Bitdefender Endpoint Security Tools for Linux

Security fixes

Security fixes

Resolved an issue causing increased CPU usage on Red Hat Enterprise endpoints running with the EDR Sensor module installed.

Security fixes

Added support for the Pop!OS operating system with kernel version 6.6.6-76060606-generic.

You can now properly install and use the Patch Management module on endpoints with SUSE Linux Enterprise Server 15 SP5.

Malware detections on virtual machines are now properly transmitted and displayed under Incidents, Threats Xplorer, Executive summary and the Security audit report. The issue sometimes occurred when Container Protection was not installed on the machine.

Resolved an issue causing Malware Status reports to be displayed under Scan Logs when viewing endpoint details from the Network page.

Fixed an issue causing scans to add folder and subfolder paths to scan lists despite being excluded in the policy applied to the endpoint. This was causing increased RAM usage.

Security fixes

Stability fixes.

Security and stability fixes.

Incidents are now created when Integrity Monitoring rules with the critical severity level are triggered.

BEST for Linux is now limited at using 50% of an endpoint's CPU usage when performing On-Demand scans with low priority.

The Paused/Suspended, and Stopped statuses are now available for container endpoints when displayed in the the GravityZone console.

BEST for Linux is now compatible with the following distributions:

You can now use ** wild card exclusions for On-Access scans. The feature works for both files and folders.

BEST for Linux now properly identifies Amazon Web Service EC2 with IMDSV2 when deployed with the automatic scan mode.

On-Access scans that run on container hosts with BEST for Linux deployed with Container protection now exclude folders where container engines unpack image layers and mount overlay file systems.

Fixed an issue where Docker container namespaces were still protected by BEST for Linux after the container was removed.

Incidents now show the correct action taken for events where items were quarantined as a result of a malware detection.

Resolved an issue causing some security updates to fail when performed through a Relay.

Resolved an issue causing some log files to be mistakenly generated in the "/" directory during security updates.

Security fixes

Security fixes

Added support for upcoming features available with the next major GravityZone release.

The Network Attack Defense module no longer blocks SSH connections with other endpoints.

Custom detection rules that have a Parent Name matching criteria with a wildcard currently do not work.

The Antimalware feature does not currently work on CentOS 7 operating systems using ARM architectures (aarch64).

Added support for upcoming features available with the next major GravityZone release.

The Network Attack Defense module no longer blocks SSH connections with other endpoints.

Custom detection rules that have a Parent Name matching criteria with a wildcard currently do not work.

The Antimalware feature does not currently work on CentOS 7 operating systems using ARM architectures (aarch64).

Security fixes

You can now upload and download files when using the Remote Shell feature on Linux endpoints. Learn more

You can now cancel any ongoing or pending file transfers resulted from the use of the Remote Shell feature.

The Delete all button is now available: all the entries will be removed from the Investigation grid and all pending or ongoing downloads will be canceled.

BEST for Linux v7 is now compatible with the following distributions:

BEST for Linux us now compatible with ARM architecture (aarch64).

The curl table used by the Live Search feature is now disabled on endpoints with BEST for Linux installed. This was done to protect against exploits involving lateral movement attacks.

Added the efivar library in BEST for Linux packages, covered under GNU Lesser General Public License, version 2.1.

Removed support for several DazukoFS module kernel archives. The following archives are still supported:

Updated the OpenSSL library to version 1.1.1u.

Updated libssh library to version 0.10.5.

Endpoints using the Network Attack Defense feature now use the netfilter conntrack helper component to avoid routing all ports for FTP connections.

Network Attack Defense no longer blocks access to the Oracle MySQL Workbench 8.0.29 database when deployed with BEST for Linux.

Resolved an issue causing File, Folder or Process scanning exclusions to not include subfolders when a / is added at the end of the folder path.

Launching BEST for Linux now properly cleans Bitdefender AuditD rules at startup.

Downloading an installation kit on a relay now properly removes older kits from the endpoint. An issue was causing the maximum number of kits that are allowed on a relay endpoint to be exceeded by 1.

Fixed an issue causing endpoints with BEST for Linux to display the Connection to the Cloud services cannot be established notification, despite it being disabled from the policy applied on the endpoint. The setting can be found under General > Notifications > Endpoint Issues Visibility > Modular Settings > Cloud Services notifications.

Endpoints with BEST for Linux installed are no longer connecting directly to the GravityZone cloud services despite them being configured to connect through a proxy.

On-demand scans are no longer interrupted when performed on archives larger than 4 GB.

Fixed an issue which could lead to potential deadlocks within the EDR module.

BEST for Linux now stops querying update servers once a connection is established.

Fixed an issue causing BEST for Linux updates to fail, returning error 403.

Failed product updates now properly fall back to the next available update server.

Removed support for Patch Management for the following distributions:

Decrypting documents downloaded from Remote shell sessions returns an error (decryption forced to fail!), despite the decryption being successful.

BEST for Linux sometimes fails to start after the endpoint where it is deployed is upgraded from init.d to systemd. To resolve this issue refer to this article.

Remote shell sessions are currently not displaying certain special characters.

Moving to the /opt/bitdefender-security-tools/ directory during a remote shell session incorrectly returns error 123 instead of error 313.

