.
Added a new type of detection event for dynamic malware. This uses Fileless Attack Protection and Windows Antimalware Scan Interface (AMSI) technologies integration to detect various fileless threats.
Network Protection:
The Content Control module is now available for Windows servers and Citrix virtual apps and desktops. For existing clients, the module is available through the Reconfigure Client task, while new clients need the installation packages configured accordingly. Learn more. Content Control on Windows servers requires Bitdefender Endpoint Security Tools version 7.5.1.171 or later.
The Network Attack Defense module is available on macOS systems. The next version of Endpoint Security for Mac will ensure compatibility between the endpoints and GravityZone.
On Windows servers, the Network Attack Defense module extends its capabilities on Windows servers beyond RDP connections and it scans web traffic as well when used with the new Content Control capability.
Antimalware:
You can now scan the memory of a process using the new Process Memory option available in the > Settings section of the policy.
Fileless Attack Protection:
The new integration with Windows Antimalware Scan Interface (AMSI) technology provides an additional level of protection against dynamic malware such as script-based attacks.
The Command Line Scanner option allows you to detect fileless attacks at pre-execution stage.
The Antimalware Scan Interface (AMSI) option allows you to scan content (scripts, files, URLs etc.) sent by other services that require a security vendor to analyze it before accessing, running, or writing it to the disk.
Configuration Profiles:
Bitdefender introduces a series of improvements to the Exclusions section:
The ability to import and export exclusion lists in the CSV format.
The ability to edit exclusions inline and delete or export them in bulk. You can also export selected exclusions.
The ability to sort exclusions and a new pagination system for easier navigation.
A new option in the Blocked Applications report to add exclusions to lists.
Improved performance when using filters.
In the Patch Management section, you can now add multiple custom hostnames or IP addresses for Patch Caching Servers, separated by semicolon (;).
Licensing:
The License Usage Limit Has Been Reached or Exceeded and License Limit Is About To Be Reached notifications now apply to Email Security mailboxes as well.
Security Audit:
The report now includes an enhanced graphical evolution of all security events that occurred on the selected target. You can view each available module as a single line in the graph and all modules in the graph legend.
The exported report in PDF format now includes a new graph that details the evolution of the Antimalware security events.
Added a new event type for AMSI detections.
Network:
The Endpoint details page displays more explicit messages when users have not approved Full Disk Access and Network extension for Endpoint Security for Mac components.
Public API:
A new connector is available for sending events from GravityZone to SIEMs lacking HTTPS listeners. You can use the new DEB package to deploy the connector as a service. This provides easier installation, maintenance, and upgrades. Learn more
Localization:
From now on GravityZone Control Center is available in Vietnamese.
Sandbox Analyzer:
Security improvements to the submission mechanism.

New in Bitdefender GravityZone Business Security March 2022 (Version 6.22.0-1) (Feb 24, 2022)

Improvements:
XEDR:
Important:
Join the Bitdefender Early Access Program for the opportunity to access the XEDR improvements, ahead of everyone else. Share your feedback with us and we'll make it a priority and tailor the product to your needs. Contact Customer Support to get the key to these locked features.
The Sensors Management feature now provides integration with AWS. You can configure the new AWS sensor to collect and process configuration changes and actions taken by users, roles, or AWS services.
Extended Incidents now display in graph the users involved in the interaction between two incident entities as an independent identity node, highlighted with a dotted link. The dotted transition also displays the direction, to make it easy to see if the user affects or is affected by the other elements it interacts with.
The Graph offers support for forensic artifacts collected by the AWS sensor from your company's AWS service.
When the same alert is spawned in multiple Graph interactions, this information is now shown in its details panel, to make it easier for you to investigate.
Licensing:
The License Expires notification comes with the following changes:
Recurrence: The notification will now be sent 90, 30, 7, and 1 day before expiration, each time containing specific content.
Content: Details include company information, product name, the expired license keys and useful URLs.
Configuration Profiles:
On the Exclusions page, you can edit individual rules, and add and remove columns from the grid.
Patch Management:
The Patch Management module for Linux now installs only on supported distributions.
The Patch Inventory page displays the OS type column dynamically depending on the available endpoint types (Windows or Linux).
Assignment Rules:
For location-based rules, the maximum number of IP addresses you can add in the DNS server address category has been increased to 30. The character limit in the corresponding field has been extended to 480.
Public API:
The Push API now provides additional information:
Modules events now inform you if the Network Attack Defense module is disabled or enabled on your endpoints.
Network-sandboxing events now include the computer identifier and the IDs of your Sandbox Analyzer submissions.
Resolved issues:
Sandbox Analyzer:
GravityZone Control Center allowed viewing content on local hosts via Sandbox Analyzer reports when using manual submission.

New in Bitdefender GravityZone Business Security February 2022 (Version 6.21.1-1) (Feb 5, 2022)

New in Bitdefender GravityZone Business Security January 2022 (Version 6.20.1-2) (Jan 27, 2022)

New in Bitdefender GravityZone Business Security January 2022 (Version 6.20.1-1) (Jan 15, 2022)

New in Bitdefender GravityZone Business Security December 2021 (Version 6.19.1-1) (Dec 8, 2021)

