Bitdefender Endpoint Security Tools for Windows

You can enable and disable all modules with one command.

You can set the number of minutes after which any changes made with Power User are reverted, and the GravityZone policy is reapplied.

You can add and remove exclusions for the following features: Antimalware On-access scanning, Advanced Threat Control, Ransomware Mitigation, and Network Protection.

Added support for removing the following incompatible products:

Added support for upcoming features available with the next major GravityZone release.

Fixed an issue that caused false positives when untrusted certificates ignored timeout errors during website validations.

Resolved an issue that caused excessive memory usage during the transfer of extremely large files.

Fixed an issue that caused the Bitdefender Endpoint Security Tools GUI to crash.

The issue with emails not being restored using Release to intended recipient has been fixed.

The Full Scan button in the status area is now working properly for security agents using French and German.

The issue that was causing security agent crashes has been fixed. It affected endpoints with product version 7.9.17.455, released on fast ring.

Fixed a crash during the update process. It affected endpoints with product version 7.9.11.412 or older.

You can enable and disable all modules with one command.

You can set the number of minutes after which any changes made with Power User are reverted, and the GravityZone policy is reapplied.

You can add and remove exclusions for the following features: Antimalware On-access scanning, Advanced Threat Control, Ransomware Mitigation, and Network Protection.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible products:

Fixed an issue that caused false positives when untrusted certificates ignored timeout errors during website validations.

Resolved an issue that caused excessive memory usage during the transfer of extremely large files.

Fixed an issue that caused the Bitdefender Endpoint Security Tools GUI to crash.

The issue with emails not being restored using Release to intended recipient has been fixed.

The Full Scan button in the status area is now working properly for security agents using French and German.

Added support for removing the incompatible security product Trellix Endpoint version 23.x.

BEST is now compatible with Windows 11 version 24H2.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks performed on endpoints with product versions between 7.9.4.313 and 7.9.5.318 require a reboot and are discarded afterwards. After rebooting the target endpoints, you need to run the Reconfigure agent tasks again.

Enhanced support for removing the following incompatible security products:

Added support for upcoming features available with the next major GravityZone release.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks performed on endpoints with product versions between 7.9.4.313 and 7.9.5.318 require a reboot and are discarded afterwards. After rebooting the target endpoints, you need to run the Reconfigure agent tasks again.

Enhanced support for removing the following incompatible security products:

Added support for upcoming features available with the next major GravityZone release.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks performed on endpoints with product versions between 7.9.4.313 and 7.9.5.318 require a reboot and are discarded afterwards. After rebooting the target endpoints, you need to run the Reconfigure agent tasks again.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.14.430, you must run a new Reconfigure agent task.

The issue that was causing security agent crashes has been fixed. It affected endpoints with product version 7.9.14.427, released on fast ring.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.14.428, you must run a new Reconfigure agent task.

Added support for Copilot+ PC endpoints.

Added support for upcoming features available with the next major GravityZone release.

The product installation no longer fails if the Security for Exchange module is not enabled.

The issue with emails not being restored from quarantine has been fixed.

The product installation no longer remains in progress after running a Reconfigure agent task. This issue occurred on Windows 11 systems.

The Relay agent is now completely removed using the Reconfigure agent task.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.14.427, you must run a new Reconfigure agent task.

The Power User GUI module is now available only for endpoints that use Windows 10 and higher and Windows Server 2016 and higher.

The Power User CLI module now offers suggestions when a command is incorrect or incomplete.

You can now submit raw events to both Bitdefender MDR and Security Information and Event Management (SIEM) servers.

You are now notified if the Boot-Start Driver Initialization Policy is set to Good only when installing the security agent using the local interface. This policy can cause critical errors (BSOD).

Added support for upcoming features available with the next major GravityZone release.

The module quarantined DOCX attachments despite the Attachment Filtering rule being set for executable files only.

