BITDEFENDER ENDPOINT SECURITY TOOLS Beta Version Testing Guide
Bitdefender Endpoint Security Tools Beta Version Testing Guide Publication date 2014.11.26 Copyright 2014 Bitdefender Legal Notice All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from an authorized representative of Bitdefender. The inclusion of brief quotations in reviews may be possible only with the mention of the quoted source. The content can not be modified in any way. Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this document is provided on an as is basis, without warranty. Although every precaution has been taken in the preparation of this document, the authors will not have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. This book contains links to third-party Websites that are not under the control of Bitdefender, therefore Bitdefender is not responsible for the content of any linked site. If you access a third-party website listed in this document, you will do so at your own risk. Bitdefender provides these links only as a convenience, and the inclusion of the link does not imply that Bitdefender endorses or accepts any responsibility for the content of the third-party site. Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document are the sole property of their respective owners, and are respectfully acknowledged.
89504E470D0A1A0A0000000D494844520000002000000020010300000049 B4E8B7000000017352474200AECE1CE900000006504C5445FFFFFF000000 55C2D37E0000009A4944415408D76370FB7BCF85E1BDE2321706DE847DDF 185A5B5858189454BBAA18EAFFEFBFCF90FFF7DF3F0630F8CCA42DC9A0C0 14A7CC30E58C763FC3751EAFC50C0C4E40C5F5F54075E5E7ECE743D4ED0A 4ECC62B831977D06C365F5E3090C13AE262932743330CE60F80F52575DBF FC3644DDEB695EDB19AC4D2EB533342D5BB198C1E5E9AA030C960C01EC40 75FFFF31FC2FFFF51DAC0C00A09339A3914312FC0000000049454E44AE42 60827A3431793A70666765303133406F316771337333617133652E70307A
Table of Contents 1. Introduction....................................................................... 1 2. The Beta Program................................................................ 2 2.1. Timeline......................................................................... 2 2.2. Requirements.................................................................... 2 2.2.1. Endpoint Protection........................................................... 2 2.2.2. Exchange Protection.......................................................... 4 2.3. Feedback........................................................................ 5 3. What's New....................................................................... 6 4. Getting Started.................................................................... 7 4.1. Installing and configuring GravityZone............................................... 7 4.2. Installing Endpoint Protection...................................................... 8 4.3. Installing Exchange Protection..................................................... 9 5. Testing Guidelines............................................................... 11 5.1. Testing Endpoint Protection Features.............................................. 11 5.2. Testing Performance and System Impact........................................... 12 5.3. Checking the GravityZone Quarantine.............................................. 13 5.4. Creating GravityZone reports..................................................... 13 5.5. Testing Device Control........................................................... 13 5.5.1. Step 1: Test USB devices control.............................................. 14 5.5.2. Step 2: Test that external CD/DVD devices are blocked if connected via USB....... 15 5.6. Testing Exchange Protection...................................................... 16 6. Feedback Form for Beta-Testers................................................ 19 6.1. Feedback for Bitdefender Endpoint Security Tools................................... 19 6.2. Feedback for Exchange protection................................................. 21 iv
1. Introduction The Next-Generation Bitdefender Endpoint Security Tools brings the benefits of both Bitdefender Tools and Endpoint Security version 5.x under the same umbrella. Features such as uninstall competitors, Active Virus Control, Firewall and Content Control will be available also for the virtual environments. At the same time, security administrators will be able to configure their physical endpoint clients to offload the heavy part of the scanning process to a dedicated virtual machine (Bitdefender Antimalware Cloud). Moreover, the Next-Generation Bitdefender Endpoint Security Tools includes support for Linux physical systems and brings the new Bitdefender Endpoint Security Tools Relay, allowing the deployment to span across multiple distributed locations (physical and virtual). With its flexible scanning system (local, remote to Security Server, remote to Bitdefender Cloud), the Next-Generation Bitdefender Endpoint Security Tools is an ideal choice for mixed environments (physical, virtual and cloud). In addition to endpoint protection, Bitdefender Endpoint Security Tools also includes Exchange Protection, which provides superior antimalware and antispam protection for Microsoft Exchange Servers. The solution automatically integrates with Exchange Server, using transport agents, to filter the inbound and outbound email traffic for malware and spam, ensuring a secure messaging and collaboration environment. Additionally, it allows scanning the Exchange databases for malware. Exchange protection is centrally managed from Control Center. Introduction 1