Improvements:
Search:
We redesigned the Search feature, and now it provides:
Enriched data, including raw events to help with investigation efforts
An extended number of suggested fields for creating queries. A list of fields with predefined values is available here.
Customizable results grid with show/hide columns functionality
New predetermined options for the Date field: Last 24 hours, Last 7 days, Last 30 days, and Custom.
Investigation Package:
The new Investigation Package functionality enables the collection of forensic data from your environment without requiring a direct interaction with the endpoint involved in an incident.
This feature is designed to improve your SOC team's overall effectiveness by eliminating the time-consuming and labor-intensive task of manually collecting extra incident information from endpoints, allowing your team to mitigate and contain threats faster.
You can gather forensic data by using the Collect Investigation Package action from the Details Panel of any endpoint involved in an incident.
All investigation files are available for download in the Investigation tab of the endpoint's full details page.
Sensors Management:
The new Sensors Management dashboard allows you to integrate sensors from all the major cloud service platforms, which enable to gather and correlate data into highly-accurate extended incidents.
Currently in its early stages of development and production, this new feature provides integration with the Microsoft Office 365 platform, which will soon be followed by other integrations.
The feature provides integration with the Microsoft Office 365 platform through the Mail and Audit sensors, which boost the detection capabilities by providing metadata about email traffic and content, as well as user and admin operations retrieved from the Microsoft 365 unified audit log.
All sensors be configured and managed as separate sensor integration instances or together as part of the same instance setup.
The Sensors Management dashboard is available as a new tab in the Configuration page.
Extended incidents
The Graph went through a visual update designed to improve the investigation process. It now always indicates the origin of the incident in the Initial Access area, and all exfiltration and command & control activities in the Exit Points area.
The Graph also provides visual representation for new forensic artifacts collected and correlated from Microsoft Office 365 sensors, namely nodes for O365 users and O365 Mail and Audit sensor integration instances.
The new Overview tab displays the most impactful events of an extended incident, condensed in three major areas:
Summary - A synopsis of the entire incident, including data on initial access, tactics and techniques used by attackers, and affected organization assets
ATT&CK Tactics and Techniques - All the identified MITRE ATT&CK tactics and techniques used in the incident
Highlights - The critical alerts from the most impactful steps in the incident kill chain
Patch Management:
Maintenance Windows:
Introduces Maintenance Windows in Configuration Profiles, a new and powerful way to configure Patch Management settings outside policies. The Maintenance Windows feature provides you with higher control over patch scanning and patch installation than before, with expanded scheduling options.
In the policy, the old Patch Management module is replaced with a simple interface that allows you to assign the maintenance window you want. You can assign the same maintenance window, created by you or other users, to multiple policies. As a partner, you can create and modify maintenance windows for managed companies.
Upon this release, all Patch Management settings from existing policies will automatically be moved into maintenance windows, and then assigned to each policy accordingly. So, no worries there, your previous hard work is in safe hands.
The Maintenance Windows feature requires a valid license with Patch Management.
Linux support:
GravityZone extends support for patch scanning and installation to Linux endpoints. For a unified experience, you can use the same maintenance windows and the same policies as for Windows.
Supported Linux distributions for this feature:
CentOS
Red Hat Enterprise Linux (RHEL)
SUSE Linux Enterprise (SLE)
Threats Xplorer:
The export functionality is now available in Threats Xplorer. You can use this new option to access and manage the centralized data outside , according to your needs. The security events are exported in the widely available CSV format, making it easier to import in other software programs tailored for your business.
Reports:
Antiphishing Activity report
The Antiphishing Activity report is now capable of organizing Antiphishing detections and affected endpoints based on different criteria. The new features focus on underlining possible security issues in your network while helping you achieve an effortless analysis.
The report now includes:
Top 10 domains blocked on endpoints, which details the most frequently detected domains.
Top 10 affected endpoints, which informs you about the endpoints that have the most Antiphishing detections.
Affected endpoints, which presents the total number of endpoints with at least one detection.
Total detections, which provides the total number of phishing detections on all endpoints.
Security Audit report:
The new improvements simplify the analysis of Antimalware detections in the Security Audit report. The report now classifies the Antimalware detections and affected endpoints based on different criteria as follows:
Top 10 malware by number of endpoints, which details the most frequent Antimalware detections.
Top 10 endpoints by number of Antimalware detections, which informs you about the endpoints that have the most Antimalware detections.
Endpoints, which presents the total number of endpoints with at least one Antimalware detection.
Detections, which provides the total number of Antimalware detections on all endpoints.
Licensing:
Now supports multiple standard products. Products added to the same company must be compatible.
The My Company page has been reworked and restructured. The page now provides an improved overall company management experience.
Notifications regarding reaching or exceeding a license limit or a license expiring have been modified. Changes include:
Notification recurrence
Customized information for companies with multiple licenses
Resolved issues:
EDR:
Fixed an error that in some particular cases was preventing incidents from being generated.
Firewall:
Firewall rules are now being imported from if the protocol is set to ICMP.
Configuration Profiles:
Exclusions imported from larger CSV files no longer go under All exclusions, but in your newly-created list.
Exclusion lists created by the current user are now displayed only in the My lists section. They will no longer be added to the Default exclusion lists.

New in Bitdefender GravityZone Business Security 6.25.1-2 On-premise (Jul 6, 2021)

Improvements:
GravityZone platform:
From now on you can view the usernames of all the active users logged-on an endpoint. The new option is available on all operating systems and offers support for multiple users logged on an endpoint.
The newly-introduced users data will become accessible under multiple GravityZone pages:
Network - where a new searchable column for logged-on users will be displayed in the Network Inventory and a new tab for logged-on users will be added in the Endpoint Details page.
Reports - where a new default and searchable column will be displayed in the Network Protection Status report.
Policies - where a new option allows you to control whether endpoints send data regarding user logon sessions such as: username, logon time or logon method.
This will serve you in multiple ways:
As an admin, you can use the usernames in the network and/or reports to be able to reach out to the user in case their input is needed.
As a Security Analyst, you can correlate the information about the username with other events from GravityZone or third-party systems.
Renamed a few elements from the Network section: the column Machine type is now Endpoint type.
The cleanup rules for offline machines are now more flexible:
Name patterns can contain the question mark (?) as wildcard.
Name patterns can have any length and no longer require a letter at the beginning. For example, you can use only the asterisk (*) to match any machine name.
You can select targets that are offline for less than 24 hours or more than 90 days. The cleanup rules will run hourly for machines offline less than a day, and daily for the other ones.
The target selection now covers Active Directory inventory as well.
Report Builder:
GravityZone Elite and GravityZone Ultra customers can now use Report Builder. Available under Reports > Queries, this feature allows you to create detailed query-based reports, with a higher level of customization than the predefined ones. See GravityZone documentation for details regarding Report Builder requirements, installation and operation.
HyperDetect:
The HyperDetect Activity report now includes the exact name of the detected threat and the file hash.
Deployment:
The Network > Packages section now includes macOS downloader, which will make it easier for you to install the security agent on different Mac architectures, whether they are Intel x86 or M1. The new downloader automatically detects the processor type and downloads and installs the right kit for that specific architecture.
VMware Integration:
Enhanced vCenter authentication by allowing you to configure the retry limit interval and the maximum number of retries before your account gets locked out due to invalid credentials.
Localization:
From now on GravityZone is also available in Turkish.
Product documentation:
A unified self-service support experience with the new online help center. All GravityZone help content that was included in PDF guides, knowledge base articles and release notes, is now under one roof, in a more digestible format. Currently it is available only in English, localizations will follow soon.
Public API:
The Endpoint Malware Status report details can now be exported to PDF from CSV.

New in Bitdefender GravityZone Business Security 6.24.1-1 On-premise (May 25, 2021)

New in Bitdefender GravityZone Business Security 6.23.1-1 On-premise (Apr 20, 2021)

GravityZone platform:
Control Center leaves the old blue theme behind and comes with a couple of readability and usability improvements such as:
Replaced the scroll bar from the main menu with the More button to reveal additional items.
Increased the font size for lower screen resolutions.
Removed the top blue bar to make room for actual data.
Increased the contrast to the top banner for alerts.
The Update Security Server task has two options now, for each type of update you can run, when available:
Feature update, for installing the Bitdefender new features, improvements and fixes, and security fixes
OS update, for upgrading the operating system of the Security Server VA.
Note:
Run the task with this option to bring the OS of the Security Server to Ubuntu 20.04 LTS, the only supported version until new upgrade.
The grid in the Network page now includes new columns and several improvements, designed to help you better identify and find endpoints in the inventory:
Name. It can now display the MAC address appended to the hostname, to uniquely identify endpoints that may have the same hostname or IP address.
You need to enable this option in the Configuration > Network Settings > Network Inventory Settings page.
Machine type. It shows whether the endpoint is a server or a workstation.
OS type. It displays the type of operating system installed on the endpoint.
OS version. It shows the version of the operating system installed on the endpoint.
Last seen. It now allows you to filter endpoints that were online in the last 24h, 7 days or 30 days.
When creating an installation package in the Packages page, you have now the option to choose the operation mode of the security agent:
Detection and prevention, which allows you to choose the modules to include in the package, and to enable their full capabilities.
EDR (Report only), which creates an EDR package with a predefined list of modules, their functionality being limited to report-only actions. The package includes the following modules:
Advanced Threat Control (ATC)
EDR Sensor
Network Protection (Content Control, Network Attack Defense)
Note:
Available only with GravityZone Ultra, GravityZone Ultra Plus, and Cloud Security for MSP.
Security Telemetry:
New options for configuring Security Telemetry:
Bypass validation of the SSL certificate on HTTP collector, in case your HTTP collector uses a self-signed SSL certificate.
Granular event type selection, if you are interested in sending to the SIEM only certain types of events.
ERA:
The App Vulnerabilities details panel now allows you to view the devices impacted by a vulnerable application discovered in your environment.
When you select a vulnerable application and click the View Devices button it will take you to the Devices section and display a list of all impacted devices.
Email Security:
You will now know when the Email Security license expires. Just make sure to enable the notifications in the Notifications page.
EDR:
The Incidents page now displays suspicious events in the Endpoint Incidents tab, and events detected by prevention technologies, in the Detected Threats tab.
note Note:
This is available for Bitdefender EDR as a standalone solution.
Public API:
Packages and Network APIs: Added the productType parameter to createPackage and createReconfigureClientTask methods. This parameter is optional and states the operation mode of the agent: EDR (Report only), or Detection and prevention.
Event Push Service API: The taskType parameter for Troubleshooting Activity notification is now a string and can have the following values: Gather Logs and Debug Session.
Resolved issues:
Patch Management:
Completed Patch install tasks could not be deleted from the Tasks page, returning the error "Items you selected cannot be deleted”.