Blacklisted email addresses managed to deliver messages even after they were added in the Connection Blacklist.

Addressed an issue where Advanced Threat Control caused critical errors (BSOD).

Created or modified files were not moved to quarantine according to active Integrity Monitoring rules.

In some situations, the EDR module caused high memory usage.

The communication between endpoints, and the Incidents server failed when using a Relay.

In some situations, the installation failed. This issue is no longer occurring.

In a particular scenario, the product installation failed on Windows Server 2022 endpoints. This issue affected endpoints with product version 7.9.11.412.

The product updates remained in progress and failed to install after scanning the system for vulnerabilities using Nessus.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.13.423, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Callback Evasion detections have been improved.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Implemented internal optimizations to enhance the performance of the security agent.

Product console commands, including Power User CLI, are no longer case-sensitive.

Added support for upcoming features available with the next major GravityZone release.

Addressed a specific scenario where the module caused critical errors (BSOD). The issue has been fixed.

The security agents could not connect to the Bitdefender Global Protective Network, when the communication was configured through Relay and the DNS was not configured.

The installation could not be completed during certain custom deployments. This issue has been fixed.

Resolved a cleanup issue in the ProgramData folder. This issue affected endpoints with product version 7.9.10.392.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.12.418, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Addressed a specific scenario where the module caused critical errors (BSOD). The issue has been fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.12.415, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Callback Evasion detections have been improved.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Product console commands, including Power User CLI, are no longer case-sensitive.

Added support for upcoming features available with the next major GravityZone release.

The security agents could not connect to the Bitdefender Global Protective Network, when the communication was configured through Relay and the DNS was not configured.

The installation could not be completed during certain custom deployments. This issue has been fixed.

Resolved a cleanup issue in the ProgramData folder. This issue affected endpoints with product version 7.9.10.392.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.12.414, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Addressed a scenario where the module caused critical errors (BSOD). The issue is now fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.412, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

In some cases, executable files added to the Blocklist could still be run. This issue has been fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.407, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

The module blocked a particular website even if it was added as an exclusion. This issue has been fixed.

The CLI version of the module displayed Ransomware Mitigation as disabled, even if it was enabled from the policy.

In some cases, endpoint users were incorrectly notified in Windows Action Center and in the local GUI that the product was out of date.

Advanced Threat Control displayed command line detections with additional spaces, leading to potentially incorrect exclusions.

The Education web category from Content Control was incorrectly translated.

The product installation failed when a reconfigure agent task was in progress, and another task started afterwards.

The security agent failed to install the latest product updates. This issue has been fixed.

In some cases, starting updates from the notifications displayed in the Windows Action Center caused the product update to fail with error 21.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.406, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

The module blocked a particular website even if it was added as an exclusion. This issue has been fixed.

The CLI version of the module displayed Ransomware Mitigation as disabled, even if it was enabled from the policy.

Advanced Threat Control displayed command line detections with additional spaces, leading to potentially incorrect exclusions.

The Education web category from Content Control was incorrectly translated.

The product installation failed when a reconfigure agent task was in progress, and another task started afterwards.

The security agent failed to install the latest product updates. This issue has been fixed.

In some cases, starting updates from the notifications displayed in the Windows Action Center caused the product update to fail with error 21.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.11.404, you must run a new Reconfigure agent task.

The Anti-tampering module has been removed from the local interface until it becomes available with the next major GravityZone update.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

Addressed an issue where the Firewall caused critical errors (BSOD) after updating to version 7.9.10.390.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.10.392, you must run a new Reconfigure agent task.

Added support for the new Anti-tampering feature that will be released with the next major GravityZone update. The module is disabled on endpoints at the moment with no impact on the current capabilities of the security agent.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Osquery has been upgraded to version 5.11.0.

The Command Line Interface (CLI) version of the module is now the default option when selecting Power User from the system tray. The GUI version can still be accessed through the EPPowerConsole.exe file.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and requires no action from your side.

