GravityZone INSTALLATION GUIDE

Similar documents
GravityZone INSTALLATION GUIDE

CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE

GravityZone PARTNER'S GUIDE

BITDEFENDER ENDPOINT SECURITY TOOLS

BITDEFENDER SECURITY FOR AMAZON WEB SERVICES

BITDEFENDER SMALL OFFICE SECURITY

GravityZone INSTALLATION GUIDE

GRAVITYZONE UNIFIED SECURITY MANAGEMENT

BITDEFENDER GRAVITYZONE

BITDEFENDER GRAVITYZONE

BITDEFENDER GRAVITYZONE

Ad-Aware Management Server Installed together with Ad-Aware Business Client Ad-Aware Update Server Before You Start the Deployment...

GRAVITYZONE HERE. Deployment Guide VLE Environment

CLOUD SECURITY FOR ENDPOINTS

Core Protection for Virtual Machines 1

Getting Started with Symantec Endpoint Protection

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

Bitdefender Antivirus for Mac User's Guide

Symantec Endpoint Protection Small Business Edition Getting Started Guide

Administrator's Guide

Trend Micro OfficeScan Best Practice Guide for Malware

escan Corporate Edition User Guide


Quick Start Guide for VMware and Windows 7

BitDefender Security for Exchange

CLOUD SECURITY FOR ENDPOINTS

Administration Quick Start

Kaspersky Security 9.0 for Microsoft SharePoint Server Administrator's Guide

Sophos for Microsoft SharePoint startup guide

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

CYCLOPE let s talk productivity

Server Installation Guide ZENworks Patch Management 6.4 SP2

Acronis AntiVirus 2010 User's Guide

DameWare Server. Administrator Guide

Installation Notes for Outpost Network Security (ONS) version 3.2


McAfee Endpoint Security Software

Quick Start Guide for Parallels Virtuozzo

Universal Management Service 2015

Bitdefender Internet Security 2015 User's Guide

Symantec Endpoint Protection Getting Started Guide

Kaspersky Security Center Web-Console

Pearl Echo Installation Checklist

Symantec Endpoint Protection

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

System Administration Training Guide. S100 Installation and Site Management

Installation Guide. Help Desk Manager. Version v12.1.0

StruxureWare Data Center Expert Release Notes

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Getting Started with ESXi Embedded

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Mirtrak 6 Powered by Cyclope

Desktop Release Notes. Desktop Release Notes 5.2.1

ESET Mobile Security Business Edition for Windows Mobile

NSi Mobile Installation Guide. Version 6.2

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Sophos for Microsoft SharePoint Help. Product version: 2.0

Total Defense Endpoint Premium r12

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Endpoint protection for physical and virtual desktops

Novell Open Workgroup Suite

Sophos Anti-Virus for Windows, version 7 user manual. For Windows 2000 and later

PLATO Learning Environment System and Configuration Requirements for workstations. October 27th, 2008

StruxureWare Data Center Expert Release Notes

Migrating from Legacy to New Business Solutions

1. Installation Overview

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

Installation & Activation Guide. Lepide Active Directory Self Service

Sophos Endpoint Security and Control Help

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Symantec Endpoint Protection Datasheet

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Endpoint protection for physical and virtual desktops

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

VERSION 9.02 INSTALLATION GUIDE.

OnCommand Performance Manager 1.1

Charter Business Desktop Security Administrator's Guide

Using WMI Scripts with BitDefender Client Security

McAfee Public Cloud Server Security Suite

Thinspace deskcloud. Quick Start Guide

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Symantec Endpoint Protection Getting Started Guide

Kaspersky Password Manager

Installation Guide for Pulse on Windows Server 2012

Installation Guide for Pulse on Windows Server 2008R2

Net Protector Admin Console

Request Manager Installation and Configuration Guide

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

McAfee Total Protection Service Installation Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

Interworks. Interworks Cloud Platform Installation Guide

Installation and Deployment

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

PLATO Learning Environment 2.0 System and Configuration Requirements. Dec 1, 2009

User's Guide. Copyright 2012 Bitdefender

Transcription:

GravityZone INSTALLATION GUIDE

Bitdefender GravityZone Installation Guide Publication date 2015.10.28 Copyright 2015 Bitdefender Legal Notice All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from an authorized representative of Bitdefender. The inclusion of brief quotations in reviews may be possible only with the mention of the quoted source. The content can not be modified in any way. Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this document is provided on an as is basis, without warranty. Although every precaution has been taken in the preparation of this document, the authors will not have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. This book contains links to third-party Websites that are not under the control of Bitdefender, therefore Bitdefender is not responsible for the content of any linked site. If you access a third-party website listed in this document, you will do so at your own risk. Bitdefender provides these links only as a convenience, and the inclusion of the link does not imply that Bitdefender endorses or accepts any responsibility for the content of the third-party site. Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document are the sole property of their respective owners, and are respectfully acknowledged. 89504E470D0A1A0A0000000D494844520000000D0000000D0804000000D8E22CF700 0000017352474200AECE1CE9000000097048597300000B1300000B1301009A9C1800 0000B54944415418D33DD0517583501444D19DB762E05AA012A88417095402914024 808420A1480816B0F02C5C09E94769E77FE69C3597FA0E61B6D8F53683D943A0F412 ABD4D9A5704395CA66F7972AD0A3A1544F1C42B37A3AF4188412DA7F6BB26AEEF840 6117D2E63847DF4295AE90068790AA74D334A3925ED8AC7ACD28BD0CAADD357CA299 AC3A6177316AAAB2987566E9253C4EA111D7CE97E924A5A64A614569BE1DE2149E31 F17BD4A8D7790A21DCB148BDC10FE0EA41B7A65E25860000000049454E44AE426082

Table of Contents Preface.............................................................................. iv 1. Conventions Used in This Guide...................................................... iv 1. About GravityZone................................................................. 1 1.1. GravityZone Security Services...................................................... 1 1.2. GravityZone Architecture........................................................... 2 1.2.1. Web Console (Control Center).................................................. 2 1.2.2. Security Agents.............................................................. 2 2. Installation Requirements........................................................ 8 2.1. Installation Requirements.......................................................... 8 2.1.1. Hardware Requirements....................................................... 8 2.1.2. Supported Operating Systems................................................. 12 2.1.3. Supported Browsers......................................................... 15 2.2. GravityZone Communication Ports................................................. 15 3. Installing Protection............................................................. 17 3.1. License Management............................................................. 17 3.1.1. Finding a Reseller........................................................... 17 3.1.2. Activating a License......................................................... 18 3.1.3. Checking Current License Details.............................................. 18 3.2. Installing Protection on Computers and Virtual Machines............................. 19 3.2.1. Preparing for Installation..................................................... 20 3.2.2. Local Installation............................................................ 21 3.2.3. Remote Installation.......................................................... 26 3.2.4. Support for On-access Scanning on Linux Virtual Machines....................... 31 3.2.5. How Network Discovery Works................................................ 33 3.3. Credentials Manager.............................................................. 36 3.3.1. Adding Credentials to the Credentials Manager.................................. 37 3.3.2. Deleting Credentials from Credentials Manager.................................. 38 4. Integrations...................................................................... 39 4.1. Integrating with Amazon EC2 Services.............................................. 39 4.1.1. About Amazon EC2 Integration in Control Center................................ 39 4.1.2. Configuring the Amazon EC2 Integration in Control Center........................ 40 4.1.3. Subscribing to Security for Amazon Web Services............................... 41 4.2. Removing Integrations............................................................ 44 5. Getting Help...................................................................... 45 5.1. Using Support Tool............................................................... 45 5.1.1. Using Support Tool on Windows Operating Systems............................. 45 5.1.2. Using Support Tool on Linux Operating Systems................................ 46 iii