2. The Beta Program This section describes the Beta Program timeline, requirements for participation, guidelines for providing feedback, and quick-start information. 2.1. Timeline October 15, 2014 - Private Beta start November 20, 2014 - Public Beta start (+ Device Control and Exchange Server Protection) 2.2. Requirements 2.2.1. Endpoint Protection To perform a comprehensive Beta Testing of the endpoint protection, you should meet the following minimum environment and time availability requirements: 1-2 physical workstations/servers (Windows) for installing Bitdefender Endpoint Security Tools 1-2 virtual workstations/servers (Windows) for installing Bitdefender Endpoint Security Tools 1-2 virtual Linux machines for installing Bitdefender Endpoint Security Tools Time for testing: at least 8 dedicated hours Supported Operating Systems Linux Operating Systems: Red Hat Enterprise Linux / CentOS 5.6 or higher Ubuntu 10.04 LTS or higher SUSE Linux Enterprise Server 11 or higher OpenSUSE 11 or higher Fedora 15 or higher Debian 5.0 or higher Windows Operating Systems: Windows 8.1 Windows 8 Windows 7 The Beta Program 2
Windows Vista with Service Pack 1 Windows XP with Service Pack 3 Tablet and embedded operating systems: Windows Embedded 8.1 Industry Windows Embedded 8 Standard Windows Embedded Standard 7 Windows Embedded Compact 7 Windows Embedded POSReady 7 Windows Embedded Enterprise 7 Windows Embedded POSReady 2009 Windows Embedded Standard 2009 Windows Embedded with Service Pack 2* Windows XP Tablet PC Edition* * Specific operating system modules must be installed for Security for Endpoints to work. Server operating systems: Windows Server 2012 R2 Windows Server 2012 Windows Small Business Server (SBS) 2011 Windows Small Business Server (SBS) 2008 Windows Server 2008 R2 Windows Server 2008 Windows Small Business Server (SBS) 2003 Windows Server 2003 R2 Windows Server 2003 with Service Pack 1 Windows Home Server Mac OS X: Mavericks (10.9.x), Mountain Lion (10.8.x), Lion (10.7.x) Hardware Requirements Intel Pentium compatible processor: Workstation Operating Systems 1 GHz or faster for Microsoft Windows XP SP3, Windows XP SP2 64 bit and Windows 7 Enterprise (32 and 64 bit) 2 GHz or faster for Microsoft Windows Vista SP1 or higher (32 and 64 bit), Microsoft Windows 7 (32 and 64 bit), Microsoft Windows 7 SP1 (32 and 64bit), Windows 8 800 MHZ or faster for Microsoft Windows Embedded Standard 7 SP1, Microsoft Windows POSReady 7, Microsoft Windows POSReady 2009, Microsoft Windows Embedded Standard 2009, Microsoft Windows XP Embedded with Service Pack 2, Microsoft Windows XP Tablet PC Edition Server Operating Systems Minimum: 2.4 GHz single-core CPU The Beta Program 3
Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU Free MB RAM memory required for installation: SINGLE ENGINE OS Local Scanning Hybrid Scanning Centralized Scanning AV Only Full Options AV Only Full Options AV Only Full Options Windows 1200 512 660 256 400 Linux 512 512 256 256 Mac n/a n/a n/a n/a Free MB HDD space required for installation: OS Windows Linux Mac Local Scanning AV Only Full Options 1200 SINGLE ENGINE Hybrid Scanning AV Only 500 400 n/a Full Options 700 400 n/a Centralized Scanning AV Only 350 250 n/a Full Options 570 250 n/a Centralized + Local Scanning AV Only n/a DUAL ENGINE Full Options 1200 n/a Centralized + Hybrid Scanning AV Only 500 400 n/a Full Options Note At least 6 GB free disk space is required for entities with Bitdefender Endpoint Security Tools Relay role, as they will store all updates and installation packages. 700 400 n/a 2.2.2. Exchange Protection To perform a comprehensive Beta Testing of the Exchange Protection, you should meet the following minimum environment and time availability requirements: 64-bit Exchange Server test lab. Ideally, the test lab should replicate your production environment. Time for testing: at least 8 dedicated hours Supported Exchange Environments Microsoft Exchange Server 2013 (Edge or Mailbox role) Microsoft Exchange Server 2010 or 2007 (Edge, Hub or Mailbox role) The Beta Program 4
Hardware Requirements Free RAM memory: 1 GB Free HDD space: 1 GB 2.3. Feedback We encourage you to send us your feedback by using the feedback feature available in Control Center or by email to enterprise-beta@bitdefender.com. The Beta Program 5
3. What's New 1. New installation architecture for the new endpoint client: One installation kit for any environment Ability to reshape the scanning engines according to detected physical or virtual environment Ability to uninstall competitors in virtualized environments Adds support for physical Linux endpoints Extends Relay role to virtual machines. 2. New types of antimalware engines for both Windows and Linux endpoints. a. Single engine: Local Scanning, when the scanning is performed locally. This scanning mode is suited for powerful machines, having all signatures and engines stored locally. Hybrid scanning, with a medium footprint, using in-the-cloud scanning and, partially, the local scanning. The detection rate is the same as for the full engine version, with the benefit of better resources consumption, but involving off-premise scanning. Centralized Scanning, with a small footprint requiring a Security Server for scanning. In this case, no signature set is stored locally, and the scanning is offloaded on the Security Server. b. Dual engines with fallback: Centralized Scanning with fallback on Local Scanning Centralized Scanning with fallback on Hybrid Scanning When the first engine is unavailable, the fallback engine will be used. Resource consumption and network utilization will be based on used engines. 