You are now notified in the local interface when:

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

In some situations, applications blocked according to Application Blacklisting rules could still be accessed. This issue has been fixed.

In some cases, the security agent services stopped when product updates remained in progress.

In some cases, the security agent remained in an active state after the uninstall process finished causing system issues.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.10.390, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Osquery has been upgraded to version 5.11.0.

The Command Line Interface (CLI) version of the module is now the default option when selecting Power User from the system tray. The GUI version can still be accessed through the EPPowerConsole.exe file.

The endpoint update mechanism is being improved. These improvements are being rolled out in stages and require no action from your side.

You are now notified in the local interface when:

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

In some situations, applications blocked according to Application Blacklisting rules could still be accessed. This issue has been fixed.

In some cases, the security agent remained in an active state after the uninstall process finished causing system issues.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.10.387, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out. This update is silent, with no action required from your side (no agent reconfiguration required).

Starting with this release, we are going to bring improvements to the endpoint update mechanism. These improvements are being rolled out in stages and require no action from your side.

In a specific scenario, the rules set through Network Protection > Application blacklisting were not applied correctly.

Security fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.9.381, you must run a new Reconfigure agent task.

A new Network Protection driver is being rolled out, on fast ring. This update will be silent, with no action required from your side (no agent reconfiguration required).

In some situations, the Datto RMM integration was not working correctly after updating the security agent to product version 7.9.9.367.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.9.370, you must run a new Reconfigure agent task.

The Power User module is now also available through the Command Line Interface (CLI). This change reduces the disk size of the installed product, eliminates the Chromium dependency and supports more GravityZone features. For more information, refer to Using the Power User module.

A new Network Protection driver is being rolled out, on fast ring. This update will be silent, with no action required from your side (no agent reconfiguration required).

Added support for removing the following incompatible security products:

Enhanced support for removing the following incompatible security product:

In some situations, the Network Protection module caused performance issues.

In a specific scenario, Linux path exclusions added in the policy prevented the Antimalware On-Access scan from working correctly.

The module blocked multiple website categories that were allowed in the policy, after updating the security agent to product version 7.9.8.350.

In some cases, the security agent incorrectly reported the user last login time to the GravityZone console.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.9.367, you must run a new Reconfigure agent task.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.8.350, you must run a new Reconfigure agent task.

The Live Search feature is now compatible with ARM64 architecture CPUs.

Added support for upcoming features available with the next major GravityZone release.

Exclusions were not being taken into account when scanning registries. This issue has been fixed.

In specific cases, the security agent crashed when a new product version was available.

Addressed an internal issue that caused the product update process to fail with error -1007.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.8.346, you must run a new Reconfigure agent task.

The Live Search feature is now compatible with ARM64 architecture CPUs.

Added support for upcoming features available with the next major GravityZone release.

Exclusions were not being taken into account when scanning registries. This issue has been fixed.

In specific cases, the security agent crashed when a new product version was available.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.8.343, you must run a new Reconfigure agent task.

The Content Control module now blocks SSL connections, from non-browser processes to malicious domains. This improvement is going to be gradually enabled on all endpoints.

Added support for removing the following incompatible security products:

Enhanced support for removing the following incompatible security product:

Callback evasion notifications are now displayed for users when:

When enabled in Google Chrome and Mozilla Firefox, the Encrypted ClientHello (ECH) protocol prevented content filtering and traffic scanning.

Discovery Search Mailboxes no longer take license slots for the Security for Exchange module.

Fixed incompatibility with Ninja Agent that prevented the product from updating.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.7.336, you must run a new Reconfigure agent task.

The Content Control module now blocks SSL connections, from non-browser processes to malicious domains. This improvement is going to be gradually enabled on all endpoints.

Enhanced support for removing the following incompatible security product:

Callback evasion notifications are now displayed for users when:

When enabled in Google Chrome and Mozilla Firefox, the Encrypted ClientHello (ECH) protocol prevented content filtering and traffic scanning.

Discovery Search Mailboxes no longer take license slots for the Security for Exchange module.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.7.334, you must run a new Reconfigure agent task.

In some cases, rules configured in the policy were no longer applied after a period of time, resulting in blocked applications.

In some cases, the Firewall module crashed after changing the Network Adapter settings.

In some cases, the Support Tool generated empty or corrupted reports. This issue has been fixed.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.6.331, you must run a new Reconfigure agent task.

In some cases, the Support Tool generated empty or corrupted reports. This issue has been fixed.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.6.330, you must run a new Reconfigure agent task.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

In some cases, the Firewall module crashed after changing the Network Adapter settings.

Internal fixes.

The update process may fail with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.6.329, you must run a new Reconfigure agent task.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

Added support for upcoming features available with the next major GravityZone release.

Users are now notified whenever the communication between endpoints and the GravityZone console cannot be established.

Users are now notified whenever communication with the Incidents Server cannot be established.

Implemented internal optimizations for enhanced stability of the security agent.

Osquery has been upgraded to version 5.9.1

The Integrity Monitoring module did not generate Change events for files that have been accessed and modified from another endpoint, through Server Message Block (SMB) protocol.

In some cases, the EDR module caused performance issues on Remote Desktop Servers (RDS), when users connected via Remote Desktop Protocol (RDP).

Security fixes.

The update process to version 7.9.5.322 fails with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks used to add new modules on previous security agent versions require endpoints reboot. After rebooting and updating the endpoints to version 7.9.5.324, you must run a new Reconfigure agent task.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

Osquery has been upgraded to version 5.9.1

Users are now notified whenever communication with the Incidents Server cannot be established.

In some cases, the EDR module caused performance issues on Remote Desktop Servers (RDS), when users connected via Remote Desktop Protocol (RDP).

Security fixes.

The update process to version 7.9.5.322 fails with error -2011. You must run the update again to complete the process.

Reconfigure agent tasks that are used to add new modules require endpoints reboot. After rebooting the endpoint, you must run the Reconfigure agent task again to complete the process.

Updating your endpoints to BEST version 7.9.5.318, released on fast ring, can fail due to an issue with one of the filter drivers. Endpoints affected by the issue will be displayed as offline in Control Center since August 17, or the latest date a product update has been attempted. To fix this issue, refer to this article.

Added support for upcoming features available with the next major GravityZone release.

Users are now notified whenever the communication between endpoints and the GravityZone console cannot be established.

The Integrity Monitoring module did not generate Change events for files that have been accessed and modified from another endpoint, through Server Message Block (SMB) protocol.

In a particular situation, the exclusions defined in Web Access Control for websites did not function as intended. This issue affected endpoints with product version 7.9.4.306.

The Antimalware module can now monitor files that use the .log and .gif extensions.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

The Integrity Monitoring module generated Renamed events instead of Deleted events when a monitored file was deleted.

The module did not detect files transferred at the same time on a network share via Remote Desktop Protocol (RDP).

The security agent did not allow the safe removal of external storage devices when the Antimalware module was installed.

The module blocked a particular web address, which had been excluded in the policy, while the Web Proxy category was configured for blocking.

The Network Protection module blocked certain websites. The issue affected endpoints with product version 7.9.4.303, released on fast ring.

Security fixes.

The Antimalware module can now monitor files that use the .log and .gif extensions.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

The Integrity Monitoring module generated Renamed events instead of Deleted events when a monitored file was deleted.

The module did not detect files transferred at the same time on a network share via Remote Desktop Protocol (RDP).

The security agent did not allow the safe removal of external storage devices when the Antimalware module was installed.

The module blocked a particular web address, which had been excluded in the policy, while the Web Proxy category was configured for blocking.

Security fixes.

The Support Tool and Uninstall Tool are now console applications.

The bruteForce parameter that can be used when uninstalling the security agent is now available only for product versions starting with 7.x.

Added support for removing the following incompatible security product:

The Content Control module did not block web pages when a proxy was used. The issue affected endpoints with product version 7.9.2.290

The update process failed with error –1018 on endpoints with the Network Attack Defense module installed.

The Exchange scan was not working correctly. This issue has been fixed.

The Firewall module caused endpoints to temporarily lose network connectivity when starting services or when changing policies. This issue occurred on Windows 10 and 11 systems.

The Relay agent failed to properly remove old installation kits, leading to high disk usage.

The Sysprep tool did not work properly on endpoints with product version 7.8.3.x and higher.

Internal fixes.

The Firewall module caused endpoints to temporarily lose network connectivity when starting services or when changing policies. This issue occurred on Windows 10 and 11 systems.

The Support Tool and Uninstall Tool are now console applications.

The bruteForce parameter that can be used when uninstalling the security agent is now available only for product versions starting with 7.x.

Added support for removing the following incompatible security product:

The Content Control module did not block web pages when a proxy was used. The issue affected endpoints with product version 7.9.2.290

The update process failed with error –1018 on endpoints with the Network Attack Defense module installed.

The Exchange scan was not working correctly. This issue has been fixed.

The Relay agent failed to properly remove old installation kits, leading to high disk usage.

The Sysprep tool did not work properly on endpoints with product version 7.8.3.x and higher.

You can now create certificate hash exclusions for PowerShell scripts.

Osquery has been upgraded to version 5.8.1.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following incompatible security products:

In some cases, the Firewall module blocked applications already excluded in the policy.

The module postponed the application of patches if the Relay server was not reachable.

The module could not quarantine Java Archive files, even though the archives could be deleted.

The Network Protection module prevented browsers from accessing web pages when Web Access Control was enabled. The issue occurred after updating the security agent to version 7.9.2.289, released on fast ring.

The local console failed to open when accessed from Start Menu. The issue occurred after updating the security agent to version 7.9.1.285.

The local console displayed the default contact information for technical support when the language was changed, instead of the details defined in the policy.

You can now create certificate hash exclusions for PowerShell scripts.

Osquery has been upgraded to version 5.8.1.

Added support for upcoming features available with the next major GravityZone release.

Added support for removing the following security products:

In some cases, the Firewall module blocked applications already excluded in the policy.

The module postponed the application of patches if the Relay server was not reachable.

The module could not quarantine Java Archive files, even though the archives could be deleted.

The local console failed to open when accessed from Start Menu. The issue occurred after updating the security agent to version 7.9.1.285.

The local console displayed the default contact information for technical support when the language was changed, instead of the details defined in the policy.

Bitdefender has optimized LSASS detection reporting for less traffic and less disk space required to store events on endpoints.

The endpoint users are no longer distracted by Integrity Monitoring status alerts whenever a Suspend or Resume task runs.

Added support for upcoming features available with the next major GravityZone release.

The Antimalware module caused a system slowdown when copying files from network shares.

Custom scan displayed incorrect paths in the local scan log when multiple scan tasks occurred at the same time.

Addressed an issue where Advanced Threat Control caused critical errors (BSOD) after updating to version 7.9.1.280 released on fast ring.

The Live Search feature was unavailable on endpoints although it was enabled in the policy.

The security agent blocked Remote Desktop connections when the Network Attack Defense module was enabled in the policy along with the Scan RDP option.

In a particular case, the Content Control module prevented PDF files from being downloaded from a website. The website remained in a loading state and eventually displayed the page as inaccessible.

Events generated by the Data Protection rules displayed IPs instead of web addresses when keyword filters were added for web traffic.

The default policy was assigned on endpoints instead of the correct policy when assignment rules applied.  The default policy did not contain the previous assignment rules.

Multiple managed endpoints could not communicate with the GravityZone console and were listed as unmanaged.

The logging session started when gathering support tool logs using command line or from the GravityZone console remained active for long periods of time.

Addressed a specific scenario where the product caused critical errors (BSOD). The issue is now fixed.

Addressed an issue where Advanced Threat Control caused critical errors (BSOD) after updating to version 7.9.1.280 released on fast ring.

Events generated by the Data Protection rules displayed IPs instead of web addresses when keyword filters were added for web traffic.

The endpoint users are no longer distracted by Integrity Monitoring status alerts whenever a Suspend or Resume task runs.

Added support for upcoming features available with the next major GravityZone release.

The Live Search feature was unavailable on endpoints although it was enabled in the policy.

The security agent blocked Remote Desktop connections when the Network Attack Defense module was enabled in the policy along with the Scan RDP option.

In a particular case, the Content Control module prevented PDF files from being downloaded from a website. The website remained in a loading state and eventually displayed the page as inaccessible.

Custom scan displayed incorrect paths in the local scan log when multiple scan tasks occurred at the same time.

The default policy was assigned on endpoints instead of the correct policy when assignment rules applied.  The default policy did not contain the previous assignment rules.

Multiple managed endpoints could not communicate with the GravityZone console and were listed as unmanaged.

The logging session started when gathering support tool logs using command line or from the GravityZone console remained active for long periods of time.

Addressed a specific scenario where the product caused critical errors (BSOD). The issue is now fixed.

The Bitdefender Endpoint Security Service crashed during Patch Management assessment when unavailable patches were returned. The issue occurred on endpoints with version 7.8.4.269, released on fast ring.

Microsoft Office 365 was not included in the Patch Management scan. This issue is now fixed.

Policies were not being assigned on endpoints when using a location assignment rule with hostname.

An incorrect path was created when installing security agents with Relay role. This behavior led to inaccurate rules in Windows Firewall and affected versions starting with 7.7.2.x.

The security agent installation crashed on Windows Server 2016 endpoints with a very large number of certificates.

Live Search is no longer supported for x86 architecture endpoints.

Policies were not being assigned on endpoints when using a location assignment rule with hostname.

Microsoft Office 365 was not included in the Patch Management scan. This issue is now fixed.

An incorrect path was created when installing security agents with Relay role. This behavior led to inaccurate rules in Windows Firewall and affected versions starting with 7.7.2.x.

The security agent installation crashed on Windows Server 2016 endpoints with a very large number of certificates.

Live Search is no longer supported for x86 architecture endpoints.

The Content Control exclusions did not work properly when using a blocking action in Web Access Control Scheduler on endpoints with product version 7.8.3.263.

You can now execute Live Search queries using the command line interface. The Live Search feature is part of the Early Access programs.

Security content updates are now automatically performed with each product update to ensure optimal performance. 

Added support for upcoming features available with the next major GravityZone release.

Bitdefender Endpoint Security Tools has removed some processes and folders from the exclusions lists on Exchange servers to improve performance and stability. For more information, refer to the official Microsoft documentation.

In certain scenarios, endpoints encountered critical errors (BSOD) when the Advanced Threat Control module was active.

Fixed an issue that caused Content Control to create a temporary Windows profile for automatic logins.

The Content Control module prevented the GravityZone console from properly reporting blocked web addresses and the applied web rules in the Blocked Websites report.

Removed the unused caching database files on partitions smaller than 1GB.

Fixed an issue where the Antimalware module failed to report detections of infected browser plugins in certain scenarios.

Fixed an issue that caused cached DNS servers to be used for EDR submission.

Fixed an issue that caused Integrity Monitoring to generate empty reports.

The security agent caused high CPU usage on Microsoft Windows Server 2019.

You can now execute Live Search queries using the command line interface. The Live Search feature is part of the Early Access programs.

Security content updates are now automatically performed with each product update to ensure optimal performance. 

Added support for upcoming features available with the next major GravityZone release.

In certain scenarios, endpoints encountered critical errors (BSOD) when the Advanced Threat Control module was active.

Fixed an issue that caused Content Control to create a temporary Windows profile for automatic logins.

The Content Control module prevented the GravityZone console from properly reporting blocked web addresses and the applied web rules in the Blocked Websites report.

Removed the unused caching database files on partitions smaller than 1GB.

Fixed an issue where the Antimalware module failed to report detections of infected browser plugins in certain scenarios.

Fixed an issue that caused cached DNS servers to be used for EDR submission.

Fixed an issue that caused Integrity Monitoring to generate empty reports.

The security agent caused high CPU usage on Microsoft Windows Server 2019.

Fixed an issue that prevented the Network Attack Defense module from updating security content.

GravityZone assigned the default policy instead of the new policy when applying new assignment rules.

Fixed an issue that prevented policies from being applied to endpoints.

Fixed an issue that caused the security agent to create database registry files on partitions smaller than 1 GB.

In certain scenarios, endpoints encountered critical errors (BSOD) when the Antimalware module was active.

Fixed an issue that caused the Antimalware module to prompt users to take actions on clean files.

Fixed an issue that prevented the Reconfigure Client task from being applied to BEST Linux endpoints when using Windows Relay as an update server.

Fixed an issue that prevented Content Control from blocking websites on newer editions Windows Server 2019 and Windows Server 2022.

The security agent caused high CPU usage on Microsoft Windows Server 2019.

The security agent now automatically scans USB devices before users log into the Windows system.

Added support for Windows 11 Enterprise Multi-Session (22H2).

Added support for Windows ARM64 CPUs. The following features are supported:

The following features are not yet supported:

Support for these features on Windows ARM64 will be added in time.

In some cases, the Bitdefender Endpoint Protected Service generated high RAM usage after updating endpoints to version 7.8.1.241.

Fixed an issue that caused multiple website false positives when using Bitdefender EDR.

The security agent now automatically scans USB devices before users log into the Windows system.

Added support for Windows 11 Enterprise Multi-Session (22H2).

Fixed an issue that caused multiple website false positives when using Bitdefender EDR.

The default Firewall driver has changed.

Added support for upcoming features available with the next major GravityZone release.

The information window title now reflects the product name.

The Crypto Miner threat detection has been added.

The Power User module is now available in Vietnamese.

Fixed an issue that prevented users from accessing specific websites while the SSL Scan option was enabled.

In some situations, the Advanced Threat Control module caused high memory usage and performance issues.

Fixed an issue that caused the Bitdefender Endpoint Security Service to crash when Advanced Threat Control was installed.

Fixed an issue that caused Exchange Protection to mark multiple valid emails as spam.

Fixed an issue that prevented the security agent from detecting samples during unpacking archived files.

The default Firewall driver has changed.

Added support for upcoming features available with the next major GravityZone release.

The information window title now reflects the product name.

The Crypto Miner threat detection has been added.

The Power User module is now available in Vietnamese.

Fixed an issue that prevented users from accessing specific websites while the SSL Scan option was enabled.

In some situations, the Advanced Threat Control module caused high memory usage and performance issues.

Fixed an issue that caused Exchange Protection to mark multiple valid emails as spam.

Fixed an issue that prevented the security agent from detecting samples during unpacking archived files.

Content Control detection events now contain details about the web categories of blocked websites. You can view these categories in the Event log section.

Added support for upcoming features available with the next major GravityZone release.

The product was causing high disk usage when scanning certain SSD drives.

Fixed an issue that was causing network disconnects for Intel-based NICs.

Fixed an issue that caused the IP addresses of the source of remote Windows logins (RDP) to not be recorded.

Fixed an issue that prevented endpoints from being displayed in the Amazon EC2 Integration.

Security fixes.

Added support for upcoming features available with the next major GravityZone release.