Preface This guide is intended for network administrators in charge with deploying the GravityZone protection within their organization's premises, and also for company administrators in search for information about GravityZone requirements and available protection modules. This document aims to explain how to install and configure the GravityZone solution and its security agents on all types of endpoints in your company. 1. Conventions Used in This Guide Typographical Conventions This guide uses several text styles for an improved readability. Learn about their aspect and meaning from the table below. Appearance sample http://www.bitdefender.com Description Inline command names and syntaxes, paths and filenames, configuration file outputs, input text are printed with monospaced characters. The URL link is pointing to some external location, on http or ftp servers. documentation@bitdefender.com E-mail addresses are inserted in the text for contact information. Preface (p. iv) option keyword Admonitions This is an internal link, towards some location inside the document. All the product options are printed using bold characters. Interface options, keywords or shortcuts are highlighted using bold characters. The admonitions are in-text notes, graphically marked, bringing to your attention additional information related to the current paragraph. Preface iv

Note The note is just a short observation. Although you can omit it, the notes can provide valuable information, such as specific feature or a link to some related topic. Important This requires your attention and is not recommended to skip over it. Usually, it provides non-critical but significant information. Warning This is critical information you should treat with increased caution. Nothing bad will happen if you follow the indications. You should read and understand it, because it describes something extremely risky. Preface v

1. ABOUT GRAVITYZONE GravityZone is a business security solution built from ground-up for virtualization and cloud to deliver security services to physical endpoints and virtual machines in private and public cloud. GravityZone is one product with a unified management console available in the cloud, hosted by Bitdefender, or as one virtual appliance to be installed on premise, and it provides a single point for deploying, enforcing and managing security policies for any number of endpoints and of any type, in any location. GravityZone delivers multiple layers of security for endpoints: antimalware with behavioral monitoring, zero day threat protection, application control and sandboxing, firewall, device control and content control. 1.1. GravityZone Security Services GravityZone provides the following security services: Security for Endpoints Security for Virtualized Environments Security for Amazon Web Services Security for Amazon Web Services Although cloud computing is broadly considered a secure technology, companies still need optimal protection against targeted malware attacks. To realize the full potential of cloud computing without sacrificing security, antimalware solutions should also have minimal impact on system performance. Security for Amazon Web Services addresses all these challenges with highly-scalable, innovative technology. Bitdefender s solution has been designed specifically for virtualized environments and meets the requirements of the most dynamic cloud infrastructures. Seamlessly integrated with Amazon Web Services (AWS) for availability in the cloud, Bitdefender Security for Amazon Web Services protects virtualized Windows and Linux systems with a small agent footprint, generating immediate cost savings for Amazon users. Security for Endpoints Protects unobtrusively Windows laptops, desktops and servers by using top-ranked antimalware technologies combined with two-way firewall, intrusion detection, web About GravityZone 1

access control and filtering, sensitive data protection, application and device control. Low system usage ensures performance improvements. The solution provides an alternative to legacy antimalware systems by combining industry-acclaimed security technologies with simplicity of deployment and management through the powerful GravityZone Control Center. Proactive heuristics is employed to classify malicious processes based on their behavior, detecting new threats in real time. Security for Virtualized Environments Security for Virtualized Environments is the first all-encompassing security solution for virtualized datacenters, protecting virtualized servers and desktops on Windows and Linux systems. Powered by cutting-edge caching technologies, the solution drives significant performance gains and boosts server consolidation by up to 30% compared to traditional antimalware. 1.2. GravityZone Architecture The GravityZone solution includes the following components: Web Console (Control Center) Security Agents 1.2.1. Web Console (Control Center) Bitdefender security solutions are managed within GravityZone from a single point of management, Control Center web console, which provides easier management and access to overall security posture, global security threats, and control over all security modules protecting virtual or physical desktops and servers and Amazon instances. Powered by a Gravity Architecture, Control Center is capable of addressing the needs of even the largest organizations. Control Center, a web-based interface, integrates with the existing system management and monitoring systems to make it simple to apply protection to unmanaged desktops and servers. 1.2.2. Security Agents To protect your network with Bitdefender, you must install the appropriate GravityZone security agents on network endpoints. Bitdefender Endpoint Security Tools About GravityZone 2

Endpoint Security for Mac Bitdefender Endpoint Security Tools GravityZone ensures physical and virtual machines protection with Bitdefender Endpoint Security Tools, an intelligent environment-aware security agent capable to automatically self-configure according to the endpoint type. Bitdefender Endpoint Security Tools can be deployed on any machine, either virtual or physical, providing a flexible scanning system, being an ideal choice for mixed environments (physical, virtual and cloud). Bitdefender Endpoint Security Tools uses one single policy template for physical and virtual machines, and one installation kit source for any environment (physical or virtual). Bitdefender Endpoint Security Tools is also available for Linux physical endpoints (servers and desktops). Scanning Engines The scanning engines are automatically set during Bitdefender Endpoint Security Tools packages creation, letting the endpoint agent detect the machine's configuration and adapt the scanning technology accordingly. The administrator can also customize the scan engines, being able to choose between several scanning technologies: 1. Local Scan, when the scanning is performed on the local endpoint. The local scanning mode is suited for powerful machines, having all signatures and engines stored locally. 2. Hybrid Scan with Light Engines (Public Cloud), with a medium footprint, using in-the-cloud scanning and, partially, the local signatures. This scanning mode brings the benefit of better resources consumption, while involving off-premise scanning. 3. Central Scan in Private Cloud, with a small footprint requiring a Security Server for scanning. In this case, no signature set is stored locally, and the scanning is offloaded on the Security Server. 4. Central Scan (Private Cloud scanning with Security Server) with fallback* on Local Scan (Full Engines) 5. Central Scan (Private Cloud scanning with Security Server) with fallback* on Hybrid Scan (Public Cloud with Light Engines) About GravityZone 3

Protection Modules The following protection modules are available with Bitdefender Endpoint Security Tools: Antimalware Advanced Threat Control Firewall Content Control Device Control Power User Antimalware The antimalware protection module is based on signature scanning and heuristic analysis (B-HAVE) against: viruses, worms, trojans, spyware, adware, keyloggers, rootkits and other types of malicious software. Bitdefender's antimalware scanning technology relies on the following protection layers: First, a traditional scanning method is employed where scanned content is matched against the signature database. The signature database contains byte patterns specific to known threats and is regularly updated by Bitdefender. This scanning method is effective against confirmed threats that have been researched and documented. However, no matter how promptly the signature database is updated, there is always a vulnerability window between the time when a new threat is discovered and when a fix is released Against brand-new, undocumented threats, a second layer of protection is provided by B-HAVE, Bitdefender's heuristic engine. Heuristic algorithms detect malware based on behavioral characteristics. B-HAVE runs suspected malware in a virtual environment to test its impact on the system and ensure it poses no threat. If a threat is detected, the program is prevented from running. Advanced Threat Control For threats that elude even the heuristic engine, a third layer of protection is present in the form of Advanced Threat Control (ATC). Advanced Threat Control continuously monitors running processes and grades suspicious behaviors such as attempts to: disguise the type of process, execute code in another process's space (hijack process memory for privilege escalation), replicate, drop files, hide from process enumeration applications, etc. Each About GravityZone 4

