I hope everyone is good today, and I have something interesting for you. I need something for my lab to protect against malware. I used to use Trend in my lab but they have not been able to provide me with a 1 year NFR so I need something new. At VMworld I saw Bitdefender and I thought it was good to see them there so I reached out. This is how I ended up today working with Bitdefender GravityZone. I am going to get it going and we will see how it works.
Something that is different that I quite like is that the trial, or the actual purchased copy can have a console in the cloud, or have the same console on – premises instead. And if you chose to have the console in your infrastructure you can download an OVF or a VHD. So that makes things a little easier, and I like that thinking! Plus, you can go from a trial license to a production one easy. No uninstall and install again.
So lets see how this turns out!
- You can download the bits / docs from here. I am doing vSphere so have the .OVA. However, when I went through this article again, for the second time, I could not download bits. So I installed the old version and updated it.
- We need FQDN and IP but don’t define FQDN yet. During the connection of BD to AD it actually does the DNS. In my case it caused an error – but no issues – as I had already created the DNS record.
- Also, I am not doing an implementation which is agent free and utilizes the virtualization layer. I will do that later as that is the best way to protect virtual machines, but now I am doing a traditional implementation which means agents and software installed inside the desktops and servers.
- The install guide has really a lot of info and detail including ports, and footprint info.
- We need a service account with domain admin capabilities
- We need a service account with vCenter Admin rights
- SMTP information so we can have emailed notification which is handy.
- License info
- I am using vSphere 6.7 Update 1 with patches as of 12/30/18.
- You will need a My BitDefender account which you can create here. Use the Sign Up link in the corner.
Deploying the appliance
We start in the vSphere Web Client.
- We use the Deploy OVF option under the options menu to start things off.
- We browse out to where the OVA file is that we downloaded as part of the trial.
- We provide name and folder location for it.
- We now see a screen of info.
- Nice to see that Bitdefender certifies their appliance.
- Next we worry about where to store the appliance.
- Now we deal with networks. We only select a switch and not configure any network settings so that means we will need to deal with that later.
- In the next screen we see a summary – is everything right?
So we are ready to finish!
This includes the basic configuration of the appliance of things like network.
- First, we need to power on the appliance. It make take a while.
- We need to take care of network first. So while in the vSphere Web Client access the console of this appliance.
- Once in the console we need to change the root password.
- Once we provide a new bdadmin password we see the next screen – and we are prompted to log in as bdadmin. If you cannot log in, as maybe the boot process got a little confused and filled in the Enter new password prompt, just restart the appliance and the second time you should be good to go.
- You use the password you just entered and log in. You will see the main screen.
- Start with Configure Hostname and work through it.
- Next work with Configure Network Settings and work your way through it. Make sure to use the two show options – Show IP and Show link status to make sure things are good.
- I don’t know how many of you will need to worry about Proxy Settings, or about language but if you do then deal with them.
- The next option is – for me in this small lab – is Automatic Installation.
- This option will take a little bit of time and you will see a bunch of things scroll by – such as what you see below.
- When the automatic setup is done (it does take a few minutes) you will see a similar screen.
- I do not know how to leave this screen. I can close the console window I have open but there seems no way to log out.
I wanted to log into the console and trying doing ping tests to make sure outgoing DNS resolution was good. I log in as bdadmin with the password you assigned it. I could ping long, but not short for some reason. Hope that doesn’t hurt later.
Now we need to access the Web UI.
- You need to enter your My BitDefender account info. Once you log in, you will see something like the following.
- Use the Add button and you can add your license or in my case the code I was sent for my 30 day trial.
- We can see that it worked for me and that it is a short trial license.
- Next we need to do company details, and the admin account info.
- We now are in a popup with some interesting info.
- If you scroll to the bottom you can find the release notes.
- You will see this each login so use the Don’t show again checkbox.
- Another popup screen is shown that lets us know many of the things we need to do. You can close it and you will see it again or you can use the checkbox again. We are going to work through the important stuff.
We are now going to configure the application so it is ready for use.
- Log into the application at https://fqdn
- You will see the basic and sort of empty console. You will also see this if you did not log out but hit close above. It is empty, but it is pretty cool. I am curious to see what it is like when it is busy.
Mail Server Config
- We need to change to Configuration now. Low in the left margin set of choices.
- Since there is no test button make sure everything is correct! There really should be a test button!
- Use the Save button in the bottom left before we continue.
NTP and Syslog
We now change to the Miscellaneous tab. It can be seen in the SMTP screenshot above.
- NTP is already set, but make sure it makes sense for you.
- Also enable syslog if that is something you need and or want.
- Use the Save button to save your changes.
- I cannot seem to find anything in syslog. I have tried to filter on hostname and IP address with no luck. Will investigate. Stuff does show up later for things like alerts.
I like to have a backup of my configuration. It will not take long before there is enough configuration in this product that will make it handy to have backup!
- So change to the Backup tab.
- Now use the Settings button to create a backup schedule.
- You will now have a screen to configure the backup job. See below how I configured mine.
