Bitdefender

Bitdefender Update

GravityZone Control Center Update for September (Read Important Changes)

September 2023 (Version 6.43.0-1)
Early Access
YARA detection rules

YARA rules are queries you can use to scan endpoints for patterns of malicious behavior. Use the YARA detection rules feature to generate custom alerts and security incidents based on the results of these scans.

This feature is available for Windows and Linux endpoints with the following BEST versions:

Windows: 7.9.5.318 or newer

Linux: 7.0.3.2248 or newer

To create YARA rules, go to Incidents > Custom detection rules, click the Add rule button, and then click YARA. Follow the on-screen instructions.

After you create a YARA detection rule, you cannot convert it into another type of detection rule.

From the Custom detection rules grid, you can enable or disable YARA detection rules, or start on-demand scans by clicking the 151926_1.png vertical ellipsis button and then selecting the Scan option.

Clicking a YARA detection rule from the Custom detection rules grid brings up the YARA details panel. From this panel, you can switch to the Search and Incidents sections to view the alerts and incidents generated by the rule.
Unified Incidents

The Parameter filter is now available in the Incidents section. It contains a series of criteria you can use to further filter your grid results and create highly customized smart views.
Improvements
EDR

The Incidents > Custom Rules section has been divided into two sections: Custom detection rules and Custom exclusion rules.

The grids and rule configuration pages have a new design.
Rule settings now include targets. You can now decide whether to apply the rule to the entire company or to specific groups by endpoint tags.

Clicking a grid entry brings up the details panel of the rule. It contains information about the rule, options for navigating rules and for editing the current rule. For custom detection rules, you can use the View alerts and View incidents buttons to switch to the Search and Incidents sections.

In the Incidents > Search section, you can now look up both custom detection rules and custom exclusion rules by using the other.rule_id field in your search query. You can still use the other.exclusion_id field to identify existing alerts for the next 90 days, after which the field will be deprecated.

The Custom detection rules and the Custom exclusion rules sections are now available to Partners even if they do not have an active EDR license on their account.

Partners can now control rules for their managed companies and can use the Company filter in the grid to view the rules created for each company. Customers can also view the rules Partners have applied on their company.

When switching to a new Partner, all custom rules created by the former Partner are disabled. The new Partner will not be able to view the rules applied by the former Partner.

GravityZone platform

Companies switching from a trial license to a monthly subscription will automatically have the Email redaction setting disabled.

New BEST for Linux installation packages are now available for systems with ARM architecture (AArch64).

Minor UI changes to the Add company and Edit company windows, including a different order for the Add-ons displayed in the Licensing tab.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender Gravity Zone Mobile Device Manager is now ready to Activate

I finally met with the Project Manager today, to go over security

If you are a partner of MspPortal Partners Inc I can activate the account and now support it, Bitdefender has no tech support available yet.

We starting playing with the project over 2 weeks ago when it was released..Great Product..Pricing is stellar a must have for your clients

Contact the office for activation

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Bitdefender releases MDM protection finally Gravity Zone Portal

Security for Mobile is a cloud-only mobile security solution able to protect mobile devices with Android or iOS operating systems against multiple threat vectors.

Features:
Advanced malware detection – safeguards mobile devices from a broad variety of threats by offering comprehensive malware detection capabilities.
Phishing protection – analyses incoming messages and detects any malicious links or content that could be used to acquire sensitive data or credentials.
Network security – offers an extensive set of tools for protecting mobile devices against a variety of network-based hazards. It helps assure the security and integrity of mobile devices in the current threat landscape by monitoring network traffic, providing secure connectivity, and detecting and preventing attacks.·
Compliance and policy enforcement – assist organizations in protecting their mobile devices from a variety of threats and ensuring that they are used securely and compliantly by making sure that all applications are properly vetted.
Mobile threat intelligence – provides users the real-time security and analytics they need to protect their mobile devices from a variety of threats.
Integration with mobile device management (MDM) solutions – enhances mobile security features. Because of the integration, enterprises may install the mobile threat defense solution using their existing MDM infrastructure. The integration also enables mobile device security policies to be enforced automatically.
Web content filtering – warns and prevent users from accessing potentially harmful websites and links, such as malware, phishing, botnets, and suspicious domains, or websites that violate your organization’s standards.
Are you an ISP, MSP, VAR or reseller?
All MspPortal Partners currently can be provisioned upon request, pricing is very aggressive tier pricing available no contract, just monthly usage.
Contact Us