suspicious behavior raises the process rating. When a threshold is reached, an alarm is triggered. Firewall Important This module is available only for supported Windows desktop and server operating systems. The Firewall controls applications' access to the network and to the Internet. Access is automatically allowed for a comprehensive database of known, legitimate applications. Furthermore, the firewall can protect the system against port scans, restrict ICS and warn when new nodes join a Wi-Fi connection. Important This module is available only for supported Windows workstations. Content Control The Content Control module helps enforce company policies for allowed traffic, web access, data protection and applications control. Administrators can define traffic scan options and exclusions, schedule web access while blocking or allowing certain web categories or URLs, configure data protection rules and define permissions for the use of specific applications. Important This module is available only for supported Windows workstations. Device Control The Device Control module allows preventing the sensitive data leakage and malware infections via external devices attached to endpoints by applying blocking rules and exceptions via policy to a vast range of device types (such as USB Flash Drives, Bluetooth Devices, CD/DVD-Players, Storage Devices, etc.). Important This module is available only for supported Windows desktop and server operating systems. Power User Control Center administrators can grant Power User rights to endpoint users via policy settings. The Power User module enables administration rights at user level, About GravityZone 5

allowing the endpoint user to access and modify security settings via a local console. Control Center is being notified when an endpoint is in Power User mode and the Control Center administrator can always overwrite local security settings. Important This module is available only for supported Windows desktop and server operating systems. Endpoint Roles Relay Role Endpoint agents with Bitdefender Endpoint Security Tools Relay role serve as communication proxy and update servers for other endpoints in the network. Endpoint agents with relay role are especially required in organizations with isolated networks, where all traffic is made through a single access point. In companies with large distributed networks, relay agents help lowering the bandwidth usage, by preventing protected endpoints to connect directly to GravityZone. Once a Bitdefender Endpoint Security Tools Relay agent is installed in the network, other endpoints can be configured via policy to communicate with Control Center through the relay agent. Bitdefender Endpoint Security Tools Relay agents serve for the following: Discovering all unprotected endpoints in the network. This functionality is essential for the security agent deployment in a cloud GravityZone environment. Deploying the endpoint agent inside the local network. Updating protected endpoints in the network. Ensuring the communication between Control Center and connected endpoints. Acting as proxy server for protected endpoints. Optimizing the network traffic during updates, deployments, scanning and other resource-consuming tasks. Important This role is available only for supported Windows desktop and server operating systems. About GravityZone 6

Endpoint Security for Mac Endpoint Security for Mac is a powerful antimalware scanner, which can detect and remove all kinds of malware, including viruses, spyware, Trojan horses, keyloggers, worms and adware on Intel-based Macintosh workstations and laptops with Mac OS X version 10.7 or later. Endpoint Security for Mac includes only the Antimalware module, while the scanning technology available is Local Scan, with all signatures and engines stored locally. About GravityZone 7

2. INSTALLATION REQUIREMENTS All of the GravityZone solutions are installed and managed via Control Center. 2.1. Installation Requirements To protect your network with Bitdefender, you must install the GravityZone security agents on network endpoints. For this purpose, you need a Control Center user with administrator privileges over the services you need to install and over the network endpoints under your management. 2.1.1. Hardware Requirements Intel Pentium compatible processor Workstation Operating Systems 1 GHz or faster for Microsoft Windows XP SP3, Windows XP SP2 64 bit and Windows 7 Enterprise (32 and 64 bit) 2 GHz or faster for Microsoft Windows Vista SP1 or higher (32 and 64 bit), Microsoft Windows 7 (32 and 64 bit), Microsoft Windows 7 SP1 (32 and 64bit), Windows 8 800 MHZ or faster for Microsoft Windows Embedded Standard 7 SP1, Microsoft Windows POSReady 7, Microsoft Windows POSReady 2009, Microsoft Windows Embedded Standard 2009, Microsoft Windows XP Embedded with Service Pack 2, Microsoft Windows XP Tablet PC Edition Server Operating Systems Minimum: 2.4 GHz single-core CPU Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU Free RAM Memory RAM Memory Required at Installation (MB) Installation Requirements 8

SINGLE ENGINE OS Local Scanning AV Only Full Options Hybrid Scanning AV Only Full Options Centralized Scanning AV Only Full Options Windows 1024 1200 512 660 256 400 Linux 1024 1024 512 512 256 256 Mac 1024 1024 n/a n/a n/a n/a RAM Memory for Daily Usage (MB)* OS Antivirus (Single Engine) Local Hybrid Centralized Behavioral Scan Protection Modules Firewall Content Control Power User Update Server Windows 75 55 30 +13 +17 +41 +29 +76 Linux 200 180 90 - - - - - * The measurements cover the daily endpoint client usage, without taking into account additional tasks, such as on-demand scans or product updates. Installation Requirements 9

HDD Requirements Free HDD Space Required at Installation (MB) OS Local Scanning AV Only Windows 1024 Linux Mac 1024 1024 Full Options 1200 1024 1024 SINGLE ENGINE Hybrid Scanning AV Only 500 400 n/a Full Options 700 400 n/a Centralized Scanning AV Only 350 250 n/a Full Options 570 250 n/a Centralized + Local Scanning AV Only 1024 1024 n/a DUAL ENGINE Full Options 1200 1024 n/a Centralized + Hybrid Scanning AV Only 500 400 n/a Full Options 700 400 Note At least 10 GB additional free disk space is required for entities with Bitdefender Endpoint Security Tools Relay role, as they will store all updates and installation packages. n/a Free HDD Space for Daily Usage (MB)* OS Antivirus (Single Engine) Local Hybrid Centralized Behavioral Scan Protection Modules Firewall Content Control Power User Update Server Windows 410 190 140 +12 +5 +60 +80 +10 Linux 500 200 110 - - - - - * The measurements cover the daily endpoint client usage, without taking into account additional tasks, such as on-demand scans or product updates. Installation Requirements 10

Traffic Usage Product updates traffic between endpoint client and update server Each periodical Bitdefender Endpoint Security Tools product update generates the following download traffic on each endpoint client: On Windows OS: ~20 MB On Linux OS: ~26 MB Downloaded signature updates traffic between endpoint client and update server Relay (MB / day) Update Server Type Bitdefender Update Server (MB / day) Scan Engine Type Local Hybrid Centralized 65 58 55 3 3.5 3 Central Scan traffic between endpoint client and Security Server Scanned Objects Traffic Type Download (MB) Upload (MB) Files* First scan Cached scan 27 13 841 382 Websites** First scan Web traffic Security Server 621 54 N/A 1050 Cached Scan Web traffic Security Server 654 0.2 N/A 0.5 * The provided data has been measured for 3.49 GB of files (6,658 files), of which 1.16 GB are Portable Executable (PE) files. ** The provided data has been measured for the top-ranked 500 websites. Installation Requirements 11

Hybrid scan traffic between endpoint client and Bitdefender Cloud Services Scanned Objects Traffic Type Download (MB) Upload (MB) Files* First scan Cached scan 1.7 0.6 0.6 0.3 Web traffic** Web traffic Bitdefender Cloud Services 650 2.6 N/A 2.7 * The provided data has been measured for 3.49 GB of files (6,658 files), of which 1.16 GB are Portable Executable (PE) files. ** The provided data has been measured for the top-ranked 500 websites. Note The network latency between endpoint client and Bitdefender Cloud Server must be under 1 second. Signatures download traffic between Bitdefender Endpoint Security Tools Relay clients and update server Clients with Bitdefender Endpoint Security Tools Relay role download ~16 MB / day* from update server. * Available with Bitdefender Endpoint Security Tools clients starting from 6.2.3.569 version. Traffic between endpoint clients and Control Center web console An average traffic of 618 KB / day is generated between endpoint clients and Control Center web console. 2.1.2. Supported Operating Systems Windows Operating Systems Desktop Operating Systems Windows 10 TH2. Windows 10 (1) Installation Requirements 12

