Feature dependencies

This article provides you with a basic checklist for what a feature requires to function on a specific endpoint.

For monthly subscription licenses

The columns present the following information:

Feature - The name of the feature.
Policy activation – Indicates where you can go to check if the feature is activated on any given policy.
Tip
To check what policy is applied on a specific endpoint you can go to the Network page from the left side menu from the left side menu, display the endpoint details, and view the information in the Policy tab.
You can run a Policy Compliance report to view what policies are deployed on a list of selected endpoints.
Modules needed to be deployed on the endpoint – This column specifies if the feature requires any specific module to be deployed on endpoints for the feature to function.
Licensing requirements for monthly subscription users – Indicates if the feature is included in the core protection, or if it requires additional add-ons or services to be enabled for a company.
Additional dependencies – Includes any other requirements that do not fit into the above categories.

Feature	Policy activation	Modules needed to be deployed on the endpoint	Licensing requirements for monthly subscription users	Additional dependencies
Antimalware	You can enable the feature from the Antimalware > On-access > On-access Scanning setting.	Antimalware	Included in core protection.	The feature provides further functionality that can be enabled from the Antimalware > Settings page, in the the policy applied to the endpoint.
Advanced Anti-Exploit	You can enable the feature from the Antimalware > Advanced Anti-Exploit > Advanced Anti-Exploit setting.	Advanced Anti-Exploit	Included in core protection.	The feature provides further functionality that can be enabled from the Antimalware > Settings page, in the the policy applied to the endpoint.
Advanced Threat Control	You can enable the feature from the Antimalware > On-execute > Advanced Threat Control setting.	Advanced Threat Control	Included in core protection.	The feature provides further functionality that can be enabled from the Antimalware > Settings page, in the the policy applied to the endpoint.
EDR	You can enable the feature from the Incident Sensor > Incident Sensor setting.	EDR Sensor	Requires the EDR add-on to be enabled for the company's own use. Note To enable the EDR add-on, the company must also have the Advanced Threat Security, HyperDetect, and Sandbox Analyzer features enabled.	N/A
Fileless Attack Protection *	You can enable the feature from the Antimalware > On-execute > Fileless Attack Protection setting.	Antimalware	Requires the Advanced Threat Security add-on to be enabled for the company's own use.	The feature provides further functionality that can be enabled from the following settings in the the policy applied to the endpoint. The Antimalware > Settings page. The Antimalware > On-execute > Fileless Attack Protection page, from the Command-Line Scanner and Antimalware Scan Interface Security Provider settings.
Firewall	You can enable the feature from the Firewall > Firewall setting. Note If using an installation package created prior to the release of the Firewall feature on Windows Servers, activating the feature in the applied policy will have no effect on the endpoint.	Firewall	Included in core protection.	N/A
HyperDetect	You can enable the feature from the Antimalware > Hyper Detect > Hyper Detect setting.	Antimalware	Requires the Advanced Threat Security and HyperDetect add-ons to be enabled for the company's own use.	N/A
Network Attack Defense	You can enable the feature from the Network Protection > General > Network Protection setting.	Network Protection > Network Attack Defense	Included in core protection.	N/A
eXtended Detection and Response	You can enable the feature from the Incident Sensor > Incident Sensor setting.	EDR Sensor	Requires the eXtended Detection and Response add-on and at least one of the sensor add-ons need to be enabled for the company: Required add-ons Identity ProvidersIdentity Providers - Allows integration with the Active Directory sensor, the Azure AD sensor (Entra ID), and the Microsoft Intune sensor. Productivity apps - Allows integration with the Office 365 sensors (Email and Management Audit) and the Google Workspace sensor. Network - Allows integration with the Network sensor. Cloud workloads - Allows integration with the AWS sensor, the Azure Cloud sensor, and the Google Cloud Platform sensor. Mobile Security - Allows integration with the Security for Mobile sensor.	Sensors need to be added from the Configuration > Sensors Management page. The following prerequisites must be met on the domain where the endpoints are located: All domain controllers must have the BEST agent installed with the EDR Sensor module included. All domain controllers must have a policy assigned that has the EDR feature enabled under the Incident Sensor page. The following settings must be set in Active Directory: With the exception of Global Object Access Auditing policies, all group policies in Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies must be set to audit all login events.
