Skip to main content

Using the Power User module

Overview

Enabling the Power User module in BEST allows you to use it for troubleshooting purposes.

The Power User module requires a password to successfully send specific commands. However, a password is not required to interact with the GravityZone Control Center, to query the status of features or other generic commands.

Note

Starting with version 7.9.13.423, the Power User GUI module is available only for endpoints that use Windows 10 and higher and Windows Server 2016 and higher.

Power User CLI

Starting with BEST version 7.9.9.367, the Power User module will also be available through the Command Line Interface (CLI).

This change brings the following improvements:

  • Reduces the disk size of the installed product.

  • Eliminates the Chromium dependency.

  • Updates and maintains Power User settings with the latest features available in GravityZone.

Important

The new Power User CLI module will replace the current Power User GUI version starting with a future release of BEST. The Power User GUI module will remain functional and unchanged until then.

Starting with BEST version 7.9.10.387, the CLI version of the module is now the default option when selecting Power User from the system tray. The GUI version can still be accessed through the EPPowerConsole.exe file.

Power User CLI changes

The following table lists the differences between the GUI and CLI versions of the Power User module:

Current functionalities that will be discontinued

New functionalities available with the CLI version

Some functionalities of the product features handled by Power User can no longer be modified using the CLI version:

  • Antimalware and ATC policy settings can no longer be modified.

  • Firewall settings for ICS, port scans, Wi-Fi monitoring can no longer be modified.

  • Features under the Network Protection suite can no longer be modified.

  • Content Control policy settings can no longer be modified.

  • Device Control policy settings can no longer be modified.

Power User is now available for ARM64 architecture processors.

Power User exclusively disables or enables features, and queries their current status.

The following features can now be enabled or disabled:

  • Antimalware On-Access Scanning

  • Firewall

  • Advanced Threat Control

  • Live Search

  • Integrity Monitoring

  • Command Line Scanner

  • Sandbox Analyzer

  • Advanced Anti-Exploit

  • Ransomware Mitigation

  • Risk Management

  • Incidents Sensor

  • Network Protection

  • Device Control

  • HyperDetect

You can add or remove exclusions for the following features:

  • ATC

  • Antimalware

  • Ransomware Mitigation

  • Network Protection

Note

Power User CLI can be installed, enabled, managed and changes can be reverted just like the GUI version. To access and to use the CLI version, refer to Access Power User and Power User CLI commands.

Install Power User

The default installation kit does not include the Power User module. You need to configure the installation package and add the module to it.

New Installation

To install BEST along with the Power User module, follow these steps:

  1. To configure the packages, you must:

    1. Log in to GravityZone Control Center.

    2. Go to the Network page from the left side menu and click on the Packages section.

    3. Click the Add button. A configuration window is doing to be displayed.

    4. Complete the fields with the necessary information.

    5. Select Power User along with all other modules that you want to install.

    6. Save your changes.

  2. Install BEST locally or remotely:

    Once you have created the package you can download and run it on your endpoint, or you can install BEST remotely. For more information about this, refer to Install security agents - standard procedure.

Existing Installation

To add the Power User module when BEST is installed on the endpoint, follow these steps:

  1. Log in to the GravityZone Control Center.

  2. Go to the Network page from the left side menu.

  3. Select the group that you want from the left-side pane. All endpoints from the selected container are displayed in the right-side table.

  4. Select the endpoints where you want to install the module.

  5. Right-click on the endpoint or group of endpoints, and go to Tasks > Reconfigure agent.

    reconfigure_agent_68218.png
  6. Select Power User and any other modules you want to install.

    Note

    For more information on using the Reconfigure agent task, refer to Reconfigure agent.

  7. Click Save.

Enable Power User

Once the module is installed on the machine, follow these steps:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Select the applied policy or the one that you want to apply on your endpoints.

  4. Go to General and click Settings.

  5. Select the Power User check box.

  6. Set a password.

  7. Click the Save button.

  8. Apply the policy, if it was not applied previously.

    power_user_policy_68218.png

Access Power User

To access the Power User CLI module, follow these steps:

  1. Right-click the BEST system tray icon.

    access_power_user_68218.png
  2. Select Power User from the contextual menu.

  3. Run any of the commands listed in the Power User CLI commands section. Some commands may require the Power User password.

To access the Power User GUI module, follow these steps:

  1. Go to c:\Program Files\Bitdefender\Endpoint Security or to the folder where BEST was installed.

  2. Find and double-click the EPPowerConsole executable.

  3. Enter the password in the login window. The Power User window is displayed. Here you can view the policy settings.

  4. Modify the policy settings you are interested in. For more information, refer to Security management.

You can also use Command Prompt or Power Shell to access the Power User CLI module. For more information about this, refer to Individual Power User commands.

Manage Power User

To easily find endpoints with policies modified using the Power User mode, use one of the methods below:

Apply filters

  1. Log in to the GravityZone Control Center.

  2. Go to the Network page from the left side menu.

  3. Go to Filters menu and click the Policy section.

  4. Select the Edited by Power User option.

  5. Save your changes.

Check the endpoint

  1. Log in to the GravityZone Control Center.

  2. Go to the Network page from the left side menu.

  3. Click the endpoint you are interested in.

  4. In the Information window, click the Policy section.

If you have modified the policy in Power User mode, a notification is displayed.

Revert the changes made with Power User

To revert the changes made in Power User mode, use one of the following:

Save the applied policy again

  1. Log in to the GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Open the policy template assigned to the endpoint with Power User rights.