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Do You Need To Step Up Zero Trust Strategy?

Folks if you are reading this you have to lock down your security products
Quick Outline please do not be lazy and take to heed my comments. Most companies I have seen lately are calling your clients, As I have instructed my own MSP’s/Resellers make up these accounts in the DB, you own them they do not.. but legally if you provide that information to them you grant them access

See 6 new breaches below

RMM

RMM programs are hurting and trying to entice you into one window pane of glass RMM is nothing more the remote management with some reports as to the health of a machine/device that is it even there Remote tools are 3rd party API’s or hooks remote tools should only be Point to Point from a dashboard to the endpoint. The best program is Barracuda ( over 50% or more off SRP through MspPortal Partners Inc) no security breaches like Kaseya and Enable(formally Solarwinds, GFI, LogicNow, Houndog). Kaseya is on a spend Spree and is acquiring firms to add to there portfolio’s churn and burn at your expense. Read the EULA’s all they have to do is apologize and not compensate you a dime for your time to fix.

Every Security company out there has escape clauses WRONG. QUIT Signing contracts We do 3rd line support ourselves.

Mail-Filtering and Backups of O365

O365 is a joke. If you let your client sway you and setup O365 for them you have better protect yourself and your clients.
Barracuda has 3 mail programs Essentials, Complete Mail Protection, Total Mail Protection, MspPortal Partners Inc is a major player Barracuda Arena we offer almost 50% off of SRP if you were to buy direct thru Barracuda that is if a Salesperson contacts you back. We do 3rd line support ourselves.

Malware Detection/Antivirus

Bitdefender is the only product rated # 1. All other firms do extensive marketing with pretty pictures. This is truly a tech dashboard you control the client and the actions. Bitdefender claims (per article they wrote) that MspPortal Partners Inc is there largest provider to MSP’s. We do 3rd line support ourselves.

Hosted Mail
Last we are a partner with ZOHO. We have worked for over 4 months with them fixing there bugs to make it a competitor to O365..Downfall no US support they are based out of India. You need somebody like MspPortal to support you.

If you need pricing contact us, no contracts only month to month we believe if we are doing our job you stay if not you leave no grief. All we expect is you pay your invoices once a month.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Phone: 480-275-6900
tech@mspportal.net

Bitdefender – MDR w/ XDR, unique in the cybersecurity industry

Are you talking about MDR yet? Managed Detection and Response (MDR) is one of the fastest-growing areas of cybersecurity, delivering superior security outcomes to businesses spanning all sizes and industries. Threat intelligence is real people, not automated. Our pricing on this solution is better than the competition, and we offer full partner margins. Need competitive battlecards? Let me know, and I will get that for you.

Need more info…

What the MDR Landscape Will Look Like in 2023

The managed services industry has made a huge impact and is one of the most significant trends coming out of cybersecurity in the last few years. Gartner® predicts that “by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities”, while the MDR industry will hit revenues of $1.9B. You can check out our MDR Threat Assessment to be prepared for what lies ahead in 2023

Bitdefender Named Notable Vendor in the New Forrester Landscape for MDR

The new and exciting Forrester Landscape for MDR, Q1 2023 has just been launched!

Access the full report to discover Bitdefender’s positioning and to read Forrester’s analysis of MDR’s market dynamics and evolution, the business values and core capabilities of MDR, as well as Notable MDR Providers by geography, industry and offering type.