New in Bitdefender GravityZone Business Security 6.20.1-1 On-premise (Mar 2, 2021)

New in Bitdefender GravityZone Business Security 6.19.1-1 On-premise (Jan 25, 2021)

New in Bitdefender GravityZone Business Security 6.18.1-1 On-premise (Nov 25, 2020)

Improvements:
EDR & Incidents:
The new Custom Detection Rules functionality enables you to create rules to detect common events and generate incidents specific to your environment, which otherwise GravityZone may not flag as suspicious through its prevention and threat intelligence technologies. This enhances EDR's capabilities of raising alerts and triggering incidents to stop possible breaches in the early stages of an attack.
You can now:
Create your own detection rule
View and filter by alerts and incidents generated by a custom rule
View details of any rule in the dedicated side panel
Perform multiple actions, including edit, delete, duplicate or ignore a custom rule
Import list of rules
Receive notifications each time a new incident is triggered by a custom rule
Add and filter tags easily maintain your created custom rules
Added the option to update your Linux EDR modules via product update when you configure policies, for a tighter change control configuration and update staging process.
The new-incident Syslog notification now includes more information for logging EDR incident data to an external software platform such as SIEM or SOAR.
Make sure to re-check any existing correlation you are currently using and/or add the new information about incidents in the search queries that are running on your SIEM.
Relabeled the tabs inside the Incidents page as Endpoint Incidents and Detected Threats.Note! Tabs availability may differ in your product, according to your license.
Security Telemetry:
We now offer you the possibility to obtain raw security data from your endpoints right into a SIEM solution. Use this feature if you need a deeper analysis and correlation of the security events in your network.
Because we care about system performance and a low footprint of exported data, we are filtering out redundant information.
Check out the new General > Security Telemetry section of the security policy to enable and configure this feature, and the endpoint’s Information page to verify the connection status between the endpoint and the SIEM.
Ransomware Mitigation:
You have now the option to restore the files encrypted in a ransomware attack, on-demand. Select this option in the policy, for the endpoints where you need more control over. In case of an attack, check the Ransomware Activity page, from where you can view the affected files and then run a restore task. This option is available for 30 days from the event.
Sandbox Analyzer On-Premises:
You can now enable sample submission through proxy to local instances in the Sandbox Analyzer > Infrastructure page. To set up a proxy, go to Configuration > Proxy.
Endpoint Protection:
Following the deprecation of macOS kernel extensions, Bitdefender added support for the new EndpointSecurity and NetworkExtension APIs. These ensure the compatibility between Endpoint Security for Mac, GravityZone Control Center and endpoints running macOS Big Sur (11.0). More information is available with Endpoint Security for Mac-related documentation.
Platform:
New Repair task to quickly fix issues that other way would require agent reinstall.
The options which provide more control over the data you send to Bitdefender are now available in the Miscellaneous section of the agent package configuration window as well.
Several content improvements.
Public API:
The agent kit download link is now available via the getInstallationLinks method.
The full version of the agent kit may now be retreived via the downloadPackageZip method.
The new endpointName filtering option in the getEndpointsList method allows you to better find the endpoints in your network.
The instant report is now accessible by email via the createReport method.

New in Bitdefender GravityZone Business Security September 2020 Cloud (Sep 25, 2020)

New in Bitdefender GravityZone Business Security 6.17.3-1 On-premise (Sep 11, 2020)

New in Bitdefender GravityZone Business Security August 2020 Cloud (Sep 5, 2020)

New in Bitdefender GravityZone Business Security 6.17.2-1 (Sep 5, 2020)

New in Bitdefender GravityZone Business Security 6.16.1-1 On-premise (Jul 21, 2020)

New in Bitdefender GravityZone Business Security 6.15.1-2 On-premise (Jul 13, 2020)

