Introduction
This guide will outline how to deploy, monitor and manage Bitdefender Endpoint Security on Windows devices using Naverisk and the Bitdefender GravityZone Control Center.
Deployment
This section will cover how you can deploy BitDefender to your client's workstations and servers using Naverisk.
Prepare the deployment package
Login to the Bitdefender GravityZone control center https://gravityzone.bitdefender.com/ and under Network on the left hand panel select Packages.
You can either add a new deployment package (refer to the GravityZone documentation for details on creating packages), or choose an existing package.
Tick the desired package, and click Send download links.
Expand the Installation links section, then highlight and copy the Windows Downloader URL.
Configure the Naverisk Script Pack
A script pack to install BitDefender - BitDefender Deployment Kit - is available in the Routine Store, or may be pre-installed in your Naverisk console.
If not already installed, download the script pack from the Routine Store, and upload it to your top client level under Settings > Script packs.
Edit the script pack, and under Parameters, enter the download URL that you copied from GravityZone.
Important - ensure that the URL is enclosed in quote marks.
Save the script pack. It is now ready for use.
Please note - this script requires Powershell to be installed on the target device.
Deploying to devices
Now that you have created your Bitdefender Deployment script, you can either run this manually through the Devices tab or create a scheduled job to deploy this script pack at a designated time.
Please note that the deployment process can take some time, possibly up to 15 minutes, depending on the speed of the client device and internet connection.
While we recommend deploying Bitdefender through Naverisk, you can also use Bitdefender Remote Installation. You can find the details for this in the Bitdefender Control Center > Essential Steps when you first login to the console (as below).
Monitoring Windows Workstations
Naverisk can integrate into the Microsoft Windows Security center to provide efficient Antivirus monitoring on your Workstation Devices. Naverisk is able to automatically retrieve information on the status of Antivirus, Firewall and Anti-Spyware software for alerting and reporting purposes, monitoring that the Antivirus or Anti-Spyware application is running, and that the definitions are up to date.
Note: Only Microsoft Workstation Operating Systems from Windows XP SP3 onwards are supported by the Naverisk Security Centre.
Please note that there may be variations on how specific applications are reported across different Windows versions. For example, Windows 7 reports Windows Defender as Anti-Spyware, while Windows 8.1 and 10 report it as Anti-virus.
In order to monitor Server Operating Systems you will require a device role. Configuring device roles to monitor Bitdefender are discussed later in this article.
Setting up Naverisk Security Centre monitoring
To set up Naverisk Security Centre follow these steps below.
Log in to Naverisk, Navigate to settings and select the OS Templates Icon;
Select the appropriate client and select the 'Green Arrow' to make changes to the desired Operating System Template:
Within the OS Template, select the desired security services and signatures to monitor, then save the template.
Naverisk has now picked up on Bitdefender Endpoint Security for a Windows 7 workstation below.
Monitoring using Device Roles
Bitdefender can also be monitored using Naverisk device roles. This is particularly applicable to Windows servers, which do not support the security centre, but can also be used on Windows workstations as well if desired.
A pre-configured Device Role for Bitdefender is included in Naverisk, and is also available for download from the routine store.
This monitors the Bitdefender component services, the Event Log for Bitdefender warnings, and checks the definitions. It will also warn if Bitdefender is not installed on a device.
This Device Role can be applied to both workstations and servers, either individually or in bulk.
To deploy individually:
Navigate to the Devices tab
Go into the Device you wish to add the Role to
Select the Monitoring tab
Select the '+' symbol under the Device Roles Section
Here you will be presented with all the Device Roles you would have seen under the Device Roles in the Settings Tab:
5. Select the AV Bitdefender - Endpoint Client role by ticking the check box on the right-hand side of the Device Role.
6. Select Save Roles to assign the Role to this Device.
You can also deploy the role in bulk to multiple devices:
Navigate to the Device tab.
Select a Client that you wish to deploy your Device Roles to.
Select the multiple Devices with the use of the check boxes situated next to the Device on the left hand side as per the screenshot below:
4. In the right-hand corner of your Naverisk Dashboard, next to New Device you will see a drop-down menu called Select a Task. Click on this drop-down and select Update Roles:
5. You will now be presented with a list of Device Roles that is available for assigning to your Devices:
6. Select the AV Bitdefender - Endpoint Client role by ticking the check box beside the role.
7. Click Add Roles
For more details on working with Device Roles, see the Device Roles guide under Naverisk Help.
Alerting
Tickets are automatically created when issues arise with a Bitdefender client on any monitored device. These will be assigned an appropriate SLA classification depending on the severity of the issue. These tickets are generated from either the Security Center integration or the Device Role, depending on the type of client device.