MDR & XDR: A Consolidated Approach to a Fully Managed Threat Detection and Response Program Webinar Watch On Demand Now

XDR – or Extended Detection & Response – entered the cybersecurity lexicon roughly five years ago. According to Gartner, by the end of 2027, XDR will be used by up to 40% of end-user organizations – up from 5% today. Why such strong adoption? Though still an emerging technology, XDR integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components, and because it’s cloud-delivered, XDR can provide organizations faster and more accurate detections.

While today’s technology does a great job of protecting against many threats, they cannot fully protect against advanced attackers purposefully attempting to breach your customers systems.

Let me know what additional information or resources you may need to support your customer conversations. I’m just a phone call or email away.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Vulnerabilities could transform antivirus, EDR systems to data wipers

By Bill Toulas December 9, 2022 12:00 PM
Link (https://www.bleepingcomputer.com/news/security/antivirus-and-edr-solutions-tricked-into-acting-as-data-wipers/)

Security systems by Palo Alto Networks, Bitdefender, are not vulnerable to the new attack. Not all product are the same

A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers.

Wipers are a special type of destructive malware that purposely erases or corrupts data on compromised systems and attempts to make it so that victims cannot recover the data.

SafeBreach researcher Or Yair came up with the idea to exploit existing security tools on a targeted system to make the attacks more stealthy and remove the need for a threat actor to be a privileged user to conduct destructive attacks.

Also, abusing EDRs and AVs for data wiping is a good way to bypass security defenses as the file deletion capabilities of security solutions are expected behavior and would likely be missed.
Triggering the (wrong) deletion

Antivirus and EDR security software constantly scan a computer’s filesystem for malicious files, and when malware is detected, attempt to quarantine or delete them.

Furthermore, with real-time protection enabled, as a file is created, it is automatically scanned to determine if it is malicious and, if so, deleted/quarantined.

“There are two main events when an EDR deletes a malicious file. First, the EDR identifies a file as malicious and then it deletes the file,” explained Yair in his report.

“If I could do something between these two events, using a junction, I might be able to point the EDR towards a different path. These are called time-of-check to time-of-use (TOCTOU) vulnerabilities.

Yair’s idea was to create a C:\temp\Windows\System32\drivers folder and store the Mimikatz program in the folder as ndis.sys.

As Mimikatz is detected by most EDR platforms, including Microsoft Defender, the plan was for it to be detected as malicious on creation. However, before the EDR could delete the file, the researcher would quickly delete the C:\Temp folder and create a Windows Junction from C:\Temp to C:\Windows.

The hope was that the EDR would attempt to delete the ndis.sys file, which due to the junction, is now pointing to the legitimate C:\Windows\system32\drivers\ndis.sys file.
This didn’t work because some EDRs prevented further access to a file, including deletion, after it was detected as malicious. In other cases, EDRs detected the deletion of the malicious file, so the software dismissed the pending wiping action.

The solution was to create the malicious file, hold its handle by keeping it open, and not define what other processes are allowed to write/delete it so that EDRs and AVs detecting it can’t wipe it.

After the detection was triggered and having no rights to delete the file, the security tools prompted the researcher to approve a system reboot that would release the handle, freeing the malicious file for deletion.
The file deletion command, in this case, is written under the PendingFileRenameOperations Registry registry value, which will cause it to be deleted during the reboot.

However, when deleting the files in this value, Windows deletes the files while “blindly” following junctions.

“But what’s surprising about this default Windows feature is that once it reboots, Windows starts deleting all the paths and blindly follows junctions,” warned Yair.

Hence, by implementing the following five-step process, Yair could delete files in a directory he didn’t have modification privileges.

Create a special path with the malicious file at C:\temp\Windows\System32\drivers\ndis.sys
Hold its handle and force the EDR or AV to postpone the deletion until after the next reboot
Delete the C:\temp directory
Create a junction C:\temp → C:\
Reboot when prompted.
Aikido features exploits for vulnerabilities found in Microsoft Defender, Defender for Endpoint, and SentinelOne EDR because they were the easiest to implement on the wiper tool.