New Features:
Endpoint Detection and Response (EDR):
Bitdefender brings its state-of-the-art EDR cloud technology to its on-premises solutions.
EDR is an event correlation component, capable of identifying advanced threats or in-progress attacks. As part of our comprehensive and integrated Endpoint Protection Platform, EDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.
For this purpose, you need to install the Incidents Server role on your appliances, add the EDR module on agents, and enable the feature in the policy. Then, you can find all the identified incidents, as well as all events that the Bitdefender prevention technologies have detected, in the Incidents page.
Root Cause Analysis:
This feature informs you of threats detected and blocked by our preventive technologies. It provides you with complex filtering options and graphic representation of incidents, as well as blocklisting capabilities.
For this purpose, you need to install the Incidents Server role on your appliances, add the EDR module on agents, and enable the feature in the policy. You can find everything that the Bitdefender prevention technologies have detected, in the Incidents page.
Ransomware Mitigation:
Vaccines give you immunity, but what happens when they come too late? Powered by proactive and award-winning detection technologies, Ransomware Mitigation offers an early solution to ransomware attacks. It detects the attack as it happens, blocks it regardless it was run locally or from a remote endpoint, and then recovers the files encrypted so far.
Find the Ransomware Mitigation settings under the Antimalware > On-execute policy section. After applying protection on endpoints:
You will receive notifications whenever an attack takes place.
You can view details about the ransomware attacks in your network in the Ransomware Activity page.
You will view such events in the Security Audit report.
New localization:
If you are Korean, you can now experience GravityZone in your own native language.
Improvements:
Patch Management:
GravityZone provides a more efficient and proactive way of managing patches:
A new smart scan mechanism detects and informs you whenever a new application has been installed on the endpoint and what patches are available for it.
GravityZone reviews regularly the list of available patches and deletes those that are no longer applicable because either the related applications or the endpoints do not exist anymore.
GravityZone also deletes from the list patches that are no longer available, although they are present on some endpoints.
Advanced Threat Control (ATC):
The ATC/IDS event notification details are enriched with the path and ID of the parent process, and also with the command line that started the process, if the case. These details are sent also via Syslog, in both available formats.
Full Disk Encryption:
You can now set exclusion rules for non-system drives in the Encryption policy settings.
Remote Troubleshooting:
Remote troubleshooting is now available for Linux and macOS agents.
Privacy:
You now have control over the data you send to Bitdefender for analysis. You can find these options as follows:
In the General > Settings > Options section of the policy – for endpoints
In the Configuration > Security Server Settings page – for Security Servers
Note: On this occasion, we would like to reassure you that your data is safe with Bitdefender. We protect it according to the privacy policy and existing regulations.
Network:
You can now use the Delete button to drop protection management on endpoints joined in Active Directory. This change dismisses and removes the Clear license button from the action toolbar.
The product updates and security content available on Relay agents are now visible in the new Information > Repository details page.
Added more information about updates in the Information > Protection page.
Reports:
You can now start a Reconfigure Client task for the selected endpoints directly from the Endpoint Modules Status report. The report also contains a new filter for the Advanced Threat Control module.
Deployment
You are now asked to change the initial bdadmin password when accessing the GravityZone virtual appliance via SSH too. This change applies to any user with administrative right used for GravityZone deployment in Microsoft Azure.
Update System:
The Security Server updates from the Bitdefender Servers are now downloaded only through an HTTPS encrypted channel. Make sure to have port 443 open for outbound traffic from the following locations:
update-onprem.2d585.cdn.bitdefender.net
upgrade.bitdefender.com
download.bitdefender.com
No changes at updates rolled out from the internal network.
The product updates available on the Update Server are now visible in the new Configuration > Repository page.
Usability:
Added several usability enhancements throughout the console. To mention:
Redesigned the Policies > Assignment Rules and the Reconfigure Client pages for better visibility.
Enhanced the Endpoint Modules Status report with the Reconfigure Client option.
Switched to case insensitivity of the login credentials assigned via Access Permissions.
Moved the option Submit HVI memory violations to Bitdefender from the General > Settings policy section into the new Configuration > Security Servers > Privacy page section. The option will be enabled only if all policies had it enabled.
Active Directory integration:
You can now selectively import AD organizational units in GravityZone, for a more flexible management of endpoints joined in AD. Find the available options in the Configuration > Active Directory > Add / Edit Active Directory Domain page. These changes also reflect in the User Activity logs.
Virtualization Providers:
Added support for VMware vSphere and vCenter 7.0, except for the Workload Management vSphere functionality.
Citrix XenServer integration now automatically updates itself with the new IP address of the pool master. You only need to enable this option from Configuration > Virtualization Providers > Management Platform > Add / Edit XenServer window. After this, GravityZone will notify you whenever it happens.
Removed the option Prefer basic deployment methods instead of integration from Configuration > Miscellaneous. It is now the default option.
Public API:
Added the fourth antimalware scan option - custom scan, to the createScanTask method. This option comes with the additional parameters: scanPath and scanDepth.
Created the SetSubmitSettings method so that you can state your privacy preferences via API too.
You can now use the downloadScanLogsZip method to obtain scan logs only for one endpoint.
Updated the following methods so that you can add the available modules to agents, provided they are covered by license:
createReconfigureClientTask
createPackage
getPackageDetails
getManagedEndpointDetails
Resolved Issues:
Antimalware:
Infected files were deleted even with the Take no action setting selected.
Reports:
Endpoint Encryption Status and HyperDetect Activity emailed reports did not include the attachment with the results.
Update System:
If Update Server was removed from the infrastructure, it could not be installed again due to deployment requirements in place.
Removed Features:
Virtualization Providers:
Succeeding the VMware vCNS / vShield Endpoint integration EOSL notice, Bitdefender removes the option to add/edit this type of integration via the GravityZone update scheduled for end of Q3.

New in Bitdefender GravityZone Business Security June 2020 Cloud (Jul 7, 2020)

New Features:
New Localization:
If you are Korean, you can now experience GravityZone in your own native language.
Improvements:
Endpoint Detection and Response (EDR):
Added Exclusion Rules, a framework for creating custom rules to exclude all those EDR-triggered incidents that you consider safe, or false positive, based on your environment setup. You can create rules manually by writing your own criteria, or directly from the incident graph, by adding certain alerts as exclusions.
EDR events storage now spans on three time intervals: 30, 90, and 180 days. Not to worry, storage capacity for your events has remained the same. For new companies joining GravityZone, each option is available as an add-on.
Endpoint Risk Analytics (ERA):
Included Human Risks, a new ERA feature that enables you to monitor potential vulnerabilities caused by unintentional or reckless behavior of active users within your network. Data on user behavior is available in the following pages:
Risk Management dashboard, which now includes the new Top Human Risks and Top Vulnerable Users widgets; providing useful information on potential breach gates into your environment’s security, caused by user behavior.
Security Risks page, which now has two new tabs:
Human Risks – displays all detected potential risks generated by reckless user behavior
User – displays all the users that have generated potential risks for your organization, based on what actions they have taken, unintentionally or not.
This feature is in beta version.
Improved the flow inside the Misconfigurations and App Vulnerabilities tabs, to enable filtering devices by a specific misconfiguration or vulnerable application.
Added bulk resolution of indicators of risks via the Fix Risks button in the Misconfigurations tab.
Added fixing and patching capabilities in the endpoint side panel, for a more granular approach in fixing risks and patching apps at endpoint level.
Patch Management:
GravityZone provides a more efficient and proactive way of managing patches:
A new smart scan mechanism detects and informs you whenever a new application has been installed on the endpoint and what patches are available for it.
GravityZone reviews regularly the list of available patches and deletes those that are no longer applicable because either the related applications or the endpoints do not exist anymore.
GravityZone also deletes from the list patches that are no longer available, although they are present on some endpoints.
Advanced Threat Control (ATC):
The ATC/IDS event notification details are enriched with the path and ID of the parent process, and also with the command line that started the process, if the case.
Remote Troubleshooting:
Remote troubleshooting is now available for Linux and macOS agents.
Bitdefender Cloud storage option is available for Security Server (Multi-Platform).
Network:
You can now use the Delete button to drop protection management on endpoints joined in Active Directory.
This change dismisses and removes the Clear license button from the action toolbar.
The product updates and security content available on Relay agents are now visible in the new Information > Repository details page.
Added more information about updates in the Information > Protection page.
Policies:
With the new User Rules option from Assignment Rules, you can easily apply policies per endpoint user.
These rules work only with Active Directory users or security groups.
Reports:
You can now start a Reconfigure Client task for the selected endpoints directly from the Endpoint Modules Status report.
The report also contains a new filter for the Advanced Threat Control module.
Usability:
Added several usability enhancements throughout the console. To mention:
Redesign of the Policies > Assignment Rules and the Reconfigure Client pages for better visibility.
Enhanced the Endpoint Modules Status report with the Reconfigure Client option.
Case insensitivity at SSO login.
Company Accounts:
As a Bitdefender Partner, you can configure minimum monthly usage for managed companies with monthly subscription. You have the option to specify a subscription end date, with the ability to activate automatic renewal in case of expiration.
The minimum usage settings are available for each company in the Companies page.
ConnectWise Manage Integration:
You can now identify and filter companies imported from ConnectWise Manage by their status.
Public API:
Added API support for moving endpoints between Company accounts via the moveEndpointsBetweenCompanies method.
Added the activateCompany method so that Bitdefender Partners can re-activate suspended company accounts.
Added the details related to ERA > Human Risk to the following methods:
getCompanyDetails
getManagedEndpointDetails
Added the risk score from Endpoint Risk Analytics to the getManagedEndpointDetails and getCompanyDetails methods.
Updated the following methods to cover the new minimum usage options at monthly subscription:
getDetailedMonthlyUsage
getMonthlyUsage
getLicenseInfo
getNetworkInventoryItems
createCompany
setMonthlySubscription
Updated the following methods so that you can add the available modules to agents, provided they are covered by license:
createReconfigureClientTask
createPackage
getPackageDetails
getManagedEndpointDetails
NOTE! The networkMonitor option was renamed to NetworkAttackDefense.
Added the option to create custom scan tasks via the following methods:
createScanTask
createScanTaskByMac
Notifications sent via Event Push Service API now contain the path and ID of the process for ATC detections, plus the command line that generated the process (if the case).
New and more detailed error codes and messages for the moveEndpointsBetweenCompanies method.
A new subscription type available via the createCompany method, called FRAT.
Antimalware:
Infected files were deleted even with the Take no action setting selected.
Network:
Users could not access the Network page after entering a long string in the column filter.
Endpoint Risk Analytics:
The results of a scheduled scan task did not include detected vulnerabilities.
In some situations, filtering by severity did not work as expected.
Reports:
Endpoint Encryption Status and HyperDetect Activity emailed reports did not include the attachment with the results.
The CSV file of the License Status report for Partners included by accident more child companies than needed, resulting in a lower number of seats available for install.
Companies:
A Partner could do the following operations even with the Manage from above option disabled on managed companies:
Enforce two-factor authentication.
Modify the metadata URL for single sign-on.
Modify the Country field.