Trying to use a read-only network mount as an upload path during a remote shell session incorrectly returns error 0 instead of error 5 - access denied.

BEST updates no longer refresh update repositories on SLES operating systems.

Fixed an issue causing BEST to mount NFS shares as a result of on-demand scans.

Updating BEST no longer restores NAD module script execution rights to default.

On-demand scans that run with low priority now only use half of available endpoint resources.

BEST for Linux is now compatible with the PopOS and Amazon Linux 2023 distributions.

KProbes now support security content update rings.

You can now use On-Access scanning for files in the root (/) directory on containers protected by BEST.

The Support Tool now gathers additional logs.

You can now use the Support Tool with Bitdefender Security for Containers.

Added support for upcoming features available with the next major GravityZone release.

Security containers are now deployed in a dedicated namespace on Kubernetes: bitdefender-security-container.

Security containers now use a dedicated Kubernetes service account: bitdefender-security-container.

All RHEL and RHEL derivatives (for example, CentOS and Oracle) prior 6.10 are no longer supported.

Deploying Security Containers on OpenShift 4.12 and later environments using the Helm package manager is currently unsupported.

Fixed multiple compatibility issues between BEST for Linux and NFS mounts.

Security and stability fixes.

Endpoints with the Network Attack Defense module deployed are no longer experiencing connectivity issues.

Reconfigure client tasks configured with the Match List option no longer fail when the endpoints are communicating through a Relay.

Fixed an issue causing the Antimalware module to sometimes crash when performing On-access scan tasks.

Deploying BEST for Linux on endpoints not using the default package manager of their operating system no longer fails.

Outbound monitoring is now available for Network Attack Defense on Linux endpoints.

Added support for Oracle Linux 8 and Oracle Linux 9 5.15 kernel versions.

DNF is now the first choice package manager for YUM based operating systems when installing and updating BEST for Linux.

Reconfigure Client tasks with Match List option selected now properly execute for endpoints with a Linux Relay set as an update location. The tasks used to fail, returning a no suitable update server found error.

The EDR module no longer causes increased CPU usage when enabled.

Fixed an issue causing endpoints with BEST for Linux installed not to appear in the Active Directory tree.

Security fixes

Added support for upcoming features available with the next major GravityZone release.

KProbes are now available for Linux kernel 6.0.

Security fixes.

On demand scans are now available for autofs network shares.

Network Attack Defense now runs as a separate process. This will considerably improve stability.

The process exclusions from your GravityZone policies now apply to EDR events from endpoints with BEST for Linux installed.

You can now define assignment rules based on endpoint hostname.

Live Search now returns a limited amount of information to GravityZone from endpoints with BEST for Linux deployed. The total number of rows generated by the search is included in the response.

Fixed an issue causing Container Protection to only scan the first two levels of a file path.

Product updates on SLES 12.5 are no longer failing due to zypper license agreement.

Product updates now properly ignore global apt proxy settings.

Added support for additional Fedora kernels. Learn more

Security fixes

The Send feedback regarding security agents’ health and Use Bitdefender Global Protective Network to enhance protection policy options now also apply to endpoints with BEST for Linux deployed. You can find the options under General > Settings > Options when editing a policy.

EDR Custom Rules are now applicable on endpoints where BEST for Linux is deployed.

Installing BEST for Linux v7 on an endpoint no longer overwrites the locally configured OSQuery service.

Deploying BEST for Linux on an Amazon Linux Docker environment no longer causes an increased resource usage.

Fixed an issue that was affecting the communication between BEST for Linux and GravityZone due to an improper integration with Active Directory.

Deploying BEST for Linux on an Red Hat Enterprise environment no longer causes increase CPU usage.

Resolved a critical issue occurred after the last product update.

Fixed a configuration problem for BEST Relay.

Patch Management now supports Smart Scan on Linux.

Added support for Investigation packages for both BEST for Linux v7 and SDK.

BEST for Linux is now compatible with Linux Mint and Miracle Linux.

Deploying or updating BEST for Linux with EDR using Linux AuditD now automatically updates configuration files.

Added support for the Shut down computer when scan is finished option scan option.

Memory usage has been optimized when using system's AuditD.

EDR events generation has been optimized.

Added detection for the exploitation of the CVE-2022-0847 vulnerability.

Information on errors related to Patch Management is now available here.

Improved product description in Docker Hub.

BEST for Linux now detects Linux AD integrations.

Attempting to enable SSL on certain server types no longer causes an indefinite retry loop. This would also cause log files to be flooded with error messages.

Fixed issue causing high CPU usage on systems with BEST for Linux using AuditD.

Java applications no longer slow down after installing BEST for Linux on endpoints running on the RHEL 7 and RHEL 8 operating systems.

Using a script to write files in a high number simultaneously no longer causes high CPU utilization.

Resolved issue causing high CPU utilization when using EDR.

Custom Scan tasks no longer scan shared file paths when the Scan network share option is not selected.

Fixed issue causing On-Access scans to miss threats during performance tests.

CIFS and NFS protocols are no longer restricted for systems that use the Fanotify notification system.

Fixed issue causing On-Demand scan task reports to fail to register in logs.

On-Demand scan logs from endpoints with BEST for Linux v7 now appear properly in Control Center.

On-Access scanning does not detect threats in network paths mounted using Amazon EFS.