In some situations, endpoints failed to reflect the scan mode set through a Reconfigure Client task. The issue occurred on version 7.6.3.210, released on fast ring.

Security fixes.

Addressed an issue where the Advanced Threat Control feature caused critical errors (BSOD).

Fixed an issue that prevented the Endpoint Detection and Response module from displaying the correct hostname of remote attackers.

Added support for upcoming features available with the next major GravityZone release.

Addressed an issue where the Advanced Threat Control feature caused critical errors (BSOD).

Fixed an issue that prevented the Endpoint Detection and Response module from displaying the correct hostname of remote attackers.

Security fixes.

Added support for upcoming features available with the next major GravityZone release.

You can now see when a patch installation is in progress. The event is available in the Event log whenever a new installation begins.

Fixed an issue that caused network disconnects for Intel-based network interface cards.

Fixed an issue that prevented Exchange Malware Detected notifications from being received in the console or by email.

The Network Attack Defense module prevented domain joined endpoints from receiving group policies.

Fixed an issue that caused filtering inconsistencies for web categories across multiple Windows 10 endpoints.

In some situations, the patch installation was performed outside the scheduled interval set in the maintenance window.

Endpoints that have used installation kits with versions up to 6.6.16.222 failed to complete maintenance operations such as uninstall, or reconfigure, after updating to version 7.6.1.202. This is now fixed.

Bitdefender Endpoint Security Tools is now available in Japanese language.

Added support for removing the following incompatible security products:

Fixed an issue that affected a few product files after an unexpected shut down.

Exclusions created using wildcards failed to work properly for websites with invalid certificates.

The Antimalware module displayed On-Access as disabled in the local interface even though it was enabled in the policy.

The Remarks column was displayed when accessing a policy with Power User however, it contained no information. The column is now available only in the GravityZone console.

Fixed an issue that caused rule-based policies to change constantly.

In some cases, the security content update process resulted in error code -1016. The issue is now fixed.

Fixed an issue that prevented the EDR module from generating incidents for remote Latent Semantic Analysis (LSA) dumps.

Bitdefender Endpoint Security Tools is now available in Vietnamese language.

The security agent was not displayed as running in Windows Security Center after updating to version 7.5.3.190 released on fast ring.

In some situations, the security agent failed to display the Exchange Protection module in the local interface even if the module was installed and running. 

Fixed an issue that caused assignment rules to apply incorrectly.

The module scanned multiple secure connections resulting in error 400 Bad Request. The issue is now fixed.

Fixed an issue that prevented scheduled patch scans and deployments to run properly.

Bitdefender Endpoint Security Tools is now available in Vietnamese language.

Fixed an issue that caused assignment rules to apply incorrectly.

The module scanned multiple secure connections resulting in error 400 Bad Request. The issue is now fixed.

Fixed an issue that prevented scheduled patch scans and deployments to run properly.

In some situations, the security agent failed to display the Exchange Protection module in the local interface even if the module was installed and running. 

Software applications are now visible in the Event log section. Under Patch Management events you can see successfully installed patches, patches that require a reboot, or failed installations.

Now users can choose between multiple time intervals to postpone a system restart. They can postpone a reboot until a more convenient time up to one day.

Added support for upcoming features available with the next major GravityZone release.

The Patch Caching Server failed to download patches and caused high CPU usage.

On-demand scans affected the indexing service of Windows 11 systems resulting in a reset of indexed items. After this, the Windows indexing process started automatically from the beginning.

When installed the security agent removed the Xpient update service due to incompatibility with the application. The issue is now fixed.

The Content Control module is now available for Windows servers including Citrix virtual apps and desktops and is designed to monitor user session traffic. For existing installations, the module is available through a Reconfigure agent task, while new installations require packages configured accordingly. For more information refer to Content Control on Windows servers.

All fixes previously delivered for workstations with version 7.5.1.172 are now also available for servers.

Security fixes.