Gravity Zone buggy interface - management?
Hi
It's been 3 weeks now I ve purchased and installed the Security Business package.
Groups to contain identical devices have been created.
Policies have been created and agents has been installed to the devices we wanted.
Initial full scans have been issued.
After those scans gravity Zone Cloud GUI reported some misconfigurations, found for the devices along with app vulnerabilities and user behavior.
Questions goes as follows (already talked with Bit Defender's tech guys to no end):
1.I am trying to understand the way Bit Defender agent operates on client side. The reason I am asking is because in a machine running win10 pro (probably irrelevant), is installed an Sql Server instance and in order for a software we have to run, it needs specific (well known) sql ports to be excluded from Windows Defender with an inbound rule.
Now I can t understand if during installation of Bit Defender agent it imports automatically all the rules from Windows Defender or not.
1a) If it imports the rules, I can t find them anywhere both at client or Gravity Zone side.
1b) If not, then how our program (sql connected) still runs after installation of Bit Defender since those inbound rules haven t been imported or set?
Knowing the way Bit Defender acts along with Windows Defender is crucial, since I need to install it in 2 Windows Servers afterwards and I have to troubleshoot many things that will stop working. Those above mentioned servers are already in a production level environment and i can t error n trial in order to assume how your product works.
2.Trying first to resolve the low risk issues, I m upgrading to the new versions of some common installed programs like 7zip / vlc /notepad++ which Bit Defender found as vulnerable. Problem is that even if I have uninstalled them (with special program and not by add/remove programs) and installed the new versions, having run full scan again and restarted the client, having let time pass in order for the fixes to send to the cloud console, it still mentions the smae issues as problems?
Why is that? What is the right order of things in order to have the most quick fixes even for this simple process?
3.Some of the misconfigurations found are part of local group policy settings. Problem is that applying a fix from cloud console to a specific client, although seems to have been completed successfully (from tasks) the specific fix at the client seems <<uncorrected>> (again full scans and restarts have been applied). For instance there was a possible issue with
<<<<<<<Remove Run this time button for outdated Active X (blah blah)
Verifies the local group policy Remove Run this time button for outdated ActiveX controls in Internet Explorer, located in Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
MITIGATIONS / NETWORK ACTIONS
Set this policy to Enabled.>>>>>>>>>>>>>>>
After that fix if i go to the clients gpo at that path (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Remove Run this time button for outdated Active X (blah blah)), it still is displayed as unconfigurable.
All the above questions deflect to my lack of understanding teh basics of how the heck gravity Zone works. Documentation for the topics I care about isnt doing much, so I d like a more insight explanation from anyone could help or have delt with the above mentioned problems.
Thank you in advance.
Comments
-
Kindly contact Bitdefender Business Support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory.
Additionally, @Andrei_S Enterprise from Bitdefender Enterprise team can check on this for you.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Thank you for your interest on my post.
If Gravity Zone was used by a plain user would the answer be the same? None from the community uses Gravity Zone?
0 -
Yes, since the product is related to the business category, information on the forum is limited, as are the users. So, either you would have to contact Bitdefender business support or wait for @Andrei_S Enterprise to respond, who is a Bitdefender employee and has expertise in Bitdefender's business line of products.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Ok then I ll have to wait. I ve already email @bitsy but mayeb I should forward the message to Andrei too? Is his email Andrei_S@....... ?
Thank you for your time.
0 -
@Andrei_S Enterprise will get back to you on this post soon.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello @dimtsou
I will answer each question in order.
1. No, BEST agent will not import any rules from Windows Defender, furthermore we uninstall Windows Defender during the installation process and you should see at the endpoint level the antivirus is manager by BEST.
Example:
1b. There are some default settings set in our product so widely known applications that require specific ports to be opened are not blocked by default. You can always define specific policies tailored for your needs from your GravityZone console.