Windows 8.1 Windows 8 Windows 7 Windows Vista with Service Pack 1 Windows XP with Service Pack 2 64 bit Windows XP with Service Pack 3 Tablet and embedded operating systems Windows Embedded 8.1 Industry Windows Embedded 8 Standard Windows Embedded Standard 7 Windows Embedded Compact 7 Windows Embedded POSReady 7 Windows Embedded Enterprise 7 Windows Embedded POSReady 2009 Windows Embedded Standard 2009 Windows XP Embedded with Service Pack 2 (2) Windows XP Tablet PC Edition (2) Server operating systems: Windows Server 2012 / Windows Server 2012 R2 Windows Server 2008 / Windows Server 2008 R2 Windows Server 2003 / Windows Server 2003 R2 Windows Small Business Server (SBS) 2011 Windows Small Business Server (SBS) 2008 Windows Small Business Server (SBS) 2003 Windows Home Server Important Bitdefender Endpoint Security Tools supports the Windows Server Failover Cluster (WSFC) technology. Installation Requirements 13

Note (1) Windows 10 support is available for Endpoint Security starting with 5.3.23.704 version and for Bitdefender Endpoint Security Tools starting with 6.2.4.582 version. (2) Specific embedded operating system modules must be installed for Bitdefender Endpoint Security Tools to work. Linux Operating Systems Red Hat Enterprise Linux / CentOS 5.6 or higher Ubuntu 10.04 LTS or higher SUSE Linux Enterprise Server 11 or higher OpenSUSE 11 or higher Fedora 15 or higher Debian 5.0 or higher Amazon Linux AMI On-access scanning is available for all supported guest operating systems. On Linux systems, on-access scanning support is provided in the following situations: Kernel Version 2.6.38 or higher 2.6.18-2.6.37 Linux Distribution All supported Debian 5.0, 6.0 Ubuntu 10.04 LTS CentOS 6.x Red Hat Enterprise Linux 6.x On-access scanning support The fanotify kernel option must be enabled. For Debian 8 systems, refer to this KB article. Bitdefender provides support via DazukoFS with prebuilt kernel modules. For any other distribution or kernel version you need to manually compile the DazukoFS module. To view the procedure for manual compilation of DazukoFS, refer to: Support for On-access Scanning on Linux Virtual Machines (p. 31). Note Fanotify and DazukoFS enable third-party applications to control file access on Linux systems. For more information, refer to: Fanotify man pages: http://www.xypron.de/projects/fanotify-manpages/man7/fanotify.7.html. Dazuko project website: http://dazuko.dnsalias.org/wiki/index.php/about. Installation Requirements 14

Mac OS X Operating Systems Mac OS X Lion (10.7.x) Mac OS X Mountain Lion (10.8.x) Mac OS X Mavericks (10.9.x) Mac OS X Yosemite (10.10.x) Mac OS X El Capitan (10.11.x) 2.1.3. Supported Browsers Endpoint browser security is verified to be working with the following browsers: Internet Explorer 8+ Mozilla Firefox 8+ Google Chrome 15+ Safari 4+ 2.2. GravityZone Communication Ports The following table provides information on the ports used by the GravityZone components: Port Usage 80 (HTTP) / 443 (HTTPS) Port used to access the Control Center web console. 80 8443 (HTTPS) 7074 (HTTP) Update Server port. Port used by client/agent software to connect to the Communication Server. * Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. This mechanism applies when the default port 7074 is used by another application. In this case, the update server tries to open the 7075 port to listen on localhost. If 7075 port is also unavailable, the update server will search for another Installation Requirements 15

port that is free (in range of 1025 to 65535) and successfully bind to listen on localhost. For detailed information regarding GravityZone ports, refer to this KB article. Installation Requirements 16

3. INSTALLING PROTECTION The following table shows the types of endpoints each service is designed to protect: Service Security for Endpoints Security for Virtualized Environments Endpoints Physical computers (workstations, laptops and servers) running on Microsoft Windows, Linux and Mac OS X Virtual machines running on Microsoft Windows or Linux 3.1. License Management For offline registration, you will also need the offline registration code associated to the license key. The security service provided by GravityZone requires a valid license key. You can try GravityZone for free for a period of 30 days. During the trial period all features are fully available and you can use the service on any number of computers. Before the trial period ends, if you want to continue using the service, you must opt for a paid subscription plan and make the purchase. To purchase a license, contact a Bitdefender reseller or contact us by email at enterprisesales@bitdefender.com. Your subscription is managed by Bitdefender or by the Bitdefender partner who sells you the service. Some Bitdefender partners are security service providers. Depending on your subscription arrangements, GravityZone day-to-day operation may be handled either internally by your company or externally by the security service provider. 3.1.1. Finding a Reseller Our resellers will assist you with all the information you need and help you choose the best licensing option for you. To find a Bitdefender reseller in your country: 1. Go to the Partner Locator page on Bitdefender website. Installing Protection 17

2. Select the country you reside in to view contact information of available Bitdefender partners. 3. If you do not find a Bitdefender reseller in your country, feel free to contact us by email at enterprisesales@bitdefender.com. 3.1.2. Activating a License When you purchase a paid subscription plan for the first time, a license key is issued for you. The GravityZone subscription is enabled by activating this license key. Warning Activating a license does NOT append its features to the currently active license. Instead, the new license overrides the old one. For example, activating a 10 endpoints license on top of a 100 endpoints license will NOT result in a subscription for 110 endpoints. On the contrary, it will reduce the number of covered endpoints from 100 to 10. The license key is sent to you via email when you purchase it. Depending on your service agreement, once your license key is issued, your service provider may activate it for you. Alternately, you can activate your license manually, by following these steps: 1. Log in to Control Center using your account. 2. Click your username in the upper-right corner of the console and choose My Company. 3. Check details about the current license in the License section. 4. In the License section, select the License type. 5. In the License Key field, enter your license key. 6. Click the Check button and wait until Control Center retrieves information about the entered license key. 7. Click Save. 3.1.3. Checking Current License Details To view your license details: 1. Log in to Control Center using your email and password received by email. Installing Protection 18

2. Click your username in the upper-right corner of the console and choose My Company. 3. Check details about the current license in the License section. You can also click the Check button and wait until Control Center retrieves the latest information about the current license key. 3.2. Installing Protection on Computers and Virtual Machines To learn about the available security agents, refer to Security Agents (p. 2). To protect your physical and virtual endpoints as well as Amazon EC2 instances, you must install the security agent on each of them. Besides managing protection on the local endpoint, the security agent also communicates with Control Center to receive the administrator's commands and to send the results of its actions. On Windows machines, the security agent can have two roles and you can install it as follows: 1. As a simple security agent for your endpoints. 2. As a Relay, acting as a security agent and also as a communication, proxy and update server for other endpoints in the network. Warning The first endpoint on which you install protection must have the Relay role, otherwise you will not be able to remotely install the security agent on other endpoints in the same network. The Relay endpoint must be powered-on and online in order for the connected agents to communicate with Control Center. You can install the security agents on physical and virtual endpoints by running installation packages locally or by running installation tasks remotely from Control Center. It is very important to carefully read and follow the instructions to prepare for installation. In normal mode, the security agents have a minimal user interface. It only allows users to check protection status and run basic security tasks (updates and scans), without providing access to settings. Installing Protection 19