New in Bitdefender GravityZone Business Security 6.15.1-1 On-premise (Jul 7, 2020)

New Features:
Endpoint Detection and Response (EDR):
Bitdefender brings its state-of-the-art EDR cloud technology to its on-premises solutions.
EDR is an event correlation component, capable of identifying advanced threats or in-progress attacks. As part of our comprehensive and integrated Endpoint Protection Platform, EDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.
For this purpose, you need to install the Incidents Server role on your appliances, add the EDR module on agents, and enable the feature in the policy. Then, you can find all the identified incidents, as well as all events that the Bitdefender prevention technologies have detected, in the Incidents page.
Feature available in: GravityZone Ultra:
Root Cause Analysis:
This feature informs you of threats detected and blocked by our preventive technologies. It provides you with complex filtering options and graphic representation of incidents, as well as blocklisting capabilities.
For this purpose, you need to install the Incidents Server role on your appliances, add the EDR module on agents, and enable the feature in the policy. You can find everything that the Bitdefender prevention technologies have detected, in the Incidents page.
Feature available in: GravityZone Elite:
Ransomware Mitigation:
Vaccines give you immunity, but what happens when they come too late? Powered by proactive and award-winning detection technologies, Ransomware Mitigation offers an early solution to ransomware attacks. It detects the attack as it happens, blocks it regardless it was run locally or from a remote endpoint, and then recovers the files encrypted so far.
Find the Ransomware Mitigation settings under the Antimalware > On-execute policy section. After applying protection on endpoints:
You will receive notifications whenever an attack takes place.
You can view details about the ransomware attacks in your network in the Ransomware Activity page.
You will view such events in the Security Audit report.
Feature available in: GravityZone Elite, GravityZone Ultra and GravityZone Enterprise (à la carte)
New localization:
If you are Korean, you can now experience GravityZone in your own native language.
Improvements:
Patch Management:
GravityZone provides a more efficient and proactive way of managing patches:
A new smart scan mechanism detects and informs you whenever a new application has been installed on the endpoint and what patches are available for it.
GravityZone reviews regularly the list of available patches and deletes those that are no longer applicable because either the related applications or the endpoints do not exist anymore.
GravityZone also deletes from the list patches that are no longer available, although they are present on some endpoints.
Advanced Threat Control (ATC):
The ATC/IDS event notification details are enriched with the path and ID of the parent process, and also with the command line that started the process, if the case. These details are sent also via Syslog, in both available formats.
Full Disk Encryption:
You can now set exclusion rules for non-system drives in the Encryption policy settings.
Remote Troubleshooting:
Remote troubleshooting is now available for Linux and macOS agents.
Privacy:
You now have control over the data you send to Bitdefender for analysis. You can find these options as follows:
In the General > Settings > Options section of the policy – for endpoints
In the Configuration > Security Server Settings page – for Security Servers
On this occasion, we would like to reassure you that your data is safe with Bitdefender. We protect it according to the privacy policy and existing regulations.
Network:
You can now use the Delete button to drop protection management on endpoints joined in Active Directory. This change dismisses and removes the Clear license button from the action toolbar.
The product updates and security content available on Relay agents are now visible in the new Information > Repository details page.
Added more information about updates in the Information > Protection page.
Reports:
You can now start a Reconfigure Client task for the selected endpoints directly from the Endpoint Modules Status report. The report also contains a new filter for the Advanced Threat Control module.
Deployment:
You are now asked to change the initial bdadmin password when accessing the GravityZone virtual appliance via SSH too. This change applies to any user with administrative right used for GravityZone deployment in Microsoft Azure.
Update System:
The Security Server updates from the Bitdefender Servers are now downloaded only through an HTTPS encrypted channel. Make sure to have port 443 open for outbound traffic from the following locations:
update-onprem.2d585.cdn.bitdefender.net
upgrade.bitdefender.com
download.bitdefender.com
No changes at updates rolled out from the internal network.
The product updates available on the Update Server are now visible in the new Configuration > Repository page.
Usability:
Added several usability enhancements throughout the console. To mention:
Redesigned the Policies > Assignment Rules and the Reconfigure Client pages for better visibility.
Enhanced the Endpoint Modules Status report with the Reconfigure Client option.
Switched to case insensitivity of the login credentials assigned via Access Permissions.
Moved the option Submit HVI memory violations to Bitdefender from the General > Settings policy section into the new Configuration > Security Servers > Privacy page section. The option will be enabled only if all policies had it enabled.
Active Directory integration:
You can now selectively import AD organizational units in GravityZone, for a more flexible management of endpoints joined in AD. Find the available options in the Configuration > Active Directory > Add / Edit Active Directory Domain page. These changes also reflect in the User Activity logs.
Virtualization Providers:
Added support for VMware vSphere and vCenter 7.0, except for the Workload Management vSphere functionality.
Citrix XenServer integration now automatically updates itself with the new IP address of the pool master. You only need to enable this option from Configuration > Virtualization Providers > Management Platform > Add / Edit XenServer window. After this, GravityZone will notify you whenever it happens.
Removed the option Prefer basic deployment methods instead of integration from Configuration > Miscellaneous. It is now the default option.
Public API:
Added the fourth antimalware scan option - custom scan, to the createScanTask method. This option comes with the additional parameters: scanPath and scanDepth.
Created the SetSubmitSettings method so that you can state your privacy preferences via API too.
You can now use the downloadScanLogsZip method to obtain scan logs only for one endpoint.
Updated the following methods so that you can add the available modules to agents, provided they are covered by license:
createReconfigureClientTask
createPackage
getPackageDetails
getManagedEndpointDetails
The networkMonitor option was renamed to NetworkAttackDefense.
Antimalware:
Infected files were deleted even with the Take no action setting selected.
Reports:
Endpoint Encryption Status and HyperDetect Activity emailed reports did not include the attachment with the results.
Update System:
If Update Server was removed from the infrastructure, it could not be installed again due to deployment requirements in place.
Removed Features:
Virtualization Providers:
Succeeding the VMware vCNS / vShield Endpoint integration EOSL notice, Bitdefender removes the option to add/edit this type of integration via the GravityZone update scheduled for end of Q3.