3. Bringing the benefits of scanning with Security Server to static physical PCs for both Windows and Linux clients, with load balancing on multiple deployed Security Servers. 4. New features for VDIs: Behavioral scan and Photon technologies Firewall and Content Control 5. Added Device Control functionality. 6. Added protection for Microsoft Exchange servers. What's New 6
4. Getting Started 4.1. Installing and configuring GravityZone Download the GravityZone beta virtual appliance and follow these steps: 1. Import the virtual appliance image in a VMware, Xen or Hyper-V virtual environment. 2. Start the machine and complete the CLI installation: configure the network settings and install all the roles (Database, Update Server, Web Console and Communication Server) on the same machine. 3. Access the GravityZone web console with your browser, and proceed with the Control Center initial setup, by providing the license keys and configuring the first user account. Use the following keys: Security for Endpoints: PH0WEN0 Security for Virtualized Environments: VS: UP0P4VD VDI: HCBTSHN Security for Mobile Devices: 67EXPQF 4. Log in to Control Center with the account you have just created and go to the Configuration page to proceed with configuring the Control Center settings: If an Active Directory is available, configure the Active Directory integration to import the current network inventory in Control Center. Integrate Control Center with a vcenter Server or XenServer (if available). 5. Go to Network, select the Virtual Machines service and install a Security Server on a host. Note For Hyper-V environments, you need to download the Security Server image from the Network > Packages page and import it in your Hyper-V host. 6. Go to Network > Packages and create a Bitdefender Endpoint Security Tools installation package. Getting Started 7
Note This package will work for both physical and virtual machines if a Security Server has been installed and if you have a license for virtual machines. In the installation package configuration window you can opt between an Automatic engine configuration, which will install a predefined set of engines, and a Custom engine configuration, which allows choosing the exact engine type that you would like to use for physical or virtual environments. You can also choose to use the old vshield client for the virtual machines deployment. 7. Go to Policies and create a new policy template. a. In the policy settings, go to Antimalware > Security Servers section and add the Security Servers that you have installed in your environment. b. If you have multiple Security Servers installed, add them in policy and select the option First connect to the Security Server installed on the same physical host, if available, regardless the assigned priority. The policy template will be able to serve all types of endpoints: physical, virtual, Mac, Windows and Linux. c. Go to the Network page, select the protected endpoint that you want and assign it with the policy you have just created. 4.2. Installing Endpoint Protection 1. Choose the client installation method that best suites your needs: a. Use the Downloader for Windows or Linux from the Network > Packages page and install it manually. b. Deploy the client via a Bitdefender Endpoint Security Tools Relay that was previously installed on a station in your network, which automatically performs a network discovery. As soon as all computers existing in the network are visible in Control Center: i. Select the endpoints that you want (Windows or Linux) in the Network page and choose Install from the Tasks menu. ii. Configure the installation settings according to your preferences. c. If you have an Active Directory integration: i. You can start the deployment on your network by going to the Network page and sending the Install task to the selected targets. ii. In the installation wizard chose a package with the role that you would like to install on the selected target and customize the various types of scanning engines. iii. Install different types of engines on different machines and monitor the behavior. 2. Check to see if the installed clients are properly displayed in the Network page. Getting Started 8