If enabled by the network administrator via installation package and security policy, the security agent can also run in Power User mode on Windows endpoints, letting the endpoint user view and modify policy settings. Nevertheless, the Control Center administrator can always control which policy settings apply, overriding the Power User mode. By default, the display language of the user interface on protected endpoints is set at installation time based on the language of your account. To install the user interface in another language on certain endpoints, you can create an installation package and set the preferred language in its configuration options. For more information on creating installation packages, refer to Creating Installation Packages (p. 21). 3.2.1. Preparing for Installation Before installation, follow these preparatory steps to make sure it goes smoothly: 1. Make sure the target endpoints meet the minimum system requirements. For some endpoints, you may need to install the latest operating system service pack available or free up disk space. Compile a list of endpoints that do not meet the necessary requirements so that you can exclude them from management. 2. Uninstall (not just disable) any existing antimalware, firewall or Internet security software from target endpoints. Running the security agent simultaneously with other security software on an endpoint may affect their operation and cause major problems with the system. Many of the incompatible security programs are automatically detected and removed at installation time. To learn more and to check the list of detected security software, refer to this KB article. Important No need to worry about Windows security features (Windows Defender, Windows Firewall), as they will be turned off automatically before installation is initiated. 3. The installation requires administrative privileges and Internet access. Make sure you have the necessary credentials at hand for all endpoints. 4. Endpoints must have connectivity to Control Center. Installing Protection 20

3.2.2. Local Installation One way to install the security agent on an endpoint is to locally run an installation package. You can create and manage installation packages in the Network > Packages page. The Packages page Once the first client has been installed, it will be used to detect other endpoints in the same network, based on the Network Discovery mechanism. For detailed information on network discovery, refer to How Network Discovery Works (p. 33). To locally install the security agent on an endpoint, follow the next steps: 1. Create an installation package according to your needs. Note This step is not mandatory if an installation package has already been created for the network under your account. 2. Download the installation package on the target endpoint. You can alternately send the installation package download links by email to several users in your network. 3. Run the installation package on the target endpoint. Creating Installation Packages To create an installation package: 1. Connect and log in to Control Center. 2. Go to the Network > Packages page. 3. Click the Add button at the upper side of the table. A configuration window will appear. Create Packages - Options 4. Enter a suggestive name and description for the installation package you want to create. 5. From the Language field, select the desired language for the client's interface. Installing Protection 21

6. Select the protection modules you want to install. Note Only the supported modules for each operating system will be installed. For more information, refer to Protection Modules (p. 4). On Amazon EC2 instances, only Antimalware, Active Virus Control and Device Control modules are supported. 7. Select the target endpoint role: Relay, to create the package for an endpoint with Relay role. For more information, refer to Relay Role (p. 6) 8. Scan Mode. Choose the scanning technology that best suits your network environment and your endpoints' resources. You can define the scan mode by choosing one of the following types: Automatic. In this case, the security agent will automatically detect the endpoint's configuration and will adapt the scanning technology accordingly: Hybrid Scan (with Light Engines) for physical computers with low hardware performance. Local Scan (with Full Engines) for physical computers with high hardware performance. Hybrid Scan (with Light Engines) for virtual machines. Custom. In this case, you can configure the scan mode by choosing between several scanning technologies for physical and virtual machines: Hybrid Scan (with Light Engines) Local Scan (with Full Engines) For EC2 instances, you can choose between the following custom scan modes: Central Scan in Private cloud (with Security Server) with fallback* on Hybrid Scan (with Light Engines) Central Scan in Private cloud (Security Server) with fallback* on Local Scan (with Full Engines) Installing Protection 22

Note In this case, the Bitdefender Security Server hosted in the AWS region corresponding to the target EC2 instances is automatically assigned. For more information regarding available scanning technologies, refer to Scanning Engines (p. 3) 9. Select Scan before installation if you want to make sure the machines are clean before installing the client on them. An on-the cloud quick scan will be performed on the target machines before starting the installation. 10. On Windows endpoints, Bitdefender Endpoint Security Tools is installed in the default installation directory. Select Use custom installation path if you want to install Bitdefender Endpoint Security Tools in a different location. In this case, enter the desired path in the corresponding field. Use Windows conventions when entering the path (for example, D:\folder). If the specified folder does not exist, it will be created during the installation. 11. If you want to, you can set a password to prevent users from removing protection. Select Set uninstall password and enter the desired password in the corresponding fields. 12. Under Deployer section, choose the entity to which the target endpoints will connect for installing and updating the client: Bitdefender Cloud, if you want to update the clients directly from the Internet. In this case, you can also define the proxy settings, if target endpoints connect to the Internet via proxy. Select Use proxy for communication and enter the required proxy settings in the fields below. Endpoint Security Relay, if you want to connect the endpoints to a relay client installed in your network. All machines with relay role detected in your network will show-up in the table displayed below. Select the relay machine that you want. Connected endpoints will communicate with Control Center only via the specified relay. Important Port 7074 must be open for the deployment through Bitdefender Endpoint Security Tools Relay to work. 13. Click Save. Installing Protection 23

The new created package will be added to the list of packages. Note The settings configured within an installation package will apply to endpoints immediately after installation. As soon as a policy is applied to the client, the settings configured within the policy will be enforced, replacing certain installation package settings (such as communication servers or proxy settings). Downloading Installation Packages To download the installation packages of the security agents: 1. Log in to Control Center from the endpoint on which you want to install protection. 2. Go to the Network > Packages page. 3. Select the installation package you want to download. 4. Click the Download button at the upper side of the table and select the type of installer you want to use. Two types of installation files are available: Downloader. The downloader first downloads the full installation kit from the Bitdefender cloud servers and then starts the installation. It is small in size and it can be run both on 32-bit and 64-bit systems (which makes it easy to distribute). On the downside, it requires an active Internet connection. Full Kit. The full installation kits are bigger in size and they have to be run on the specific operating system type. The full kit is to be used to install protection on endpoints with slow or no Internet connection. Download this file to an Internet-connected endpoint, then distribute it to other endpoints using external storage media or a network share. Note Available full kit versions: Windows OS: 32-bit and 64-bit systems Linux OS: 32-bit and 64-bit systems Mac OS X: only 64-bit systems Make sure to use the correct version for the system you install on. 5. Save the file to the endpoint. Installing Protection 24

Warning The downloader executable must not be renamed, otherwise it will not be able to download the installation files from Bitdefender server. Send Installation Packages Download Links by Email You may need to quickly inform other users that an installation package is available to download. In this case, follow the steps described hereinafter: 1. Go to the Network > Packages page. 2. Select the installation package that you want. 3. Click the Send download links button at the upper side of the table. A configuration window will appear. 4. Enter the email of each user you want to receive the installation package download link. Press Enter after each email. Please make sure that each entered email address is valid. 5. If you want to view the download links before sending them by email, click the Installation links button. 6. Click Send. An email containing the installation link is sent to each specified email address. Running Installation Packages For the installation to work, the installation package must be run using administrator privileges. The package installs differently on each operating system as follows: On Windows and MAC operating systems: 1. On the target endpoint, download the installation file from Control Center or copy it from a network share. 2. If you have downloaded the full kit, extract the files from the archive. 3. Run the executable file. 4. Follow the on-screen instructions. On Linux operating systems: 1. Connect and log in to Control Center. Installing Protection 25

2. Download or copy the installation file to the target endpoint. 3. If you have downloaded the full kit, extract the files from the archive. 4. Gain root privileges by running the sudo su command. 5. Change permissions to the installation file so that you can execute it: # chmod +x installer 6. Run the installation file: #./installer 7. To check that the agent has been installed on the endpoint, run this command: $ service bd status Once the security agent has been installed, the endpoint will show up as managed in Control Center (Network page) within a few minutes. 3.2.3. Remote Installation Control Center allows you to remotely install the security agent on endpoints detected in the network by using installation tasks. Once you have locally installed the first client with relay role, it may take a few minutes for the rest of the network endpoints to become visible in the Control Center. From this point, you can remotely install the security agent on endpoints under your management by using installation tasks from Control Center. Bitdefender Endpoint Security Tools includes an automatic network discovery mechanism that allows detecting other endpoints in the same network. Detected endpoints are displayed as unmanaged in the Network page. Remote Installation Requirements For remote installation to work: Bitdefender Endpoint Security Tools Relay must be installed in your network. Installing Protection 26