Content Control	You can enable the feature from the Network Protection > General > Network Protection setting.	Network Protection > Content Control	Included in core protection.	The feature provides additional functionality that you can enable and configure from the Network Protection > Content Control policy page.
Device Control	You can enable the feature from the Device Control > Device Control setting.	Device Control	Included in core protection.	N/A
Endpoint Risk Analytics	You can enable the feature from the Risk Management > Risk Management setting.	This feature requires BEST to be installed on endpoints, but does not require any particular module to be deployed.	Included in core protection.	N/A
Full Disk Encryption	You can enable the feature from the Encryption > General > Encryption Management page.	Encryption	Requires the Full Disk Encryption add-on to be enabled for the company.	N/A
Integrity Monitoring	You can enable the feature from the Integrity Monitoring > Real time > Enable real-time monitoring setting.	Integrity Monitoring	Requires the Integrity Monitoring add-on to be enabled for the company.	Requires a rule set to be created and added to the applied policy.
Patch Management	This feature does not require policy activation.	Patch Management	Requires the Patch Management add-on to be enabled for the company.	Requires maintenance windows to be created from the Policies > Configuration Profiles page and assigned to the policy installed on the endpoint..
Security for Exchange **	This feature does not require policy activation.	Exchange protection	Requires the Security for Exchange add-on to be enabled for the company.	Requires User Groups to be created and configured for the policy.
Sandbox Analyzer - console submissions	This feature does not require policy activation.	This feature works independently of endpoints.	Requires the Advanced Threat Security > Sandbox Analyzer add-on to be enabled for the company.	N/A
Sandbox Analyzer - endpoint submissions	You can enable the feature from the Sandbox Analyzer > Endpoint Sensor section, by selecting the Automatic sample submission from managed endpoints check box.	This feature requires the BEST agent to be installed on an endpoint, but does not require any specific module to be deployed.	Requires the Advanced Threat Security > Sandbox Analyzer add-on to be enabled for the company.	N/A
Email Security	This feature does not require policy activation.	This feature works independently of endpoints.	Requires the Email Security add-on to be enabled for the company.	N/A
GravityZone Security for Containers	This feature does not require policy activation.	Container Protection Advanced Anti-Exploit EDR	Requires the Container Protection add-on to be enabled for the company.	Requires the following options to be enabled in the policy applied to the endpoint: Antimalware > On-Access > On-access scanning Antimalware > Advanced Anti-Exploit > Advanced Anti-Exploit Incident Sensor > Incident Sensor
Mobile Security	This feature does not require policy activation.	This feature only works with mobile devices, which use the Bitdefender GravityZone MTD agent.	Requires the Mobile Security add-on to be enabled for the company.	N/A
Ransomware Mitigation	You can enable the feature from the Antimalware > On-Execute > Ransomware Mitigation setting.	Antimalware Advanced Threat Control	Included in core protection.	Requires the following options to be enabled in the policy applied to the endpoint: Antimalware > On-Execute > Advanced Threat Control Antimalware > On-Access > On access-Scanning Requires the installation package used to install the security agent on the endpoint to have the Detection and prevention mode selected. The feature provides further functionality that can be enabled from the Antimalware > Settings and Antimalware > Security Servers pages, in the the policy applied to the endpoint.
Web Traffic Scan	You can enable the feature from the Network Protection > Web Protection > Web Traffic Scan setting.	Network Protection > Web Traffic Scan	Included in core protection.	Requires the following option to be enabled in the policy applied to the endpoint: Network Protection > General > Intercept Encrypted Traffic & Scan HTTPS.

* Workstations only

** Servers only

For yearly licenses

The columns present the following information:

Feature - The name of the feature.
Policy activation – Indicates where you can go to check if the feature is activated on any given policy.
Click on the Default Bitdefender policy to check if the feature is activated by default in the policy that is automatically available for new companies.
Tip
To check what policy is applied on a specific endpoint you can go to the Network page from the left side menu, display the endpoint details, and view the information in the Policy tab.
You can run a Policy Compliance report to view what policies are deployed on a list of selected endpoints.
Is the feature enabled in the default GravityZoneCloud policy - Indicates if the feature is activated by default in the policy that is automatically available for new companies.
Warning
The default license your company is using might be different.
Modules deployed on endpoint – This column specifies if the feature requires any specific module to be deployed on endpoints for the feature to function.
Additional dependencies – Includes any other requirements that do not fit into the above categories.