You can see your machines using the following views: a. Computers You should see Active Directory physical and virtual machines in the Active Directory container. You should see non - Active Directory physical endpoints in the Custom Groups container. You should see non - Active Directory virtual machines or Security Servers in the Custom Groups container. You should see virtual machines from other virtual environments that VMware or Citrix in the Custom Groups container. b. Virtual machines Choosing this view will display all endpoints or Security Servers that have been installed on a vcenter or XenServer integration environment. You should see virtual machines in the Custom Groups container. You should see virtual machines from other virtual environments that VMware or Citrix in the Custom Groups container. 3. Verify the Computer Details page. In the Network page, click the endpoint name that you are interested in. You can view the client installation and configuration details for each managed computer in its details page. Verify that the information is correct. If you chose the automatic scanning engine option, please verify that the description next to the automatic option is reflected in the computer details. Please note that a machine with hardware beneath 1 GB of RAM and 1.5 GHz is considered a slow machine. 4.3. Installing Exchange Protection To install Bitdefender Endpoint Security Tools with Exchange Protection: 1. Go to Network > Packages and create a new installation package with Exchange Protection role selected. Important Exchange Protection uses the same antimalware scanning technologies as the endpoint Antimalware module. Therefore, you can use local, hybrid or centralized scanning. By default, packages use automatic configuration of the scanning engines (local scanning for powerful physical machines, and centralized scanning for virtual machines and less powerful physical machines). When configuring the installation package, you can customize the scan engines to be used. Getting Started 9
If you installing on a virtual Exchange server, the product is automatically configured to use Private Cloud (Security Server) scan mode, which means you have to install a Security Server prior to installing Exchange Protection and testing antimalware features. 2. Choose the installation method that best suites your needs: a. Use the Downloader or the 64-bit full kit of the Exchange Protection package from the Network > Packages page and install it manually on the Exchange Server. b. If you have configured Active Directory integration or previously deployed Bitdefender Endpoint Security Tools Relay (which automatically performs a network discovery), you can remotely deploy the package from Control Center: i. Find the Exchange Server in the Network page and choose Install from the Tasks menu. ii. Configure the installation settings according to your preferences. iii. You can check progress in the Network > Tasks page. When the task is finished, check on the Exchange Server that Bitdefender Endpoint Security Tools is installed and Exchange Protection modules are on. 3. Verify that the protected Exchange Server is properly displayed in the Network page. You should find it in the Computers inventory. If you are running a virtual lab, it will also show up in the Virtual Machines view. You can use filters or the search fields below the table headings to quickly find your Exchange Server. 4. Click the server name and check that the displayed information is correct. General tab displays system info and general agent details, including antimalware scan engines being used and assigned policy. Note If you chose the automatic scanning engine option, please verify that the description next to the automatic option is reflected in the computer details. Please note that a machine with hardware beneath 1 GB of RAM and 1.5 GHz is considered a slow machine. Endpoint tab displays info related to file system protection. Exchange tab displays info related to Exchange Server protection. Getting Started 10
5. Testing Guidelines 5.1. Testing Endpoint Protection Features 1. Test all types of scan engines (local, hybrid and centralized scanning). You can configure scan engines at the installation package creation or in the client's modify task options. When manually installing or deploying the package, the client will use the engines defined in the installation package according to each physical or virtual environment settings. Verify that all installed clients are reported as managed and online in the Network page, and also click the installed clients' name to check their details page. To change the scanning mode or add another feature, go to the Network page, choose Modify installer for the selected targets and select the features you need to add. Verify that the modify task had finished successfully and check in computer details that the feature has been added. To quickly verify that the antimalware protection is on, download an EICAR test file. Verify that the EICAR test file has been detected as a virus and deleted. 2. Test Behavioral scan and Photon for VDIs You can enable the Active Virus Control module either when creating the installation package or after the client installation via a modify task. Once the Active Virus Control module has been installed, the machine is protected from 0-day threats. Verify in the computer details that the feature is available. 3. Test that Firewall is now available on VMs You can enable the Firewall module either when creating the installation package or after the client installation via a modify task. Apply a policy with firewall rules, specifically blocking Yahoo Messenger, for instance. Verify that the application has been prevented to connect to the internet once the policy has been applied to the endpoint. Verify in the computer details that the feature is available, and also in the client's console. 4. Test that Content Control is now available on VMs You can install the Content Control module either when creating the installation package or after the client installation via a modify task. Testing Guidelines 11