- I love how we have a Test Settings button. Make sure to use it. Yes, it really has red coloring instead of the same as everything else, or even much better green!
- Once you hit Save, you will not see anything until the schedule fires or you use the Backup Now button. Which I shall do.
- I have to fill in all the settings again, as it doesn’t use the Settings we already configured. Once done the backup is started. The status is shown as Processing for a few minutes. Once you hit the Refresh button you can see it is done.
- Curious what you see at the backup location? I am.
Active Directory Integration
Now we change to the Active Directory tab to configure that connection.
- We enable and configure the connection. There is no Test button which is too bad.
- Once we hit the save button we get feedback. I guess that makes it sort of like a test button. At least it doesn’t wait for the scheduled time to try.
- Note that it is Synchronizing so we know things connected OK.
Yes, we change to the Virtualization tab now. Surprise – right? We use the Add button once we are there.
- Interesting to see such good choice!
- We fill in the fields as per our own info and see something like below before we save.
- Once we correct the password, and hit Save we see below.
I was curious if there was an update.
- I now change to the Configuration \ Update view. There is a good chance you will see an update here so might as well update now before you continue.
- Then change to the Components view, and use the Check for updates button. I see there is an update.
- You can see the Product changelog link and if you use it you get the FULL changelog.
- So I the Actions \ Publish option so that when I start building packages I get the latest bits.
- I am prompted to confirm.
- I do say yes. And it downloads. It does take some time and you can use the Refresh button.
- When it is done:
- Now that kit is ready to be used / deployed.
- Lets make some changes to the update server now. While in the Update area you need to hit the gear.
- Next you will see what you can change and in fact what I did change.
- The two arrows show you what I enabled.
You should now enable some alerts so you can sometimes operate in a proactive mode.
- First select the bell in the top right corner, and follow that by the gear that becomes visible.
- After the gear you will see the following.
- I added my email address and make sure all the appropriate boxes were checked – and as seen above they are.
- The faint outline of an – envelope maybe – at the end of the line provides additional options as seen below.
- It seems to be difficult to do separate settings for each line.
I will now get alerted on a variety of important things, and I like how it can be via a variety of means which is very handy.
I am going to use the default policy for a bit and see how it goes. The default policy is pretty good. I will do an article on how it might be changed at a later time.
You should step away and install a client or two to make the testing better. Use this link for help with Windows and Mac.
We need to make sure that we can detect a virus but also notify appropriately and also handle the virus properly. However we do not use a real virus for this!
First to see that the software is installed and communicating with the management – which is very important, so we look at the Dashboard.
The portlet that is on the right, titled Computers – Malware Status, can be clicked on. It will open up a new window.
Notice how all two machines that I have installed BD on are shown here, along with the appliance. In fact one is a Mac too. If we select one of them we can see more info. Important note – I am going through this a second time as I lost the appliance during some storage work. It turns out the existing machines, after some time, or a restart, would be seen in the new appliance. I did use the same FQDN and IP.
So we know that our installed software is working and talking to the management so that is good.
Next we need to test our notifications. So I get a test malware sample from here which is a test virus that BitDefender (and all of the major players too) will see as a virus but it is in fact not one. This file was caught on write. Meaning I pasted the code from Eicar.org to a text file and save it and it was gone. the history of the client showed it. However it did not trigger any alerts, and did not seem to get passed to the appliance. I may need to improve the default policy but that will be part of another article. See the email below.
After I logged out, and in again on Bitdefender GravityZone I could see that my machine has been infected and it was resolved – so likely I should have been patient. I could see it was EICAR test file that had done the infection. So the management UI was informed and tracks it but the client just deletes it.
Previously, several years ago, you would have had different behavior and see things more like below.
You can see the scan log with the detection below.
So we are good now. We have machines protected – both Windows and Mac, as well as different flavors of Windows, we are using default policy but we can update and improve that as we see how things are going.
I am impressed. My second time with this software but I am impressed. That means I like the feature set, and the capabilities, and the footprint. I see very little impact on the protected machines. It is not perfect. I am tracking issues:
- The Mac Bitdefender client starts after a restart as full and not invisible. Minor but an issue. Fixed in more recent builds.
I also have questions:
- I am looking into such as the best way to do mass deployments. Pushing packages seems less efficient then maybe an MSI via GPO and AD.
- It seems default is to take policy and updates from the appliance, but it seems the Mac client can get updates via the Internet too. How do we control that? BitDefender support suggests that this can be controlled by policy. Will investigate that in my policy article – when I get to it.
- What is the best way to exclude folders?
But anything as complex as anti-malware will have issues and these are all minor!
I hope you will see more articles – how to do mass deployments, and about improving policy. Plus as I learn more I will update this article too.
Questions and comments are welcome. BTW, you can watch this tag for all BitDefender related articles if you like,such as installing to windows or Mac..
- 12/30/18 – updated as I used it again. Some basic improvements. Went through it with 6.5.3-70.
- 9/8/18 – first published (v6.3).
=== END ===