  4. Click Save.

The original settings are reapplied to the target endpoint.

Assign a new policy

  1. Log in to the GravityZone Control Center.

  2. Go to the Network page from the left side menu.

  3. Right-click the endpoint with Power User rights.

  4. Select the Assign Policy option.

  5. Select a different policy.

  6. Click the Finish button.

Reset settings from BEST interface

  1. Right-click the system tray icon of BEST and select Power User.

  2. Log in to the Power User console.

  3. Click Reset.

Use the Power User CLI module

The Power User module is now managed using the Product Console. All commands are available only for installed features and can be executed the following way:

  • Using an interactive Product Console session.

  • Using individual commands.

Interactive Product Console session

A Product Console interactive session can be started by launching a Product Console session without any arguments. During the interactive session, the Power User module can receive and process as many commands as you want.

During an interactive session, you will be prompted to enter the Power Userpassword only one time. All commands used afterwards will not require a password.

If the password you have entered is incorrect, the command will not to be executed. If 5 consecutive incorrect passwords are entered, there will be a timeout of 5 minutes in which no commands can be executed.

Note

If the Power User password is changed during an interactive session, the new password will be requested for the next command.

power_user_interactive_password_68218.png

Individual Power User commands

Any Power User command can also be individually sent as an argument to the Product Console session, using Command Prompt or Power Shell.

Note

Power User CLI commands are not case-sensitive.

The syntax is as follows:

product.console.exe /c <PowerUser command>

You will be prompted to enter the Power User password and the Product Console is going to perform the command only if the password is correct. The Product Console session will be terminated once the command is executed, regardless of its outcome.

power_user_individual_password_68218.png

You can also send the password as an additional argument, using the following syntax:

product.console.exe /c <PowerUser command> Password: "<password>"

Note

Make sure that the password is set in quotation marks.

power_user_individual_password_full_68218.png

Power User CLI commands

Note

Power User CLI commands are not case-sensitive.

PowerUser help

power_user_help_new_68218.png

This command lists all the available Power User commands based on your installed features.

Note

You can enable, disable or query Network Protection, if you have at least one feature installed from the Network Protection suite.

<Feature> enable or <Feature> disable

These commands either enable or disable the selected feature.

PowerUser enable all or PowerUser disable all

These commands enable or disable all features that can be modified in Power User.

PowerUser reset, PowerUser reset t, and PowerUser reset time

This command resets all changes performed through the Power User module by re-applying the most recent GravityZone policy.

The t or time optional parameters are used to set the the number of minutes until the policy is reapplied.

For example, if you want Power User to reset after 10 minutes, you muse use the following command: PowerUser reset t=10

<Feature> get config

This command showcases the status of the selected feature.

Note

This command will display statuses only for installed features.

PowerUser get settings

This command returns an overview of all available features, along with their statuses and exclusions (if available).

power_user_get_settings_new_68218_.png

Advanced Threat Control exclusions

The following commands can be used for ATC exclusions:

  • AdvancedThreatControl exclusions list

  • AdvancedThreatControl exclusions add [folder=<folder path>] [process=<process file path>] [cmdline=<command string>] [sha256=<string value>] [threatName=<string name>]

  • AdvancedThreatControl exclusions remove [folder=<folder path>] [process=<process file path>] [cmdline=<command string>] [sha256=<string value>] [threatName=<string name>]

Note

You can only add or remove one exclusion per command. You can also select and copy the exclusions found in Power User and paste them into the add or remove commands.

Antimalware On-access exclusions

The following commands can be used for Antimalware On-access scan exclusions:

  • AntimalwareOnAccess exclusions list

  • AntimalwareOnAccess exclusions add [file=<file path>] [folder=<folder path>] [extension=<extension type>] [process=<process file path>] [cmdline=<command string>] [sha256=<string value>] [thumbprint=<string value>] [threatName=<string name>]

  • AntimalwareOnAccess exclusions remove [file=<file path>] [folder=<folder path>] [extension=<extension type>] [process=<process file path>] [cmdline=<command string>] [sha256=<string value>] [thumbprint=<string value>] [threatName=<string name>]

Note

You can only add or remove one exclusion per command. You can also select and copy the exclusions found in Power User and paste them into the add or remove commands.

Ransomware Mitigation exclusions

The following commands can be used for Ransomware Mitigation exclusions:

  • RansomwareMitigations exclusions list

  • RansomwareMitigations exclusions add [folder=<folder path>] [process=<process file path>] [remoteIP=<IP address or IP address/mask>]

  • RansomwareMitigations exclusions remove [folder=<folder path>] [process=<process file path>] [remoteIP=<IP address or IP address/mask>]

Note

You can only add or remove one exclusion per command. You can also select and copy the exclusions found in Power User and paste them into the add or remove commands.

Network Protection exclusions

The following commands can be used for Network Protection exclusions:

  • NetworkProtection exclusions list

  • NetworkProtection exclusions add [ips=<ip address>] [urls=<url>] [apps=<app file>]

  • NetworkProtection exclusions remove [ips=<ip adderss>] [urls=<url>] [apps=<app file>]

Note

You can only set one value per exclusion and one exclusion per command. You can also select and copy the exclusions found in Power User and paste them into the add or remove commands.

Power User suggestions

The module also offers suggestions when a command is incorrect or incomplete.

power_user_suggestions_new_68218.png

Note

Your insights and suggestions play an important role in helping us enhance and refine the new Power User CLI module. Let us know what you think.