Apply a policy with Content Control category rules, specifically blocking social media, for instance. Verify that the access to any social site is being locked once the policy has been applied to the endpoint. Configure the same policy to block a specific application, such as Skype. Verify that Skype is prevented to run on the target endpoints. 5. Test that Bitdefender Endpoint Security Tools Relay is available for VMs as well Deployment on virtual machines can be done also through a Bitdefender Endpoint Security Tools Relay. Communication and updates can be configured via policy to use a Bitdefender Endpoint Security Tools Relay. Verify that, after applying a policy which assigns an endpoint to a Bitdefender Endpoint Security Tools Relay, the details page of the Bitdefender Endpoint Security Tools Relay computer shows the connected endpoints that communicate through this entity. 5.2. Testing Performance and System Impact The following steps should be done for each scan engine type and for all features that are available in Bitdefender Endpoint Security Tools. 1. Open the Bitdefender Endpoint Security Tools interface by using the Notification Area (SysTray) icon and observe the following: Status tab: once the client installation is done, the status shows that the computer is secured. Events tab: contains a policy has been received event. 2. Go to the Security tab and run a Quick Scan task, then a Custom Scan. Verify that all scans run locally successfully without any issues regardless of the used engine type. What do you think about the scan speed? What is the overall scan experience in relation to the old client? 3. Right-click the Notification Area (SysTray) icon, select About and observe the following: Update is checked and performed. Verify the displayed information. 4. With Bitdefender Endpoint Security Tools installed, please use your system as before and tell us about the product impact on your computer for each of the 3 engines use: CPU and Memory consumption Testing Guidelines 12
Slowdowns or application crashes Slow Internet access 5.3. Checking the GravityZone Quarantine You will be able to see that quarantine events are displayed in the same section for virtual and physical machines. 1. Go to Policies and create or edit a policy template. 2. In the policy settings, go to Antimalware > On-Access > Settings > General and set the default action for infected file as Move to quarantine. 3. Check that the new policy is received by the endpoint. 4. Try to download an EICAR test file. 5. Check if the file was removed from the original location. 6. Check the file in the quarantine section and delete / restore / download the file. 5.4. Creating GravityZone reports To obtain reports for physical and virtual machines, switch to the network view in the Network page and schedule some reports. 1. Under network inventory, in the Active Directory group, select a target and click the Reports icon at the right side of the page. Select and configure report type that you would like to schedule. 2. Under network inventory, go to Custom Groups and select another target. Click the Report button at the right side of the page and define the report that you would like to schedule. 3. Verify that the generated reports contain the expected information. 5.5. Testing Device Control To test the Device Control feature on already installed clients: 1. Go to the Network page. 2. Select the protected endpoints you need to update. 3. Click the Task button at the right-side of the table and choose Modify installer. 4. Select Device Control in the Modules section. 5. Click Save. Testing Guidelines 13
5.5.1. Step 1: Test USB devices control 1. Configure the Device Control module to block access for USB devices. a. Go to the Policies page and create a new policy. b. Enable the Device Control option in the Device Control > Rules section. By default, all rules are set to allow access. c. Choose to display more pages at the bottom of the rules table, then click USB to edit the rule. d. Change the permission setting to Blocked. e. Save the policy. f. From the Network page, assign the policy to a protected endpoint in your network. 2. Test that connected USB devices are blocked. a. Connect a stick to the computer and try to access it. An event should be logged in the Bitdefender Endpoint Security Tools user interface stating that the device has been blocked. b. Go to the Reports page and generate a Device Control Activity report. You should see an entry with the number of events blocked for each device on a specific computer. c. Click the number of blocked devices. You will see a more detailed view containing the device name / user / serial number / product number of the device and the date when it has been plugged into the computer and blocked. 3. Add an exception to the block USB rule. a. Go back to the Policies page and select the policy. b. Go to the Device Control > Exclusions section and enable Exclusions. c. Add an exception for the testing computer and configure its options as follows: Description: enter a short description to identify the exception in the list. Type: choose Serial Number. Exceptions: enter the computer's serial number. Permission: choose Allow. d. Save the changes. 4. Test the exception. Connect the stick to the computer. You should be able to access and use the stick. 5. Set the rule for read-only access. a. Go back to the Policies page and select the policy. Testing Guidelines 14