Tip

Refer to this article to see if any specific feature is included in your license.

Feature	Policy activation	Enabled in the default policy	Modules needed to be deployed on the endpoint	Additional dependencies
Antimalware	You can enable the feature from the Antimalware > On-access > On-access Scanning setting.	Enabled by default	Antimalware	The feature provides further functionality that can be enabled from the Antimalware page, in the the policy applied to the endpoint.
Advanced Anti-Exploit	You can enable the feature from the Antimalware > Advanced Anti-Exploit > Advanced Anti-Exploit setting.	Enabled by default	Advanced Anti-Exploit	The feature provides further functionality that can be enabled from the Antimalware > Settings page, in the the policy applied to the endpoint.
Advanced Threat Control	You can enable the feature from the Antimalware > On-execute > Advanced Threat Control setting.	Enabled by default	Advanced Threat Control	The feature provides further functionality that can be enabled from the Antimalware > Settings page, in the the policy applied to the endpoint.
EDR	You can enable the feature from the Incident Sensor > Incident Sensor setting.	Not enabled by default	EDR Sensor	N/A
Fileless Attack Protection	You can enable the feature from the Antimalware > On-execute > Fileless Attack Protection setting.	Enabled by default	Antimalware	The feature provides further functionality that can be enabled from the following settings in the the policy applied to the endpoint. The Antimalware > Settings page. The Antimalware > On-execute > Fileless Attack Protection page, from the Command-Line Scanner and Antimalware Scan Interface Security Provider settings.
Firewall	You can enable the feature from the Firewall > Firewall setting. Note If using an installation package created prior to the release of the Firewall feature on Windows Servers, activating the feature in the applied policy will have no effect on the endpoint.	Enabled by default	Firewall	N/A
HyperDetect	You can enable the feature from the Antimalware > Hyper Detect > Hyper Detect setting.	Enabled by default	Antimalware	N/A
Network Attack Defense	You can enable the feature from the Network Protection > General > Network Protection setting.	Enabled by default	Network Protection > Network Attack Defense	N/A
eXtended Detection and Response	You can enable the feature from the Incident Sensor > Incident Sensor setting.	Not enabled by default	EDR Sensor	Sensors need to be added from the Configuration > Sensors Management page. The following prerequisites must be met on the domain where the endpoints are located: All domain controllers must have the BEST agent installed with the EDR Sensor module included. All domain controllers must have a policy assigned that has the EDR feature enabled under the Incident Sensor page. The following settings must be set in Active Directory: With the exception of Global Object Access Auditing policies, all group policies in Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies must be set to audit all login events. Each sensor requires a specific license: Required licenses Bitdefender XDR Sensor - Identity - Allows integration with the Active Directory sensor, the Azure AD sensor (Entra ID), and the Microsoft Intune sensor. Bitdefender XDR Sensor - Productivity - Allows integration with the Office 365 sensors (Email and Management Audit) and the Google Workspace sensor. Bitdefender XDR Sensor - Network - Allows integration with the Network sensor. Bitdefender XDR Sensor - Cloud - Allows integration with the AWS sensor, the Azure Cloud sensor, and the Google Cloud Platform sensor. GravityZone Security for Mobile - Allows integration with the Security for Mobile sensor. GravityZone CSPM+ -Allows integration with the CSPM+, AWS, Azure Cloud, and Google Cloud Platform sensors.
Content Control	You can enable the feature from the Network Protection > General > Network Protection setting.	Enabled by default	Network Protection > Content Control	The feature provides additional functionality that you can enable and configure from the Network Protection > Content Control policy page.
Device Control	You can enable the feature from the Device Control > Device Control setting.	Not enabled by default	Device Control	N/A
Endpoint Risk Analytics	You can enable the feature from the Risk Management > Risk Management setting.	Not enabled by default	This feature requires BEST to be installed on endpoints, but does not require any particular module to be deployed.	N/A
Full Disk Encryption	You can enable the feature from the Encryption > General > Encryption Management page.	Not enabled by default	Encryption	N/A
Integrity Monitoring	You can enable the feature from the Integrity Monitoring > Real time > Enable real-time monitoring setting.	Not enabled by default	Integrity Monitoring	Requires a rule set to be created and added to the applied policy.
Patch Management	This feature does not require policy activation.	N/A	Patch Management	Requires maintenance windows to be created from the Policies > Configuration Profiles page and assigned to the policy installed on the endpoint..
Security for Exchange	This feature does not require policy activation.	N/A	Exchange Protection	Requires User Groups to be created and configured for the policy.
Sandbox Analyzer - console submissions	This feature does not require policy activation.	N/A	This feature works independently of endpoints.	N/A
Sandbox Analyzer - endpoint submissions	You can enable the feature from the Sandbox Analyzer > Endpoint Sensor section, by selecting the Automatic sample submission from managed endpoints check box.	Not enabled by default	This feature requires the BEST agent to be installed on an endpoint, but does not require any specific module to be deployed.	N/A
Email Security	This feature does not require policy activation.	N/A	This feature works independently of endpoints.	N/A
GravityZone Security for Containers	This feature does not require policy activation.	N/A	Container Protection Advanced Anti-Exploit EDR	Requires the following options to be enabled in the policy applied to the endpoint: Antimalware > On-Access > On-access scanning Antimalware > Advanced Anti-Exploit > Advanced Anti-Exploit Incident Sensor > Incident Sensor
Mobile Security	This feature does not require policy activation.	N/A	This feature only works with mobile devices, which use the Bitdefender GravityZone MTD agent.	N/A
Ransomware Mitigation	You can enable the feature from the Antimalware > On-Execute > Ransomware Mitigation setting.	Not enabled by default	Antimalware Advanced Threat Control	Requires the following options to be enabled in the policy applied to the endpoint: Antimalware > On-Execute > Advanced Threat Control Antimalware > On-Access > On access-Scanning Requires the installation package used to install the security agent on the endpoint to have the Detection and prevention mode selected. The feature provides further functionality that can be enabled from the Antimalware > Settings and Antimalware > Security Servers pages, in the the policy applied to the endpoint.
Web Traffic Scan	You can enable the feature from the Network Protection > Web Protection > Web Traffic Scan setting.	Enabled by default	Network Protection > Web Traffic Scan	Requires the following option to be enabled in the policy applied to the endpoint: Network Protection > General > Intercept Encrypted Traffic & Scan HTTPS.