New in Bitdefender GravityZone Business Security 6.13.1-1 On-premise (Apr 23, 2020)

New in Bitdefender GravityZone Business Security March 2020 Cloud (Apr 7, 2020)

New Features:
Single Sign-On (SSO):
Added single sign-on (SSO) authentication capability using the SAML 2.0 standard. The SSO options are available as follows:
In the new Configuration > Authentication Settings page, for your company.
In the Companies page, for companies that you manage.
In the Accounts page, for GravityZone users.
Incidents:
The GravityZone Elite Security bundle now includes the Incidents feature, where we provide the Root Cause Analysis of threats detected and blocked by our preventive technologies, with complex incident filtering options and graphic representation of incidents, as well as isolation, blocklisting, and remote connection capabilities.
Improvements:
EDR:
EDR introduces the Scan for IOC technology, enabling you to scan your environment for known indicators of compromise in real-time and generate detailed reports.
The Incidents page went through a significant visual and functional transformation, enhancing your experience when analyzing threats in your environment, as follows:
The new Overview bar displays open incidents, top alerts, techniques and affected devices, as well as specific filtering capabilities.
The incidents list is now a fully customizable filterable grid with add/remove columns, for easier content management.
The Change Status menu introduces the option to mark incidents as false-positive and leave bulk notes for later consultation.
The detailed information for each incident, and their graphic representation and timeline, are now available in quick view mode.
The Graph tab unravels a multi-phase representation of staged attacks, as well as in-graph search capabilities.
The Node Details panel is now grouping information into more meaningful categories. Above that, the panel is fully expandable, to improve readability.
Endpoint Risk Analytics:
Endpoint Risk Analytics introduces the remediation of Common Vulnerability Exposures of applications currently installed in your environment.
The Risk Management Dashboard has been completely redesigned to improve visualization and enhance your experience while assessing the overall level of risk your company may be facing.
The company risk score is now calculated by taking into account a wide list of indicators of risks and known application vulnerabilities, showing you its evolution in time.
The new score breakdown, and top misconfigurations and vulnerable application widgets make it easier to see where your environment is more vulnerable to attacks and which devices are affected the most.
The devices by severity widgets show you exactly how impacted by risks and vulnerabilities are the servers and workstations under your management.
The new Security Risk page provides complex filtering options for indicators of risk, application vulnerabilities and devices. Risks in each category can be easily mitigated through the recommendations and actions provided in their Details Panel.
The Companies View page is a new feature included in Endpoint Risk Analytics for MSP, providing a comprehensive overview of the overall risk faced by every company under your management, making it easy for you to assess and eliminate risks separately for each of your customers.
Antimalware:
You can now configure Security Servers’ cache sharing so that you can enable/disable it or restrict it to Security Servers from the same network. Not to worry about bandwidth consumption between sites anymore. The settings are available in the Configuration > Security Servers Settings page.
Installation:
Easily remove installed security solutions from your environment when upgrading to a full product license. The feature is ON by default and will remove any existing security software that creates conflicts when installing the BEST protection modules.
Network Inventory (MSP only):
Partners (Company Administrator and Partner roles) are now able to move endpoints directly between the companies they manage by dragging and dropping endpoints in the Network page.
More comprehensive error messages when moving companies under other Partners.
Firewall:
We eased firewall configuration with the new option to import and export rules.
Encryption:
You can now set rules to exclude drives from encryption.
Remote Troubleshooting:
GravityZone introduces Bitdefender Cloud as a new storage option for collected logs.
Remote troubleshooting is now available for Security Server Multi-Platform.
You can now restart a troubleshooting session while maintaining its previous settings.
Monthly Subscription Trials:
Two new trial options: Monthly License Trial (Partners only) and Monthly Subscription Trial. Trial companies have access to all features and add-ons available with Cloud Security for MSPs. The Monthly License Trial is valid for 45 days and covers 25 endpoints.
Reports:
The Monthly License Usage report includes significant enhancements to simplify add-ons billing per usage:
Displays usage and status for all add-ons, including the latest ones, such as Patch Management, SVE VS and VDI, ATS, and EDR.
Provides more information on each company’s type and monthly subscription and each endpoint installed modules, like Network Attack Defense and Advanced Anti-Exploit.
Includes the option to generate the report only for direct companies, ignoring their child companies. 
The report has some columns renamed. If you use the CSV file to extract usage information into external systems, please see the details here.
Dashboard:
View portlets in a single scrolling page and update all the information at once using the Refresh Portlets button.
Added time filtering for the Endpoint Protection Status, Policy Compliance and Update Status portlets.
Two-Factor Authentication:
We moved the 2FA settings of your company in the new Configuration > Authentication Settings page.
What’s New:
Rushing to solve a problem and What’s New stays in the way? No more. We wrapped it gently in a gift box next to the Notifications icon. It will showcase the new features in a compact side panel.
Amazon EC2 Integration:
Added hourly billing support for the new EC2 instance types.
Event Push Service API:
New agent-related events for all supported operating systems are now available via JsonRPC, CEF and Splunk. These events refer to agent installation/removal, endpoint move, and hardware ID changes.
Added detection timestamps to antimalware (av) and Advanced Threat Control (atc) events. The field is named BitdefenderGZDetectionTime.
Removed Features:
Reports:
Removed the Malware Activity report. You can use the Security Audit report instead.
Dashboard:
Removed the Malware Activity portlet.
Antimalware:
Removed support for scanning Mapped Network drives when On-Demand Device Scanning is used.
Resolved Issues:
Content Control:
Policy inheritance did not work for specific web categories.

New in Bitdefender GravityZone Business Security 6.12.1-1 On-premise (Apr 7, 2020)

New in Bitdefender GravityZone Business Security 6.11.1-1 On-premise (Jan 22, 2020)

New in Bitdefender GravityZone Business Security 6.10.1-1 On-premise (Dec 2, 2019)

New in Bitdefender GravityZone Business Security 6.9.1-1 On-premise (Nov 15, 2019)