b. Go to the Device Control > Exclusions section and delete the exclusion previously created. c. Go to the Device Control > Rules and edit the USB rule by setting the permission to Read-only. d. Save the changes. 6. Test the read-only settings. a. Connect a stick to the computer and try to access it. An event should be logged in the Bitdefender Endpoint Security Tools user interface when the user tries to copy something from the USB stick. b. Go to the Reports page and generate a Device Control Activity report. You should see an entry with the number of events blocked for each device on a specific computer. c. Click the number of blocked devices. You will see a more detailed view containing the device name / user / serial number / product number of the device and the date when it has been plugged into the computer and blocked. 5.5.2. Step 2: Test that external CD/DVD devices are blocked if connected via USB 1. Configure a rule for external CD/DVD devices that connect via USB. a. Go back to the Policies page and select the policy. b. Go to the Device Control > Rules section. c. Edit the CDROM Drive rule: Set the permission option to Custom. Under Custom Permissions, choose Blocked for USB. d. Save the changes. 2. Test the new settings. a. Try to connect an external CD/DVD device via USB. An event should be logged in the Bitdefender Endpoint Security Tools user interface, stating that the device has been blocked. The CD/DVD device connected via IDE should remain accessible. b. Go to the Reports page and generate a Device Control Activity report. You should see an entry with the blocked device, including the number of events blocked for each device on a specific computer. c. Click the number of blocked devices. You will see a more detailed view containing the device name / user / serial number / product number of the device and the date when it has been plugged into the computer and blocked. Testing Guidelines 15
5.6. Testing Exchange Protection Follow these guidelines to test Exchange Protection: 1. Test the antimalware filtering and exclusions You can test malware protection by sending an email with an EICAR test file attachment to the Exchange Server. By default, the scan is configured to disinfect and, if not possible, quarantine infected objects. Because the disinfect action is not applicable to the EICAR test file, the detected EICAR objects will be quarantined. Check that the EICAR files are not delivered to the users mailboxes, but replaced with a notification text. Check that the EICAR files show up on the Quarantine page. Important This beta release does not support recovering objects quarantined by the antimalware module. Verify this behavior is consistent regardless of the protocol or mail client used to send the email (for example, desktop clients using Microsoft Exchange/MAPI or SMTP, mobile clients using Exchange ActiveSync, OWA web client). Disable antimalware filtering in the policy. Check the status is correctly displayed in the computer details. Also check the status in the Bitdefender Endpoint Security Tools interface on the Exchange Server. Verify that EICAR objects are delivered to the users mailboxes. Modify the default scan settings or create additional rules in the policy. Check if everything works as expected. How easy or intuitive was to configure antimalware filtering? Inform us of any settings that should be organized in a different way or explained better. Besides the default rule, do you plan to use additional filtering rules for your production environment? Tell us about your use cases. Add exclusions from antimalware filtering in the policy. Verify that emails sent between the selected user groups are not caught by the antimalware filtering. 2. Test the antispam filtering You can test spam protection by sending GTUBE test emails to the Exchange Server. Important The default antispam rule only filters incoming emails (that is, emails sent from the outside of the Exchange organization). If you cannot send the test emails from an Testing Guidelines 16
external domain, you must create an additional rule in the policy to scan All emails and check authenticated connections. Check that GTUBE emails are tagged with [SPAM] in the subject line and delivered to users' Junk folder. Disable antispam filtering in the policy. Check the status is correctly displayed in the computer details. Also check the status in the Bitdefender Endpoint Security Tools interface on the Exchange Server. Verify that GTUBE emails are delivered to the users mailboxes. Modify the default filtering settings or create additional rules in the policy. Check if everything works as expected. How easy or intuitive was to configure antispam filtering? Inform us of any settings that should be organized in a different way or explained better. Besides the default rule, do you plan to use additional filtering rules for your production environment? Tell us about your use cases. Add a trusted sender address to the whitelist. Verify that emails from that sender are always delivered, even if they are spam. 3. Test the on-demand antimalware scanning Before you begin: populate the Exchange databases with objects having EICAR test files attached. You can run Exchange scans on-demand from the Network page or you can configure scheduled scans via policy. To be able