Bitdefender Tech News

Bitdefender Changes Scanning Techniques

This can be good or Bad..depends on how you look at it

I mange thousand of endpoints of Bitdefender

So i have been running the new changes for about a week ( I am satisfied so far)

Bitdefender is a policy based platform

In this point, there are several things to do:
1. Remove the scan archive from the Quick scans because these are designed to scan some resources fast.
2. Add the scan archives in the Full scan profile if not already done so it can be inherited and the report be populated as desired.
3) With all this, a malware located in an archive doesn’t pose a threat because when resources from the archive are accessed or unpacked they will be scanned and detected by the on access real time protection.

Read this link (https://www.bitdefender.com/business/support/en/71263-85158-contact.html) updates coming and some answers also

LAST IF YOU ARE NOT USING 2FA PLEASE TAKE THE TIME TO SETUP IT IS NOT HARD. personally  I use a high end 2FA program for all sites and I use it from one computer only. I do not use  cell phones to log in, the program that I use allows it.. security is a utmost concern to me in protecting myself and my partners

If you have questions and you are a MspPortal Partner feel free to contact me

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phish Line Training

“Where Service and Technical Skills Count”

 

Bitdefender- New Content Policy

Bitdefender Modified the existing content filter in November

Network Attack Defense

Key is to be in Partner Mode

The Network Attack Defense module relies on a Bitdefender technology that focuses on detecting network attacks designed to gain access on endpoints through specific techniques, such as: brute-force attacks, network exploits, password stealers, drive-by-download infection vectors, bots, and Trojans.

Short Version
From the latest updates, the Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been moved under Policies > Configuration Profiles > Web Access Control Scheduler > Category Scheduler.
You can now create new schedules with multiple time window settings and assign categories to each schedule. The categories will be removed from the policy and the new schedule will be mapped to a policy.

Please refer to this article (https://www.bitdefender.com/business/support/en/77209-452409-web-access-control-scheduler.html#UUID-4d237376-d2f8-7403-25fd-59e8bf11a543) from our documentation regarding how to create a scheduler and also assign it to a policy. Note that a scheduler can be assigned to more policies simultaneously.

Long Version
(https://www.bitdefender.com/business/support/en/77211-376315-network-attack-defense.html)

If you need assistance contact me

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

 

Bitdefender Experiencing Server App Slowness

Write this rule in the policy for the company in question

Network Performance Issues
Rules to write
In the Policy
Sections
Antimalware->Settings->In-policy exclusions->type IP/mask-> ip address of the server machine serving the app->Ransomeware Mitigation
Network Protection->type IP/Mask->ip address of the server machine serving the app.
Save
Do the same on the workstation Policy
The push a task update policy to all machines

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

GravityZone Control Center Update for September (Read Important Changes)

September 2023 (Version 6.43.0-1)
Early Access
YARA detection rules

YARA rules are queries you can use to scan endpoints for patterns of malicious behavior. Use the YARA detection rules feature to generate custom alerts and security incidents based on the results of these scans.

This feature is available for Windows and Linux endpoints with the following BEST versions:

Windows: 7.9.5.318 or newer

Linux: 7.0.3.2248 or newer

To create YARA rules, go to Incidents > Custom detection rules, click the Add rule button, and then click YARA. Follow the on-screen instructions.

After you create a YARA detection rule, you cannot convert it into another type of detection rule.

From the Custom detection rules grid, you can enable or disable YARA detection rules, or start on-demand scans by clicking the 151926_1.png vertical ellipsis button and then selecting the Scan option.

Clicking a YARA detection rule from the Custom detection rules grid brings up the YARA details panel. From this panel, you can switch to the Search and Incidents sections to view the alerts and incidents generated by the rule.
Unified Incidents

The Parameter filter is now available in the Incidents section. It contains a series of criteria you can use to further filter your grid results and create highly customized smart views.
Improvements
EDR

The Incidents > Custom Rules section has been divided into two sections: Custom detection rules and Custom exclusion rules.

The grids and rule configuration pages have a new design.
Rule settings now include targets. You can now decide whether to apply the rule to the entire company or to specific groups by endpoint tags.

Clicking a grid entry brings up the details panel of the rule. It contains information about the rule, options for navigating rules and for editing the current rule. For custom detection rules, you can use the View alerts and View incidents buttons to switch to the Search and Incidents sections.