2. If I understood correctly after you have addressed the risks listed in the console you ran a Full Scan. The Full Scan task scans the entire system for all types of malware threats, this will not resolve risks. Information also detailed in https://www.bitdefender.com/business/support/en/77209-36453-scanning-for-malware.html#UUID-ab248b18-41d7-924c-a91b-fdc28dd2b2e3
If you want to mitigate the risks from the Risk Management Dashboard, you will have to run a Risk Scan.
More details about Indicators of Risks are available here: https://www.bitdefender.com/business/support/en/77209-101643-ior.html#UUID-4d42967e-265e-843f-a750-aa4170ca1df2
This document provides the steps to configure a Risk scan task: https://www.bitdefender.com/business/support/en/77209-155163-running-tasks-on-endpoints.html#UUID-c378456d-09cb-389e-f958-8dafebc10021
3. Similar to my previous answer, you will need to run again a Risk Scan and check if it shows as resolved.
One note to keep in mind when it comes to Misconfigurations, the dashboard will provide recommendations so not every recommendation may be applicable for your network.
If after running the Risk Scan you still see that the risk is not mitigated although you have taken all the appropriate steps please reach out to our Enterprise Support team (@bitsy email address is for Consumer products) using any of the channels available here: https://www.bitdefender.com/business/support/en/71263-85158-contact.html
Kind Regards,
1 -
1.Are you sure agent uninstalls Defender and not just turning it off?
1b. Well if doesn t import any rules and in the default Firewall policy of yours there aren’t any rules for sql program /server or ports, then how our program still plays when it needs specific sql ports to be allowed? I can’t get it.
I know I could manually set rules but I want first to comprehend how it works by default.
2.Exactly. As about the Risk Scan which is inside the policy that has been applied to the client, I run it manually after the fullscan by changing the time in order to scan after the fullscan. Still the same thing and to be specific, it keeps mentioning an old version of 7-zip (talking about apps) which has been unstilled (doubled checked also at registry level), the pc restarted, installed a new version of 7zip, run a full scan and then from Gravity a Risk scan (By the way during risk scan I have no pop up notifications that it is taking place at that time). After all the above, going to Risk Management and searching for the specific device, shows that uninstalled app (7zip), as risk again (with the old version number).
3. Except from the similarity of the issue with the above one, I don t know if by just pressing Fix Misconfiguration, Gravity has the ability to change client’s GPO or registry since that would require admin privileges. So how does it do it?
Thank you for your time and quick responses.
PS: BEST? BitDefender Enterprise Security T?
0 -
- Sorry for my bad wording, you are right, it deactivates it.
1b . In the policy applied on the endpoint you can check the Firewall settings -> Adapters to see how permissive your network settings are: https://www.bitdefender.com/business/support/en/77212-342961-settings.html#UUID-2ebd7ca2-9cb8-e851-0713-ad8bf5[…]omputers.firewall.settings.adapters
Also you might have some rules set there which need to be verified that allows your SQL traffic.
This can be checked here: https://www.bitdefender.com/business/support/en/77211-342962-rules.html#UUID-33c9512d-ada1-e683-1fcd-20f65bfe6cb8_policies.computers.firewall.advanced.settings
All these settings can impact what types of traffic is allowed or blocked.
2. We need to see exactly what is happening in your specific case so it is required to be investigated by support. In general issue should be resolved after these steps but it might be something else that need to be verified in the logs or in a remote session.
3.Some will be resolved from the Fix Misconfiguration button while for others you will be required to resolve them manually.
BEST is short for Bitdefender Endpoint Security Tools :)
Kind Regards,
1 -
I think i m covered for now.
- Security Risk scan from within the policy, was the key point for console to see the changes.
- Firewall->Settings->Adapters: are set (by default) to Home / Office for Wired, which means allowed traffic within the same network. Maybe that s why I don t have to set again the same rules as in Defender on the console.
Thank you for being so informative.!!
1
