GravityZone (Cloud-based) Release Notes for June 2020 Update
- Security agents: 18.104.22.1683 (Windows); 22.214.171.124 (Linux); 126.96.36.199080 (macOS)
- Security Server: 188.8.131.5216 (Multi-Platform)
- If you are Korean, you can now experience GravityZone in your own native language.
Endpoint Detection and Response (EDR)
- Added Exclusion Rules, a framework for creating custom rules to exclude all those EDR-triggered incidents that you consider safe, or false positive, based on your environment setup. You can create rules manually by writing your own criteria, or directly from the incident graph, by adding certain alerts as exclusions.
- EDR events storage now spans on three time intervals: 30, 90, and 180 days. Not to worry, storage capacity for your events has remained the same. For new companies joining GravityZone, each option is available as an add-on.
Endpoint Risk Analytics (ERA)
- Included Human Risks, a new ERA feature that enables you to monitor potential vulnerabilities caused by unintentional or reckless behavior of active users within your network. Data on user behavior is available in the following pages:
- Risk Management dashboard, which now includes the new Top Human Risks and Top Vulnerable Users widgets; providing useful information on potential breach gates into your environment’s security, caused by user behavior.
- Security Risks page, which now has two new tabs:
- Human Risks – displays all detected potential risks generated by reckless user behavior
- User – displays all the users that have generated potential risks for your organization, based on what actions they have taken, unintentionally or not.
- Improved the flow inside the Misconfigurations and App Vulnerabilities tabs, to enable filtering devices by a specific misconfiguration or vulnerable application.
- Added bulk resolution of indicators of risks via the Fix Risks button in the Misconfigurations tab.
- Added fixing and patching capabilities in the endpoint side panel, for a more granular approach in fixing risks and patching apps at endpoint level.
GravityZone provides a more efficient and proactive way of managing patches:
- A new smart scan mechanism detects and informs you whenever a new application has been installed on the endpoint and what patches are available for it.
- GravityZone reviews regularly the list of available patches and deletes those that are no longer applicable because either the related applications or the endpoints do not exist anymore.
- GravityZone also deletes from the list patches that are no longer available, although they are present on some endpoints.
Advanced Threat Control (ATC)
- The ATC/IDS event notification details are enriched with the path and ID of the parent process, and also with the command line that started the process, if the case.
- Remote troubleshooting is now available for Linux and macOS agents.
- Bitdefender Cloud storage option is available for Security Server (Multi-Platform).
- You can now use the Delete button to drop protection management on endpoints joined in Active Directory.
This change dismisses and removes the Clear license button from the action toolbar.
- The product updates and security content available on Relay agents are now visible in the new Information > Repository details page.
- Added more information about updates in the Information > Protection page.
- With the new User Rules option from Assignment Rules, you can easily apply policies per endpoint user.
These rules work only with Active Directory users or security groups.
- You can now start a Reconfigure Client task for the selected endpoints directly from the Endpoint Modules Status report.
- The report also contains a new filter for the Advanced Threat Control module.
Added several usability enhancements throughout the console. To mention:
- Redesign of the Policies > Assignment Rules and the Reconfigure Client pages for better visibility.
- Enhanced the Endpoint Modules Status report with the Reconfigure Client option.
- Case insensitivity at SSO login.
- As a Bitdefender Partner, you can configure minimum monthly usage for managed companies with monthly subscription. You have the option to specify a subscription end date, with the ability to activate automatic renewal in case of expiration.
The minimum usage settings are available for each company in the Companies page.
ConnectWise Manage Integration
- You can now identify and filter companies imported from ConnectWise Manage by their status.
- Added API support for moving endpoints between Company accounts via the moveEndpointsBetweenCompanies method.
- Added the activateCompany method so that Bitdefender Partners can re-activate suspended company accounts.
- Added the details related to ERA > Human Risk to the following methods:
- Added the risk score from Endpoint Risk Analytics to the getManagedEndpointDetails and getCompanyDetails methods.
- Updated the following methods to cover the new minimum usage options at monthly subscription:
- Updated the following methods so that you can add the available modules to agents, provided they are covered by license:
NOTE! The networkMonitor option was renamed to NetworkAttackDefense.
- Added the option to create custom scan tasks via the following methods:
- Notifications sent via Event Push Service API now contain the path and ID of the process for ATC detections, plus the command line that generated the process (if the case).
- New and more detailed error codes and messages for the moveEndpointsBetweenCompanies method.
- A new subscription type available via the createCompany method, called FRAT.
- Infected files were deleted even with the Take no action setting selected.
- Users could not access the Network page after entering a long string in the column filter.
Endpoint Risk Analytics
- The results of a scheduled scan task did not include detected vulnerabilities.
- In some situations, filtering by severity did not work as expected.
- Endpoint Encryption Status and HyperDetect Activity emailed reports did not include the attachment with the results.
- The CSV file of the License Status report for Partners included by accident more child companies than needed, resulting in a lower number of seats available for install.
- A Partner could do the following operations even with the Manage from above option disabled on managed companies:
- Enforce two-factor authentication.
- Modify the metadata URL for single sign-on.
- Modify the Country field.