How to check the requirements

To make sure your company and endpoints meet all the requirements for a specific feature to function, follow the steps below:

Check the information above to identify the feature requirements.
Check your company's license:
1. Click on the drop down button on the upper right side of the screen and select My Company.
2. Go to the Licensing tab and check that your license include access to the feature:
  - For yearly licenses - Check the License usage details section to make sure you have access to the feature. You can see what features each license includes by checking the Features by product.
    If your licenses do not have access to the feature, you can either replace your main license, or add an add-on.
  - For monthly subscriptions - Click the View monthly usage report button and check the Monthly Usage report to make sure make sure that the feature does not have a Not enabled status.
    If the feature is enabled for your company, contact your Partner.
3. Go to the Reports page from the left side menu and check what policies are applied to your endpoints by running a Policy compliance report.
  Alternatively, you can go to the Network page from the left side menu and clicking on the endpoint you want to check to display the View endpoint details window. The information is available under the Policy tab.
4. Go to the Policies page from the left side menu, click on the policy you want to check, and make sure it meets all feature requirements.
5. Check any other requirements listed in the Additional dependencies column.
6. Go to the Feature specific deployment guides page. There are multiple feature specific guides available that have in depth information on how to install, configure, and test out a specific feature.

In this section:

Feature dependencies

For monthly subscription licenses

Tip

Note

Note

For yearly licenses

Tip

Warning

Tip

Note

How to check the requirements

Search results