New Features:
Network Attack Defense:
A brand-new powerful technology focused on detecting network attack techniques designed to gain access on specific endpoints, such as brute-force attacks, network exploits, password stealers.
The Network Attack Defense settings are available under the new Network Protection policy section. A specific notification informs you about incidents in your network, while the Network Incidents report will provide more insight about these detections.
note
Note: To use the Network Attack Defense module, you need to install it on endpoints. For existing installations, run a Reconfigure Client task with Network Attack Defense selected. For new deployments, edit the installation package to include this module.
Sandbox Analyzer On-Premises:
Your own Sandbox Analyzer from Bitdefender is here! Born from the Cloud-based version, the new Sandbox Analyzer On-Premises is delivered as a virtual appliance deployable on an ESXi hypervisor. The built-in installer allows easy deployment and configuration while the integration with GravityZone console provides a single interface for management.
The Sandbox Analyzer on-Premises release is packed with the following features and capabilities:
Virtual appliance packaging with built in graphical installer
Out of the box integration with GravityZone console for management, configuration and deployment
Integrated with various sensors capable for feeding samples from various sources: network streams, ICAP traffic, file system
Unified reporting interface for both Sandbox Analyzer On-Premises and Sandbox Analyzer Cloud
Detailed detonation reports containing information about malware classification, behavior analysis or timeline view
Support for custom detonation environments (golden images)
Sample re-analysis using different configuration options
REST based API for integration with 3rd party security solutions.
Remote Troubleshooting:
The endpoint information page includes a new Troubleshooting tab, from where you can collect basic and advanced logs remotely. You can start a debug session, so that GravityZone collects the logs while the issue is reproducing. This will help our technical support specialists to perform an in-depth analysis of the issue and provide a resolution faster.
You can save the collected data on a network share, on the target endpoint or on both.
Localization:
From now on we speak Chinese!
妈妈说：“今天能完成的事，不要留到明天。”
儿子回答：“好吧，把全蛋糕给我，我今天都吃光了吧。”
Seriously now, you can switch the GravityZone interface to Simplified Chinese, if you please.
System Status:
Control Center now includes the System Status section, which displays real-time status information for the main metrics of your GravityZone environment.
Improvements:
Security:
We have added the option to create a VPN cluster for a more secure communication between the services on the GravityZone appliances. You can enable this option from the GravityZone appliance menu.
Deployment:
Integrating new modules to deployed agents is like playing with modeling clay. We have made the reconfiguring process more flexible.
You can choose to install Bitdefender security agents without removing the security software from other vendors. This means zero protection gap and faster deployment. Just remember, you’re doing this at your own risk. Some security solutions may affect the Bitdefender installation. Once you are protected by Bitdefender, you can manually remove any previously installed security solution.
Network Inventory
Goodbye to unused virtual machines from your network inventory. The Configuration page offers you the option to schedule automatic cleanup tasks.
Policies:
Network Protection replaces the previous Content Control module in the Inheritance Rules settings.
The GravityZone reports keep tracking the Content Control features, but also include information on Network Attack Defense.
Location-based policies are now aware of the hostname too. You can to define assignment rules based on endpoint’s hostname.
The new Antimalware > On-Execute section covers Advanced Threat Control and Fileless Attack Protection.
Network Protection, another new policy section, exposes the new Network Attack Defense technology and shields the Content Control features.
Content Control went through a big transformation as well:
The old Traffic, Web, Data Protection, and Applications sections have been re-organized into new General, Content Control, and Web Protection sections.
The new Network Attacks section exposes the Network Attack Defense technology and its settings.
The new Global Exclusions option, in the General section, replaces the previous separated Traffic Scan and Antiphishing exclusions. During update, the existing policies will be automatically migrated to the new global exclusions.
Advanced Anti-Exploit:
Three new detection techniques are available: VBScript Generic, Shellcode EAF (Export Address Filtering), and Emerging Exploits. These detections will be present from now on in the Security Audit and Blocked Applications reports.
User Activity now includes logs related to Advanced Anti-Exploit.
Patch Management:
Added the option to limit reboot postpones at maximum 48 hours from new patches installation. When the set amount of time expires, endpoints will automatically reboot. Endpoint users will receive a notification regarding this action.
You can find this new option in the policy, under the Notifications > Endpoint Restart Notification modular settings.
Sandbox Analyzer Cloud:
Results from detonation analysis are available with new information-rich reports in HTML format. These reports contain details such as: malware classification, process-level view, network activity, timeline view, registry keys and mutex objects accessed, file systems modifications, IOC attributes.
The Filters area is expanded by default, so it is easier for you to discover all the options available with the submission cards.
Under the Submission Type filtering category, the Automatic option has been renamed to Endpoint Sensor.
HVI:
Added network connection details to forensic information. HVI reports details such as active connections, IP addresses, and ports involved, when it detects an attack in user space.
HVI now prevents malicious DLL files from being loaded inside a protected process.
Notifications:
Added Blocked Devices notification that alerts you whenever a blocked device connects to the endpoint. This notification is configurable from Notification Settings.
The Antimalware notification is now triggered during the scan, each time a malware event is detected.
Reports:
The Endpoint Modules Status report now includes information on Sandbox Analyzer and HyperDetect.
Integrations:
Added compatibility with NSX-T 2.5, which includes agentless antimalware scanning for Linux virtual machines.
Public API:
All GravityZone reports are now available via API as well.
Sandbox Analyzer On-Premises provides various API methods for monitoring detonation infrastructure, managing sample submission and downloading analysis reports. For details, refer to the GravityZone API Guide (On-Premises).
We have made some improvements here and there:
createReconfigureClientTask entered the Network API
getManagedEndpointDetails returns all installed modules on a managed endpoint
getInstallationLinks returns the installation links for a package
getQuarantineItemsList has new filtering options.
Resolved Issues:
Policies:
Disabling the Endpoint Issues Visibility option in the Notifications policy section does not disable sub-features as well.
Automatic Update:
Automatic product updates failed to start when configuring certain time zones and intervals.
Network:
The Mobile Devices view failed to display the Active Directory inventory when creating an integration with the option Sync to Custom Groups enabled.

New in Bitdefender GravityZone Business Security October 2019 Cloud (Nov 15, 2019)