Generating Alerts from GravityZone
Bitdefender endpoints communicate directly to the GravityZone control center when events such as threats being detected occur. It is easy to configure the console to send these alerts to Naverisk so that your AV monitoring/alerting can be consolidated in one location.
In the GravityZone control center, click on the alarm icon at the top left to open the Notifications panel, then the settings icon
On the settings page, configure your Naverisk support email address, and select the events that you want notifications generated. For each event, you can have a notification shown in the GravityZone control center, and/or sent as an email. Depending on the event, other options may be available such as event thresholds. Once you have configured the desires alerts, click Save.
Workstations - via Security Centre
The Security Centre is an integration from Microsoft Action Centre, that uses the Microsoft Action Centre API (Application Programming Interface), to retrieve and relay the data that is normally displayed in your Windows OS, to your Naverisk Web Interface.
This data is also integrated into Naverisk’s Reporting system. This allows you to run analytics of your device’s security, which over time can show you where the weak links are, helping you to strengthen your Clients’ security and allowing you to protect their data more efficiently.
Please be aware that Security Monitoring is only compatible with Windows Workstation Devices due to Microsoft not including the Security Centre within Server OS’s. You will need a Device Role to monitor Security on a Server.
The Security Centre can be enabled by ticking each checkbox. The use of each section is as follows:
Antivirus:
If Service monitoring is enabled, a Failure SLA ticket will be created if the Antivirus service is detected as Stopped for more than 600 seconds.
If Signatures monitoring is enabled, a Failure SLA ticket will be created if the Antivirus signatures are found Outdated for more than 600 seconds.
Firewall:
If Firewall Service monitoring is Enabled, a Failure SLA ticket will be created if the Firewall is detected as Disabled/Stopped for more than 600 seconds.
AntiSpyWare:
If Service monitoring is enabled, a Failure SLA ticket will be created if the AntiSpyWare service is detected as Stopped for more than 600 seconds.
If Signatures monitoring is enabled, a Failure SLA ticket will be created if the AntiSpyWare signatures are found Outdated for more than 600 seconds.
Each threshold can be increased or decreased, depending on your needs. The maximum threshold is 999 seconds.
Servers - via Device Roles
Each Bitdefender service and logged event, as well as the result of the definition check, are configured by default to create a ticket to warn you of an issue. The SLA severity of these tickets are also set by default to appropriate values. You can change these by editing the Device Role. Please refer to the Device Roles documentation for details on this.
Scheduling Scans & Updates
In order to schedule Bitdefender updates & scans, you will need to configure this through your Bitdefender GravityZone control center. We recommend scheduled updates and scans be configured in GravityZone, however you can also trigger updates and scans from Naverisk.
In the control center this can be done through the Policies Tab and configured to suit your needs:
Scheduled Update:
Scheduled Scan:
Once you have created your policy for the Update and Scans, you will then need to assign it to your Devices.
To do this, you will need to navigate to the Network Tab and select the Device you wish to assign the policy too.
Once you have selected the Devices or group of Devices, click Assign Policy:
You can then select the appropriate policy that you wish to assign and click on Finish:
This policy will then filter down to your Bitdefender endpoints.
Running Scans and Updates from Naverisk
In addition to using the GravityZone control center, you can also manually trigger scans and updates as well as checking the Bitdefender endpoint status from Naverisk. A set of script packs are available in Naverisk, and are also available for download from the Routine Store.
BitDefender Tools - Get Update Status - Returns the time code of the last attempted and succeeded update. If these are different it indicates the update attempt failed.
BitDefender Tools - Is Update in Progress - Check to see if an update is currently running
BitDefender Tools - Get Version - Returns the current version number of the installed Bitdefender client.
BitDefender Tools - Is Restart Needed - Determines if a system restart is required to enable full protection. This is sometimes required after initial installation or a client upgrade
BitDefender Tools - Check Definition - Checks to see if the definitions have been updated in the last 24 hours.
BitDefender Tools - Start Update - Trigger a definitions update on the endpoint
BitDefender Tools - Scan - Start a Quick Scan on the endpoint.
The results of these scripts will be returned in the usual manner for Naverisk Script Packs, and will also write the result to the device event log. If the Bitdefender device role has been applied to the device, an entry in the device Audit tab will be created, and an alert raised if required (eg definitions not updated).
Reports
Reports can be generated in Naverisk that show your customer’s antivirus status. Bitdefender also provides additional reporting via the GravityZone Control Center.
The Antivirus Detail report can be found under the Reports tab > Device > Antivirus Detail and will look like the below example:
Note that data may be incomplete when clients are first configured. Waiting at least 24 hours for data to be retrieved and logged by Naverisk should provide you with better results.
The Antivirus Summary report can be found in the Reports tab > Client Facing > Antivirus Summary. It will appear as a pie graph as per the below example: