Gravity Zone buggy interface - management?

Hi

It's been 3 weeks now I ve purchased and installed the Security Business package.

Groups to contain identical devices have been created.

Policies have been created and agents has been installed to the devices we wanted.

Initial full scans have been issued.

After those scans gravity Zone Cloud GUI reported some misconfigurations, found for the devices along with app vulnerabilities and user behavior.

Questions goes as follows (already talked with Bit Defender's tech guys to no end):

1.I am trying to understand the way Bit Defender agent operates on client side. The reason I am asking is because in a machine running win10 pro (probably irrelevant), is installed an Sql Server instance and in order for a software we have to run, it needs specific (well known) sql ports to be excluded from Windows Defender with an inbound rule.

  Now I can t understand if during installation of Bit Defender agent it imports automatically all the rules from Windows Defender or not. 

1a) If it imports the rules, I can t find them anywhere both at client or Gravity Zone side.

1b) If not, then how our program (sql connected) still runs after installation of Bit Defender since those inbound rules haven t been imported or set?

 Knowing the way Bit Defender acts along with Windows Defender is crucial, since I need to install it in 2 Windows Servers afterwards and I have to troubleshoot many things that will stop working. Those above mentioned servers are already in a production level environment and i can t error n trial in order to assume how your product works.


2.Trying first to resolve the low risk issues, I m upgrading to the new versions of some common installed programs like 7zip / vlc /notepad++ which Bit Defender found as vulnerable. Problem is that even if I have uninstalled them (with special program and not by add/remove programs) and installed the new versions, having run full scan again and restarted the client, having let time pass in order for the fixes to send to the cloud console, it still mentions the smae issues as problems?

Why is that? What is the right order of things in order to have the most quick fixes even for this simple process?


3.Some of the misconfigurations found are part of local group policy settings. Problem is that applying a fix from cloud console to a specific client, although seems to have been completed successfully (from tasks) the specific fix at the client seems <<uncorrected>> (again full scans and restarts have been applied). For instance there was a possible issue with

<<<<<<<Remove Run this time button for outdated Active X (blah blah)

Verifies the local group policy Remove Run this time button for outdated ActiveX controls in Internet Explorer, located in Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.

MITIGATIONS / NETWORK ACTIONS

Set this policy to Enabled.>>>>>>>>>>>>>>>

After that fix if i go to the clients gpo at that path (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Remove Run this time button for outdated Active X (blah blah)), it still is displayed as unconfigurable.


All the above questions deflect to my lack of understanding teh basics of how the heck gravity Zone works. Documentation for the topics I care about isnt doing much, so I d like a more insight explanation from anyone could help or have delt with the above mentioned problems.


Thank you in advance.

Comments