Yair reported the flaws to all vulnerable vendors between July and August 2022, and they have all released fixes by now.

The vulnerability IDs assigned by the vendors for this issue are CVE-2022-37971 (Microsoft), CVE-2022-45797 (Trend Micro), and CVE-2022-4173 (Avast and AVG).

The fixed versions are:

Microsoft Malware Protection Engine: 1.1.19700.2 or later
TrendMicro Apex One: Hotfix 23573 & Patch_b11136 or later
Avast & AVG Antivirus: 22.10 or later

All users of the above products are recommended to apply the security updates as soon as possible to mitigate the severe risk of having their files wiped by malware mimicking the Aikido wiper functionality.

Security systems by CrowdStrike, Palo Alto Networks, McAfee, Bitdefender, and Cylance are not vulnerable to the new attack. Meanwhile, all impacted vendors already issued patches to address the vulnerability.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender updates Windows and Mac

Windows

Bitdefender has released version 7.7.2.228 of the Bitdefender Endpoint Security Tools (for Windows) on slow ring. The release notes are available here (https://www.bitdefender.com/business/support/en/77209-77540-windows-agent.html#UUID-0b1ff5fd-1302-df7d-3bf3-8fbb99514514).

Mac

Bitdefender has today released version 7.12.22.200014 of Endpoint Security for Mac on fast ring. The release notes are available here (English only). (https://www.bitdefender.com/business/support/en/77209-78218-macos-agent.html)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Update to Bitdefender SSL Cert Issue 10-6-22 11:44AM

1) Turn SSL Cert back on in the policy

2) Do a agent update it will do a roll back see notes attached

We want to inform you about an update on October 6 that temporarily caused web browsing slowdown for some users of our Bitdefender Endpoint Security Tools – for Windows. Customer systems remained protected at all times and the issue has been resolved.

Details

On October 6, 2022 at 16:04 UTC, Bitdefender released engines version 7.92965 (9952880) for Bitdefender Endpoint Security Tools – Windows via live update. This update included changes to Network Protection module that handles web content inspection over SLL connections.

The update included a flaw in the inspection mechanism which caused some customers to experience significant slowdown when browsing webpages. Our teams identified the issue soon after release and took immediate action to remediate the issue. The slowdown did not impact any of the prevention, detection and response layers provided by Bitdefender Endpoint Security Tools and customer systems remained protected at all times.

Remediation

The Bitdefender product engineering team executed a product update rollback at 18:14 UTC. The Bitdefender Endpoint Security Tools product version remained unchanged, the engines version that resolves the issue is 7.92964 (9950697).

Customers who experienced the issue and have “Security Content Update” enabled will have the issue fixed via live update without any additional action required. For customers that disable Security Content Update, manual update task is required.

Next Steps

The Bitdefender engineering teams are working on a full root cause analysis of this incident and based on our findings we will promptly harden our release process accordingly so that similar situations will not occur.

We apologize for any interruptions this event may have caused our customers. While we take pride in our track record of reliability, we acknowledge that faulty updates may seldom occur and we will use this event to learn from it and improve our products and processes moving forward.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Bitdefender having issue’s with the SSL

Quickly turn off SSL cert in the policy. This is a temporary solution only

Until further advice..already in contact with Romania

Roy 10-6-2022 10:25am

Bitdefender Update BEST 7.6.3.212 (Windows) Release Notes – Slow Ring

Bitdefender has released version 7.6.3.212 of the Bitdefender Endpoint Security Tools (for Windows) on slow ring.

The release notes are available here. Link (https://www.bitdefender.com/business/support/en/77209-77540-windows-agent.html#UUID-24e427f0-a355-8638-b2d5-177b5e7c8c30)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”