to run scan tasks successfully, you must provide the credentials of an Exchange administrator in the policy. Configure and run an Exchange scan. By default, the scan is configured to disinfect and, if not possible, quarantine infected objects. Because the disinfect action is not applicable to the EICAR test file, the detected EICAR objects will be quarantined. Important On-demand scanning of Exchange databases is a resource intensive task and can take a considerable time to complete (depending on the scanning options and the number of objects to be scanned). In a test environment with hundreds to thousands of objects to be scanned, it should complete in less than an hour. If you're running a task from the Network page, you can check progress in the Network > Tasks page. Alternatively, for all tasks, you can open the Bitdefender Endpoint Security Tools interface to check when a task starts or finishes. Check that the EICAR files are removed from the users mailboxes and public folders and replaced with a notification text. Testing Guidelines 17
Check that the EICAR files show up on the Quarantine page. Once the scan is completed, you can access the scan log from the Computer Information page. Configure exclusions for an Exchange scan and verify exclusions are applied. 4. Test the Exchange Server performance (CPU, RAM, slowdowns, application crashes) Send continuous flows of emails to the Exchange server. Check the impact of antimalware and antispam filtering on server performance. Check server performance during on-demand scans. Note For performance testing, you can use Microsoft Exchange Server Stress and Performance Tool and Microsoft Exchange Load Generator. 5. Check Exchange Protection reports You can create reports from the Network page (select the server and click the Reports button) or from the Reports page. This beta release includes two reports for Exchange Protection: Top 10 Detected Malware and Top 10 Malware Recipients. Verify that the generated reports contain the expected information. What additional reports/information do you need for Exchange Protection? 6. Check Exchange Protection quarantine From previous tests, the Exchange quarantine should already contain some EICAR files detected by the antimalware module. Additionally, from the policy, you can configure the antispam module to automatically quarantine spam emails. Verify that GTUBE emails end up in Quarantine instead of being delivered to users' mailboxes. Check the details for quarantined objects are correct. Test the restore action for quarantined spam emails. Check that emails are delivered to original recipients. Important This beta release does not support recovering objects quarantined by the antimalware module. Testing Guidelines 18
6. Feedback Form for Beta-Testers After testing the features described in the Testing Guidelines chapter, please take a few seconds to fill-in the following feedback form. Select your answer regarding the test status for each feature (OK or Not OK). Please enter any encountered issue, comment or any suggestion you may have for the corresponding feature. 6.1. Feedback for Bitdefender Endpoint Security Tools Features and functionalities The engine works on Windows systems OK Test status Not OK Not Tested Observations Local Scanning Engine The feature works on Linux systems Scanning performance Client OS performance The feature works on Windows systems Hybrid Scanning Engine The feature works on Linux systems Scanning performance Client OS performance The feature works on Windows systems Centralized Scanning Engine The feature works on Linux systems Scanning performance Centralized Scanning with fallback on Local Scanning Client OS performance The feature works on Windows systems The feature works on Linux systems Scanning performance Client OS performance Feedback Form for Beta-Testers 19
Centralized Scanning with fallback on Hybrid Scanning The feature works on Windows systems The feature works on Linux systems Scanning performance Client OS performance Blocked at least one USB storage device Read-only action for file system devices Device Control Blocked other supported devices (besides USB) Exclusions by Serial No./Product No. Device Control Activity reports Active Virus Control module on VDIs Firewall module on VMs Content Control on VMs Bitdefender Endpoint Security Tools Relay for VMs Quarantine for physical and virtual machines Reports for virtual machines Feedback Form for Beta-Testers 20
6.2. Feedback for Exchange protection Features and functionalities Local Installation OK Test status Not OK Not Tested Observations Installation Remote deployment Easy to install With local scanning engines With centralized scanning engines (Security Server) With hybrid scanning engines (Public Cloud) Antimalware filtering Works across all protocols/mail clients Exclusion mechanism Suitable defaults Easy to configure Scanning performance Server performance Antispam filtering Antispam filtering Trusted senders (whitelist) Suitable defaults Easy to configure On-demand antimalware scanning Server performance With local scanning engines With centralized scanning engines (Security Server) With hybrid scanning engines (Public Cloud) Exclusion mechanism Suitable defaults Easy to configure Scanning performance and speed Server performance Exchange Quarantine Antimalware Antispam Exchange Reports Feedback Form for Beta-Testers