In the Incidents > Search section, you can now look up both custom detection rules and custom exclusion rules by using the other.rule_id field in your search query. You can still use the other.exclusion_id field to identify existing alerts for the next 90 days, after which the field will be deprecated.

The Custom detection rules and the Custom exclusion rules sections are now available to Partners even if they do not have an active EDR license on their account.

Partners can now control rules for their managed companies and can use the Company filter in the grid to view the rules created for each company. Customers can also view the rules Partners have applied on their company.

When switching to a new Partner, all custom rules created by the former Partner are disabled. The new Partner will not be able to view the rules applied by the former Partner.

GravityZone platform

Companies switching from a trial license to a monthly subscription will automatically have the Email redaction setting disabled.

New BEST for Linux installation packages are now available for systems with ARM architecture (AArch64).

Minor UI changes to the Add company and Edit company windows, including a different order for the Add-ons displayed in the Licensing tab.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender Gravity Zone Mobile Device Manager is now ready to Activate

I finally met with the Project Manager today, to go over security

If you are a partner of MspPortal Partners Inc I can activate the account and now support it, Bitdefender has no tech support available yet.

We starting playing with the project over 2 weeks ago when it was released..Great Product..Pricing is stellar a must have for your clients

Contact the office for activation

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Bitdefender Web Categories in GravityZone Content Control

This next KB describes the section Web Categories in GravityZone Content Control:
GravityZone: Security: Network Protection: Operation: Web Categories in GravityZone Content Control
Read Link

(https://www.bitdefender.com/business/support/en/77209-79818-operation.html#UUID-261aadd6-5c24-73b5-d8be-ccc2bf1be88a)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender updates Windows and Mac

Windows

Bitdefender has released version 7.7.2.228 of the Bitdefender Endpoint Security Tools (for Windows) on slow ring. The release notes are available here (https://www.bitdefender.com/business/support/en/77209-77540-windows-agent.html#UUID-0b1ff5fd-1302-df7d-3bf3-8fbb99514514).

Mac

Bitdefender has today released version 7.12.22.200014 of Endpoint Security for Mac on fast ring. The release notes are available here (English only). (https://www.bitdefender.com/business/support/en/77209-78218-macos-agent.html)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Bitdefender Gravity Zone

Folks make sure you check the companies you manage and have allocated enough license’s

Below is an alert that you should have sent to you immediately

Bitdefender Gravity Zone
Deployments have reached Customer’s license limit

Notification Details
The Customer company ABC & Company has reached the maximum number of endpoints protected by the license key IABCF3.
To protect more endpoints for this company, you should extend its service subscription.

Provided by MspPortalPartners Inc
We hope you enjoy using the #1-ranked security technology!

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Update to Bitdefender SSL Cert Issue 10-6-22 11:44AM

1) Turn SSL Cert back on in the policy

2) Do a agent update it will do a roll back see notes attached

We want to inform you about an update on October 6 that temporarily caused web browsing slowdown for some users of our Bitdefender Endpoint Security Tools – for Windows. Customer systems remained protected at all times and the issue has been resolved.  

Details 

On October 6, 2022 at 16:04 UTC, Bitdefender released engines version 7.92965 (9952880) for Bitdefender Endpoint Security Tools – Windows via live update. This update included changes to Network Protection module that handles web content inspection over SLL connections.  

The update included a flaw in the inspection mechanism which caused some customers to experience significant slowdown when browsing webpages. Our teams identified the issue soon after release and took immediate action to remediate the issue. The slowdown did not impact any of the prevention, detection and response layers provided by Bitdefender Endpoint Security Tools and customer systems remained protected at all times.  

Remediation 

The Bitdefender product engineering team executed a product update rollback at 18:14 UTC. The Bitdefender Endpoint Security Tools product version remained unchanged, the engines version that resolves the issue is 7.92964 (9950697). 

Customers who experienced the issue and have “Security Content Update” enabled will have the issue fixed via live update without any additional action required. For customers that disable Security Content Update, manual update task is required.  

Next Steps 

The Bitdefender engineering teams are working on a full root cause analysis of this incident and based on our findings we will promptly harden our release process accordingly so that similar situations will not occur.  

We apologize for any interruptions this event may have caused our customers. While we take pride in our track record of reliability, we acknowledge that faulty updates may seldom occur and we will use this event to learn from it and improve our products and processes moving forward.  

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”