New Features:
Email Security:
New email security service with complete email flow control and protection against spam, targeted phishing and impersonation attacks. Email administration incorporates management and analytics tools.
Email Security management provides the following:
Deployment through domain MX record redirect.
Customizable policy engine to control email delivery and filter messages through a comprehensive rule builder.
Company-wide quarantine.
Connection rule configuration to monitor connection attempts to or from your mailboxes.
Safe and Deny lists configuration for companies or individual users.
Mailbox synchronization through Azure Active Directory and manual import.
DNS record configuration with support for SPF, DKIM and DMARC.
The Analytics section delivers:
Real-time visibility through email flow charts, rules triggered, and actions taken.
Customizable reports for specific events.
Scheduled reports and alerts for specific rules, actions or content
Network Attack Defense:
A brand-new powerful technology focused on detecting network attack techniques designed to gain access on specific endpoints, such as brute-force attacks, network exploits, password stealers.
The Network Attack Defense settings are available under the new Network Protection policy section. A specific notification informs you about incidents in your network, while the Network Incidents report will provide more insight about these detections.
note
Note: To use the Network Attack Defense module, you need to install it on endpoints. For existing installations, run a Reconfigure Client task with Network Attack Defense selected. For new deployments, edit the installation package to include this module.
Remote Troubleshooting
The endpoint Information window includes a new Troubleshooting tab, from where you can collect basic and advanced logs remotely. You can start a debug session, so that GravityZone collects the logs while the issue is reproducing
This will help our technical support specialists to perform an in-depth analysis of the issue and provide a resolution faster.
You can save the collected data on a network share, on the target endpoint or on both.
Localization:
From now on we speak Chinese!
妈妈说：“今天能完成的事，不要留到明天。”
儿子回答：“好吧，把全蛋糕给我，我今天都吃光了吧。”
Seriously now, you can switch the GravityZone interface to Simplified Chinese, if you please.
Improvements:
EDR:
The Incidents page went through a major visual and functional makeover, now providing enhanced investigation capabilities.
The Graph tab displays the critical path and all side elements in a fit-to-screen vertical tree.
An interactive incident graph behavior with highlight of node and alternate path to endpoint on mouse-over, and same type elements grouped in expandable clusters.
The Filters and Navigator floating menus that allow easy customization and navigation of the incident map.
New Node Details, Incident Info and Remediation side panels with collapsible sections that provide information for each element, actions and recommendations to mitigate an attack.
Suspicious and malicious nodes now display alerts in their details panel, describing what was detected and how it might be exploited, in accordance with MITRE tactics and techniques.
The Events tab displays filterable system events and alerts, with corresponding event descriptions.
The Remote Connection tab is now available as an action button on the endpoint node's details panel.
EDR now also includes new detection sources:
Anomaly Detection - a baselining module that spots anomalies in how the system is functioning
Network Attack Defense - a new security layer that identifies network-specific breaches
Advanced Anti-Exploit - a recently released security layer that detects the most evasive exploits
AMSI - detections made by the Windows Antimalware Scan Interface (AMSI)
Two-factor Authentication (2FA):
With this update, two-factor authentication is enabled by default when creating a company. When disabling 2FA, you will be prompted with a confirmation message before the changes come into effect.
Company Accounts
MSP partners now have the option to add up to five custom fields in their Monthly License Usage report for storing third party or other custom data and facilitating billing automation.
A new page is now available under Companies > Custom Fields, with two sections where you can manage and import data for these fields. You can view the custom fields also when creating or editing a company.
Deployment:
Integrating new modules to deployed agents is like playing with modeling clay. We have made the reconfiguring process more flexible.
You can choose to install Bitdefender security agents without removing the security software from other vendors. This means zero protection gap and faster deployment.
Just remember, you’re doing this at your own risk. Some security solutions may affect the Bitdefender installation. Once you are protected by Bitdefender, you can manually remove any previously installed security solution.
Network Inventory:
Goodbye to unused virtual machines from your network inventory. The new Configuration page offers you the option to schedule automatic cleanup tasks.
Policies:
The new Antimalware > On-Execute section covers Advanced Threat Control and Fileless Attack Protection.
Network Protection, another new policy section, exposes the new Network Attack Defense technology and shields the Content Control features.
Content Control went through a big transformation as well:
The old Traffic, Web, Data Protection, and Applications sections have been re-organized into new General, Content Control, and Web Protection sections.
The new Network Attacks section exposes the Network Attack Defense technology and its settings.
The new Global Exclusions option, in the General section, replaces the previous separated Traffic Scan and Antiphishing exclusions. During update, the existing policies will be automatically migrated to the new global exclusions.
Network Protection replaces the previous Content Control module in the Inheritance Rules settings.
The GravityZone reports keep tracking the Content Control features, but also include information on Network Attack Defense.
Location-based policies are now aware of the hostname too. You can to define assignment rules based on endpoint’s hostname.
The Indicators of Risk (IOR) have been reclassified into new and more meaningful categories for increased efficiency in risk analysis and management.
Sandbox Analyzer:
Results from detonation analysis are available with new information-rich reports in HTML format. These reports contain details such as: malware classification, process-level view, network activity, timeline view, registry keys and mutex objects accessed, file systems modifications, IOC attributes.
The Filters area is expanded by default, so it is easier for first-time users to discover all the options available with the submission cards.
Under the Submission Type filtering category, the Automatic option has been renamed to Endpoint Sensor.
Advanced Anti-Exploit:
Three new detection techniques are available: VBScript Generic, Shellcode EAF (Export Address Filtering), and Emerging Exploits. These detections will be present from now on in the Security Audit and Blocked Applications reports. Plus, User Activity now includes logs related to Advanced Anti-Exploit.
Patch Management:
Added the option to limit reboot postpones at maximum 48 hours from new patches installation. When the set amount of time expires, endpoints will automatically reboot. Endpoint users will receive a notification regarding this action.
Reports:
The Endpoint Modules Status report now includes information on Sandbox Analyzer and HyperDetect.
Public API:
MSP partners can enable Email Security and get the usage report via the public API.
All GravityZone reports are now available via API as well.
We have made some improvements here and there:
createReconfigureClientTask entered the Network API
getManagedEndpointDetails returns all installed modules on a managed endpoint
setMonthlySubscription allows Bitdefender Partners to revoke seat reservation from companies with monthly licensing
getQuarantineItemsList has new filtering options
Resolved Issues:
Policies:
Disabling the Endpoint Issues Visibility option in the Notifications policy section does not disable sub-features as well.
Notifications
Some partners were receiving daily License Expires email notifications against their notification settings. We added a new option to filter managed companies that may trigger such notifications.

New in Bitdefender GravityZone Business Security 6.8.1-21 On-premise (Aug 6, 2019)

New in Bitdefender GravityZone Business Security 6.6.11.159 Cloud (Aug 6, 2019)

New Features:
Endpoint Risk Management:
This update brings Endpoint Risk Management, a brand-new feature designed for effectively identifying, assessing and remediating endpoint weaknesses. GravityZone exposes this new feature in the following areas:
Risk Management policy section, including a risk scan scheduler.
Risk Scan task available from the Network page.
New Risk Management Dashboard, providing several panels with risk information, one-click resolve action per endpoint and recommendations for exposure mitigation.
Advanced Anti-Exploit:
Powered by machine learning, this new proactive technology stops zero-day attacks carried out through evasive exploits. Advanced Anti-Exploit catches the latest exploits in real-time and mitigates memory corruption vulnerabilities that can evade existing solutions.
This security layer is pre-configured with the recommended security settings and you can customize it from the Antimalware > Advanced Anti-Exploit policy section.
You can view Advanced Anti-Exploit events in the Security Audit, Blocked Application, Endpoint Module Status reports.
Note: This security layer addresses Windows-based systems.
Antimalware:
Implemented a new Load Balancing mechanism between endpoints, protected through BEST with Central Scan and Security Servers. You can now choose to distribute the load evenly between the assigned Security Servers.
Improvements:
EDR:
Added full support for incidents detection and response actions, root cause analysis and MITRE events on Linux OS endpoints.
Enriched the Search section with several predefined queries, covering the most useful investigation scenarios.
Improved security event visualization from the Incidents page:
New panel in the graph area displaying the actions and their states for the selected event node in a single view.
New Further Investigation section in the node details area, outlining the additional analysis through Sandbox, Virus Total and Google.
Sandbox Analyzer:
Expanded the list of supported file types that can be automatically submitted to Sandbox Analyzer.
Added content pre-filtering capabilities for submitting files to the Sandbox Analyzer. This functionality is configurable in a new policy section.
Added error messages for failed detonations in the submission card section on the Sandbox Analyzer page.
Antimalware:
A major increase of the scanning speed in VDI environments due to the new scan cache sharing protocol between Security Servers. To benefit of this feature, enable port 6379 to allow traffic between Security Servers.
Two new statuses for Security Server load: Near overloaded and Near underloaded.
New custom exclusion types by file hash, certificate thumbprint, threat name, and command line.
New option to add folder exclusions for ATC/IDS. With this release, existing folder exclusions remain configured for on-access and on-demand scanning. To add ATC/IDS as well, you need to select the corresponding checkbox in the Modules column.
Ability to define custom exclusions by using wildcards:
Asterisk (*) for one or more characters.
Question mark (?) for a single character.
Storage Protection:
You can now use a secured connection between Security Servers and the protected NAS servers, provided they use SSL over ICAP.
Usability:
Optimized the Control Center workspace with the new display modes of the menu: expanded, collapsed (icon view) and hidden.
Update System:
Replaced the antimalware signatures with a new method to identify known and unknown malware, called Security Content.
Resolved Issues:
Sandbox Analyzer:
Analysis results from a manual submission could not be retrieved if the proxy was in place.
Update System:
In Control Center, weekly recurrence for antimalware updates was resetting upon return, if set only on Sunday. This was only a display issue, the setting being sent correctly to the security agent.
Network:
Removed the ghost folders that appeared on some Partner accounts.
Antimalware:
Security Server Load Balancing - Equal distribution mode had limited functionality. The scan load was not distributed equally between Security Servers.