Table of Contents |
---|
Bitdefender GravityZone Whitelisting allows system administrators to create a whitelist of trusted applications based on their digital signatures, file paths, or other attributes. These trusted applications are considered safe and are allowed to run without any restrictions or additional security checks.
The primary executables of CyberCNS which can be whitelisted are as below:
cybercnsagent.exe
cyberutilities.exe
nmap.exe
osqueryi.exe
cybercnsagentmonitor.exe
For remote assets getting scanned via Probe Agent:
Whitelist the below executable path of the dissolvable agent into a remote asset. "C:\windows\CyberCNS_DissolvableAgent"
To whitelist the folder on the remote asset, use the installation folder path i.e “C:\Windows\CyberCNSAgent”
Please follow the below steps to whitelist the CyberCNS Folder from Exclusion.
...
C:\Test– excludes all files and folders under the Test folder
Info |
---|
|
Steps to be followed In the Bit
...
Defender
Bitdefender’s Antimalware module
In the Bit defenderDefender, Navigate to -> Policies → Click on Add.
...
Navigate to Antimalware → then click on Settings
...
Select On-Execute
Default action for infected application should be set to Take no action.
...
Navigate to Settings.
Enable In-policy exclusions and then select Type as Folder and give the path as "C:\Program Files (x86)\CyberCNSAgentV2” and then click on Save.
...
Select the configured policy and then click on Set as Default.
...
...
After applying the policies the cybercns agent is now allowed to scan.
Navigate to Threats Xplorer in General view section to view the process.
...
Here is the scan report from bitdefender.
...
Confirm the configured Policy is applied for the endpoint by navigating to Network and then clicking on the endpoint to verify.
...
Bitdefender Block port scans function of the Firewall module
In order to set exclusions for the Block port scans function of the Firewall module.
Navigate to GravityZone Control Center → select Policies.
Give the name of your policy For Eg:- (Vulnerability Scanner Exclusion (default)).
Click on Save to create policy Details.
After creating the Policy Details, the policy name can be viewed under Policies.
Then click on Policy name to navigate to Firewall section.
...
Navigate to Firewall select General and Enable Firewall, log verbosity level, Block port scan and Exclusion.
Enable Exclusions and then select Type as IP/Mask and Excluded entity give the IP which need to Excluded.
Specify IP addresses for scenarios involving scanners reporting and assessing endpoint to verify.
...
vulnerabilities.
Port scan exclusions are compatible with Bitdefender Endpoint Security Tools for Windows.
Add port scan Exclusion Ex. IP/mask (10.0.0.1/8) and then click on Save.
Bitdefender Exclusion Through Network Protection
Navigate to Network Protection→ Select General
To add a port scan exclusion rule:
Enter the IP address in the corresponding field.
Provide a short description to easily identify the exclusion rule.
If needed and to save time, enable Duplicate to Network Protection to automatically create the same exclusion in the Network Protection section.
Click Add exclusion to finish the process.
A new entry appears in the grid below.
If Duplicate to Network Protection is enabled, the same exclusion rule appears in the Network Protection section. However, to apply it there, make sure the Exclusions section in Network Protection is also enabled.
Info |
---|
If whitelisting URLs in the firewall section and network protection does not resolve the issue, custom exclusion rules can be utilized to flag the URLs and IP addresses. |
Navigate to Custom exclusion rules and ADD RULE for Custom exclusion rules.
To add a rule, center the 'Exclude every' on Connection, and to match the following: Source IP, choose 'Is.' Here, add the agent IP address and click on Next.
Navigate to Exclusion rule settings Enter the Fields Rule name, Description, Rule tags, Enable exclusion rule, and then click on Next.
Navigate to Exclusion rule targets Enter the Fields Rule targets in that Apply rule on targets from Endpoint tags and Then click on Save.
...
Below is the screenshot of the endpoint machine that excluded the CyberCNS folder from scanning.
...