Each target endpoint must allow remote connection as described herein: On Windows OS: the admin$ administrative share must be enabled. Configure each target workstation to use advanced file sharing. On Linux OS: SSH must be enabled. On MAC OS: remote login must be enabled. Temporarily turn off User Account Control on all endpoints running Windows operating systems that include this security feature (Windows Vista, Windows 7, Windows Server 2008 etc.). If the endpoints are in a domain, you can use a group policy to turn off User Account Control remotely. Disable or shutdown firewall protection on endpoints. If the endpoints are in a domain, you can use a group policy to turn off Windows Firewall remotely. Running Remote Installation Tasks To run a remote installation task: 1. Connect and log in to Control Center. 2. Go to the Network page. 3. Select the desired group from the left-side pane. The entities contained in the selected group are displayed in the right-side pane table. Note Optionally, you can apply filters to display unmanaged endpoints only. Click the Filters menu and select the following options: Unmanaged from the Security tab and All items recursively from the Depth tab. When working with EC2 instances, you can also add the EC2 Instances option in the Type tab, while applying all the other above mentioned criteria. 4. Select the entities (endpoints or groups of endpoints) on which you want to install protection. 5. Click the Tasks button at the upper side of the table and choose Install. The Install Client wizard is displayed. Installing Protection 27

Installing Bitdefender Endpoint Security Tools from the Tasks menu 6. Under Options section, configure the installation time: Now, to launch the deployment immediately. Scheduled, to set up the deployment recurrence interval. In this case, select the time interval that you want (hourly, daily or weekly) and configure it according to your needs. Note For example, when certain operations are required on the target machine before installing the client (such as uninstalling other software and restarting the OS), you can schedule the deployment task to run every 2 hours. The task will start on each target machine every 2 hours until the deployment is successful. 7. If you want target endpoints to automatically restart for completing the installation, select Automatically reboot (if needed). 8. Under the Credentials Manager section, specify the administrative credentials required for remote authentication on target endpoints. You can add the credentials by entering the user and password for each target operating system. For Linux systems you can also use a private key instead of the password. Installing Protection 28

Important For Windows 8.1 stations, you need to provide the credentials of the built-in administrator account or a domain administrator account. To learn more, refer to this KB article. To add the required OS credentials: a. Enter the user name of an administrator account in the corresponding fields from the table header. Use Windows conventions when entering the name of a domain user account, for example, user@domain.com or domain\user. To make sure that entered credentials will work, add them in both forms (user@domain.com and domain\user). Note If computers are in a domain, it suffices to enter the credentials of the domain administrator. Use Windows conventions when entering the name of a domain user account, for example, user@domain.com or domain\user. To make sure that entered credentials will work, add them in both forms (user@domain.com and domain\user). b. Select the authentication type from the menu: Password, to use the administrator's password. Upload.pem file, to use a private key. c. If you authenticate using a password, enter the password in the field next to the menu. d. If you authenticate using a private key, click the Browse button and select the.pem file containing the corresponding private key. e. Optionally, you can add a description that will help you identify each account more easily. f. Click the Add button. The account is added to the list of credentials. Installing Protection 29

Note Specified credentials are automatically saved to your Credentials Manager so that you do not have to enter them the next time. To access the Credentials Manager, just point to your username in the upper-right corner of the console. Important If the provided credentials are invalid, the client deployment will fail on the corresponding endpoints. Make sure to update the entered OS credentials in the Credentials Manager when these are changed on the target endpoints. 9. Select the check boxes corresponding to the accounts you want to use. Note A warning message is displayed as long as you have not selected any credentials. This step is mandatory to remotely install the security agent on endpoints. 10. Under Deployer section, configure the relay to which the target endpoints will connect for installing and updating the client: All machines with relay role detected in your network will show-up in the table available under the Deployer section. Each new client must be connected to at least one relay client from the same network, that will serve as communication and update server. Select the relay that you want to link with the target endpoints. Connected endpoints will communicate with Control Center only via the specified relay. Important Port 7074 must be open, for the deployment through the relay agent to work. Installing Protection 30

If target endpoints communicate with the relay agent via proxy, you also need to define the proxy settings. In this case, select Use proxy for communication and enter the required proxy settings in the fields below. 11. You need to select one installation package for the current deployment. Click the Use package list and select the installation package that you want. You can find here all the installation packages previously created for your account and also the default installation package available with Control Center. 12. If needed, you can modify some of the selected installation package's settings by clicking the button Customize next to the Use package field. The installation package's settings will appear below and you can make the changes that you need. To find out more about editing installation packages, refer to Creating Installation Packages (p. 21). If you want to save the modifications as a new package, select the Save as package option placed at the bottom of the package settings list, and enter a name for the new installation package. 13. Click Save. A confirmation message will appear. You can view and manage the task in the Network > Tasks page. 3.2.4. Support for On-access Scanning on Linux Virtual Machines The Linux version of Bitdefender Endpoint Security Tools includes on-access scanning capabilities that work with specific Linux distributions and kernel versions. Please check the system requirements to verify how on-access scanning will function on your Linux machine(s). Next you will learn how to manually compile the DazukoFS module. Manually compile the DazukoFS module Follow the steps below to compile DazukoFS for the system's kernel version and then load the module: 1. Download the proper kernel headers. On Ubuntu systems, run this command: $ sudo apt-get install linux-headers-'uname -r' Installing Protection 31

On RHEL/CentOS systems, run this command: $ sudo yum install kernel-devel kernel-headers 2. On Ubuntu systems, you need build-essential: $ sudo apt-get install build-essential 3. Copy and extract the DazukoFS source code in a preferred directory: # mkdir temp # cd temp # cp /opt/bitdefender/share/src/dazukofs-source.tar.gz # tar -xzvf dazukofs-source.tar.gz # cd dazukofs-3.1.4 4. Compile the module: # make 5. Install and load the module: # make dazukofs_install Requirements for using on-access scanning with DazukoFS For DazukoFS and on-access scanning to work together, a series of conditions must be met. Please check if any of the statements below apply to your Linux system and follow the guidelines to avoid issues. The SELinux policy must be either disabled or set to permissive. To check and adjust the SELinux policy setting, edit the /etc/selinux/config file. Bitdefender Endpoint Security Tools is exclusively compatible with the DazukoFS version included in the installation package. If DazukoFS is already installed on the system, remove it prior to installing Bitdefender Endpoint Security Tools. Installing Protection 32

DazukoFS supports certain kernel versions. If the DazukoFS package shipped with Bitdefender Endpoint Security Tools is not compatible with the system's kernel version, the module will fail to load. In such case, you can either update the kernel to the supported version or recompile the DazukoFS module for your kernel version. You can find the DazukoFS package in the Bitdefender Endpoint Security Tools installation directory: /opt/bitdefender/share/modules/dazukofs/dazukofs-modules.tar.gz When sharing files using dedicated servers such as NFS, UNFSv3 or Samba, you have to start the services in the following order: 1. Enable on-access scanning via policy from Control Center. For more information, refer to GravityZone Administrator's Guide. 2. Start the network sharing service. For NFS: # service nfs start For UNFSv3: # service unfs3 start For Samba: # service smbd start Important For the NFS service, DazukoFS is compatible only with NFS User Server. 3.2.5. How Network Discovery Works Security for Endpoints includes an automatic network discovery mechanism intended to detect workgroup computers. Security for Endpoints relies on the Microsoft Computer Browser service to perform network discovery. The Computer Browser service is a networking technology used by Windows-based computers to maintain updated lists of domains, workgroups, Installing Protection 33

and the computers within them and to supply these lists to client computers upon request. Computers detected in the network by the Computer Browser service can be viewed by running the net view command in a command prompt window. The Net view command To enable network discovery, you must have Bitdefender Endpoint Security Tools already installed on at least one computer in the network. This computer will be used to scan the network. Important Control Center does not use network information from Active Directory or from the network map feature available in Windows Vista and later. Network map relies on a different network discovery technology: the Link Layer Topology Discovery (LLTD) protocol. Control Center is not actively involved in the Computer Browser service operation. Bitdefender Endpoint Security Tools only queries the Computer Browser service for the list of workstations and servers currently visible in the network (known as the browse list) and then sends it to Control Center. Control Center processes the browse list, appending newly detected computers to its Unmanaged Computers list. Previously detected computers are not deleted after a new network discovery query, so you must manually exclude & delete computers that are no longer on the network. The initial query for the browse list is carried out by the first Bitdefender Endpoint Security Tools installed in the network. If Bitdefender Endpoint Security Tools is installed on a workgroup computer, only computers from that workgroup will be visible in Control Center. If Bitdefender Endpoint Security Tools is installed on a domain computer, only computers from that domain will be visible in Control Center. Computers from Installing Protection 34

other domains can be detected if there is a trust relationship with the domain where Bitdefender Endpoint Security Tools is installed. Subsequent network discovery queries are performed regularly every hour. For each new query, Control Center divides the managed computers space into visibility areas and then designates one Bitdefender Endpoint Security Tools in each area to perform the task. A visibility area is a group of computers that detect each other. Usually, a visibility area is defined by a workgroup or domain, but this depends on the network topology and configuration. In some cases, a visibility area might consist of multiple domains and workgroups. If a selected Bitdefender Endpoint Security Tools fails to perform the query, Control Center waits for the next scheduled query, without choosing another Bitdefender Endpoint Security Tools to try again. For full network visibility, Bitdefender Endpoint Security Tools must be installed on at least one computer in each workgroup or domain in your network. Ideally, Bitdefender Endpoint Security Tools should be installed on at least one computer in each subnetwork. More about the Microsoft Computer Browser Service Quick facts about the Computer Browser service: Works independent of Active Directory. Runs exclusively over IPv4 networks and operates independently within the boundaries of a LAN group (workgroup or domain). A browse list is compiled and maintained for each LAN group. Typically uses connectionless server broadcasts to communicate between nodes. Uses NetBIOS over TCP/IP (NetBT). Requires NetBIOS name resolution. It is recommended to have a Windows Internet Name Service (WINS) infrastructure up and running in the network. Is not enabled by default in Windows Server 2008 and 2008 R2. For detailed information on the Computer Browser service, check the Computer Browser Service Technical Reference on Microsoft Technet. Installing Protection 35

Network Discovery Requirements In order to successfully discover all the computers (servers and workstations) that will be managed from Control Center, the following are required: Computers must be joined in a workgroup or domain and connected via an IPv4 local network. Computer Browser service does not work over IPv6 networks. Several computers in each LAN group (workgroup or domain) must be running the Computer Browser service. Primary Domain Controllers must also run the service. NetBIOS over TCP/IP (NetBT) must be enabled on computers. Local firewall must allow NetBT traffic. File sharing must be enabled on computers. Local firewall must allow file sharing. A Windows Internet Name Service (WINS) infrastructure must be set up and working properly. For Windows Vista and later, network discovery must be turned on (Control Panel > Network and Sharing Center > Change Advanced Sharing Settings). To be able to turn on this feature, the following services must first be started: DNS Client Function Discovery Resource Publication SSDP Discovery UPnP Device Host In environments with multiple domains, it is recommended to set up trust relationships between domains so that computers can access browse lists from other domains. Computers from which Bitdefender Endpoint Security Tools queries the Computer Browser service must be able to resolve NetBIOS names. Note The network discovery mechanism works for all supported operating systems, including Windows Embedded versions, provided the requirements are met. 3.3. Credentials Manager The Credentials Manager helps you define the credentials required for remote authentication on different operating systems in your network. Installing Protection 36

To open the Credentials Manager, click your username in the upper-right corner of the page and choose Credentials Manager. The Credentials Manager menu 3.3.1. Adding Credentials to the Credentials Manager With the Credentials Manager you can manage the administrator credentials required for remote authentication during installation tasks sent to computers and virtual machines in your network. To add a set of credentials: Credentials Manager 1. Enter the user name and password of an administrator account for each target operating system in the corresponding fields at the upper side of the table heading. Optionally, you can add a description that will help you identify each account more easily. If computers are in a domain, it suffices to enter the credentials of the domain administrator. Installing Protection 37

Use Windows conventions when entering the name of a domain user account, for example, username@domain.com or domain\username. To make sure that entered credentials will work, add them in both forms (username@domain.com and domain\username). 2. Click the Add button at the right side of the table. The new set of credentials is added to the table. Note If you have not specified the authentication credentials, you will be required to enter them when you run installation tasks. Specified credentials are automatically saved to your Credentials Manager so that you do not have to enter them the next time. 3.3.2. Deleting Credentials from Credentials Manager To delete obsolete credentials from the Credentials Manager: 1. Point to the row in the table containing the credentials you want to delete. 2. Click the Delete button at the right side of the corresponding table row. The selected account will be deleted. Installing Protection 38

4. INTEGRATIONS As Bitdefender customer using Control Center to manage the security of your company, you have the possibility to integrate Control Center with third party solutions, such as Amazon EC2 Services. You can configure your third-party solutions integration in the Integrations page, which you can access by pointing to your username in the upper-right corner of the console and choosing Integrations. 4.1. Integrating with Amazon EC2 Services 4.1.1. About Amazon EC2 Integration in Control Center From GravityZone Control Center, administrators are enabled to integrate with the Amazon Elastic Compute Cloud (EC2) service and centrally deploy, manage and monitor Bitdefender security on their instance inventory. Proprietary scanning servers are hosted by Bitdefender in the AWS Cloud to ensure an optimal footprint on the protected instances and to eliminate the scanning overhead occurring with traditional security software. Bitdefender Control Center manages Amazon EC2 instances through dedicated features, such as: Integrated EC2 inventory grouped by Amazon regions and Availability Zones. Once the Amazon EC2 integration has been configured, the Amazon instances belonging to the provided user account credentials are imported in Control Center under the network inventory. A custom Amazon EC2 group will be Integrations 39

displayed, containing all the Amazon regions and their Availability Zones, which contain instances. You can differentiate between online and offline instances by their icon: Offline instances Online instances Specific EC2 filtering in the network view: Filtering endpoints by EC2 instances type Filtering endpoints by EC2 tags defined in your Amazon management console Filtering EC2 instances by their power status (running, stopped, terminated) Automatic (default) scan modes for EC2 instances set on Central Scan with Bitdefender Security Server hosted in the corresponding AWS region, with fallback on Hybrid Scan (with Light Engines using in-the-cloud scanning and, partially, the local signatures). Note It is recommended to use the default scan modes for EC2 instances because these are specifically designed for a small footprint and low resource consumption. For instances with powerful resources, you can also configure the EC2 instances to use Private cloud scanning with Bitdefender Security Server hosted in the corresponding AWS region, with fallback on Local Scanning (Full Engines using signatures and engines stored locally). Grouping terminated instances in a specific folder of the network tree. Previously managed (protected) instances that were terminated from the Amazon management console are stored under Terminated Managed Instances group placed in Amazon EC2 folder. You can still obtain information about these instances via reports. If no longer needed, terminated instances can be deleted from the network inventory. 4.1.2. Configuring the Amazon EC2 Integration in Control Center Security for Amazon Web Services integration requires the access key ID and secret access key of your AWS account or of an AWS Identity and Access Management (IAM) user. Integrations 40

To configure your Amazon EC2 integration: 1. Connect and log in to Control Center. 2. Click your username in the upper-right corner of the console and choose Integrations. The integrations page will show up. 3. Click the Add button at the upper side of the table. 4. Click the Add Amazon EC2 Integration link. A configuration window will appear. 5. Enter your Amazon user access keys in the available fields. Note It is recommended to set up integration with your AWS account using the access key of an IAM user created specifically for this purpose. Your Amazon user linked to the provided credentials must have at least read-only rights on Amazon EC2. 6. Click Save. 7. The AWS License Agreement is displayed. You must read and agree with the license terms to be able to continue. 8. Control Center will check if the provided AWS keys are valid. If so, your Amazon instances will be imported in Control Center and the integration is done. From this point, you can view and manage your Amazon instances from the Network page, under Custom Groups > Amazon EC2 node. Here, your Amazon EC2 instances are grouped under their Amazon regions and the corresponding Availability Zones. Control Center automatically synchronizes with Amazon EC2 inventory every 15 minutes. You can also manually synchronize with Amazon inventory using the Synchronize with Amazon EC2 button placed at the upper side of the Network page. If the provided Amazon access credentials are not valid, you will be notified and prompted to enter them again. 4.1.3. Subscribing to Security for Amazon Web Services As a direct Bitdefender customer, you can anytime configure your Security for Amazon Web Services from the Integrations page. Once the Amazon EC2 Integration has been configured, you will start to use this service in trial mode for 30 days. You will receive by email a confirmation of your Integrations 41

subscription for 30-days trial of your Amazon EC2 services. During the trial period, you will be able to fully protect and manage any number of instances using the security services available with GravityZone Control Center. If you want to continue using this service after the trial period, you will need to license your AWS subscription by authorizing payments to Bitdefender from your Amazon Payments account. This is a one-time operation during your credit card validity period and it fulfills two functions: licensing of your AWS subscription and payment authorization with your Amazon Payments account for subsequent monthly billing. After licensing your AWS subscription, you will be charged monthly based on your usage. Warning If you do not subscribe within the trial period, your managed instances will be expired after 30 days from your subscription and they will no longer be protected. Licensing your AWS Subscription 1. Log in to Control Center using your account. 2. Click your username in the upper-right corner of the console and choose My Company. 3. Under the AWS Subscription section, click the Pay with Amazon widget. 4. You will be redirected to the Amazon Sign In page. Log in using your Amazon Payments account. Note You must configure your browser to accept third-party cookies for the Amazon widget to work. 5. Configure your Amazon Payment method by selecting a valid credit card and enabling the option Use my selected payment method for future purchases and payments to this merchant. 6. Click Save. Your AWS subscription is now Licensed. Note If the selected credit card has expired, you will need to re-license your AWS subscription by following the above-mentioned steps. Integrations 42

Cancelling your AWS Subscription You can cancel your AWS subscription, at any time, directly from your Control Center company account. When you cancel your AWS subscription: All the Bitdefender security agents installed on your instances are expired and those instances remain unprotected immediately. The payment authorization for your subscription on Amazon Payments is automatically canceled. However, you will be charged for your current month usage, up to the time when you unsubscribe. To unsubscribe: 1. Log in to Control Center using your account. 2. Click your username in the upper-right corner of the console and choose My Company. 3. Under the AWS Subscription section, click the Cancel Subscription button. 4. You will have to confirm your action by clicking Yes. Your AWS subscription is now Canceled. You can anytime subscribe again to the service by following the licensing procedure. Editing your AWS Subscription 1. Log in to Control Center using your account. 2. Click your username in the upper-right corner of the console and choose My Company. 3. Under the AWS Subscription section, click the Pay with Amazon widget. 4. Log in using your Amazon Payments account. 5. Make the changes that you need. 6. Click Save. Note After editing your AWS Subscription, you will receive two emails from Amazon Payments, which will confirm the cancellation of the previous authorization and the setting-up of a new payment method. Integrations 43

4.2. Removing Integrations To remove an integration you no longer need: 1. In the Integrations page, select the check box corresponding to the solution you want to remove. 2. Click the Delete button at the upper side of table. After confirming the action, the selected integration will be removed from Control Center. Important After deleting an integration, all your clients installed on the corresponding platform will be expired, meaning that they will no longer communicate with Bitdefender Cloud Services and Control Center and they will be removed from Control Center. Integrations 44

5. GETTING HELP 5.1. Using Support Tool The GravityZone Support Tool is designed to help users and support technicians easily obtain the information needed for troubleshooting. Run the Support Tool on affected computers and send the resulting archive with the troubleshooting information to the Bitdefender support representative. 5.1.1. Using Support Tool on Windows Operating Systems 1. Download the Support Tool and distribute it to the affected computers. To download the Support Tool: a. Connect to Control Center using your account. b. Click the Help and Support link in the lower-left corner of the console. c. The download links are available in the Support section. Two versions are available: one for 32-bit systems and the other for 64-bit systems. Make sure to use the correct version when running the Support Tool on a computer. 2. Run the Support Tool locally on each of the affected computers. a. Select the agreement check box and click Next. b. Complete the submission form with the necessary data: i. Enter your email address. ii. Enter your name. iii. Choose your country from the corresponding menu. iv. Enter a description of the issue you encountered. v. Optionally, you can try to reproduce the issue before starting to collect data. In this case, proceed as follows: A. Enable the option Try to reproduce the issue before submitting. B. Click Next. C. Select the type of issue you have experienced. D. Click Next. Getting Help 45

E. Reproduce the issue on your computer. When done, return to Support Tool and select the option I have reproduced the issue. c. Click Next. The Support Tool gathers product information, information related to other applications installed on the machine and the software and hardware configuration. d. Wait for the process to complete. e. Click Finish to close the window. A zip archive has been created on your desktop. Send the zip archive together with your request to the Bitdefender support representative using the email support ticket form available in the Help and Support page of the console. 5.1.2. Using Support Tool on Linux Operating Systems For Linux operating systems, the Support Tool is integrated with the Bitdefender security agent. To gather Linux system information using Support Tool, run the following command: # /opt/bitdefender/bin/bdconfigure using the following available options: --help to list all Support Tool commands enablelogs to enable product and communication module logs (all services will be automatically restarted) disablelogs to disable product and communication module logs (all services will be automatically restarted) deliverall to create an archive containing the product and communication module logs, delivered to the /tmp folder in the following format: bitdefender_machinename_timestamp.tar.gz. 1. You will be prompted if you want to disable logs. If needed, the services are automatically restarted. 2. You will be prompted if you want to delete logs. Getting Help 46

deliverall -default delivers the same information as with the previous option, but default actions will be taken on logs, without the user to be prompted (the logs are disabled and deleted). To report a GravityZone issue affecting your Linux systems, follow the next steps, using the options previously described: 1. Enable product and communication module logs. 2. Try to reproduce the issue. 3. Disable logs. 4. Create the logs archive. 5. Open an email support ticket using the form available on the Help & Support page of Control Center, with a description of the issue and having the logs archive attached. The Support Tool for Linux delivers the following information: The etc, var/log, /var/crash (if available) and var/epag folders from /opt/bitdefender, containing the Bitdefender logs and settings The /tmp/bdinstall.log file, containing installation information The network.txt file, containing network settings / machine connectivity information The system.txt file, containing general system information (distribution and kernel versions, available RAM and free hard-disk space) The users.txt file, containing user information Other information concerning the product related to the system, such as external connections of processes and CPU usage System logs Getting Help 47

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information