Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Bitdefender GravityZone Whitelisting allows system administrators to create a whitelist of trusted applications based on their digital signatures, file paths, or other attributes. These trusted applications are considered safe and are allowed to run without any restrictions or additional security checks.

...

  • Whitelist the below executable path of the dissolvable agent into a remote asset.  "C:\windows\CyberCNS_DissolvableAgent" 

  • To whitelist the folder on the remote asset, use the installation folder path i.e “C:\Windows\CyberCNSAgent”

...

Info
  • For network vulnerabilities detection using a probe agent, nmap is used from the location (A program has been allowed to connect to the Internet. Process path C:\PROGRA~2ProgramFiles<x86>\CyberCNS AgentV2\nmap\nmap.exe.Protocol UDP(17).port53 ) 

  • Please allow port scanning from probe agent to help determine vulnerabilities.

Steps to be followed In the Bit Defender

Bitdefender’s Antimalware module

  • In the Bit Defender, Navigate to -> Policies → Click on Add.

...

  • Navigate to Antimalwarethen click on Settings 

...

  • Select On-Execute

  • Default action for infected application should be set to Take no action.

...

  • Navigate to Settings.

  • Enable In-policy exclusions and then select Type as Folder give the path as "C:\Program Files (x86)\CyberCNSAgentV2” and then click on Save.

...

  • Select the configured policy and then click on Set as Default.

...

...

  • After applying the policies the cybercns agent is now allowed to scan.

  • Navigate to Threats Xplorer in General view section to view the process.

...

  • Here is the scan report from bitdefender.

...

  • Confirm the configured Policy is applied for the endpoint by navigating to Network and then clicking on the endpoint to verify.

...

  • .

...

Bitdefender Block port scans function of the Firewall module

  • In order to set exclusions for the Block port scans function of the Firewall module.

  • Navigate to GravityZone Control Center → select Policies.

  • Give the name of your policy For Eg:- (Vulnerability Scanner Exclusion (default)).

  • Click on Save to create policy Details.

    image-20231226-073607.pngImage Added
  • After creating the Policy Details, the policy name can be viewed under Policies.

  • Then click on Policy name to navigate to Firewall section.

...

  • Navigate to Firewall select General and Enable Firewall, log verbosity level, Block port scan and Exclusion.

  • Enable Exclusions and then select Type as IP/Mask and Excluded entity give the IP which need to Excluded.

  • Specify IP addresses for scenarios involving scanners reporting and assessing endpoint vulnerabilities.

  • Port scan exclusions are compatible with Bitdefender Endpoint Security Tools for Windows.

  • Add port scan Exclusion Ex. IP/mask (10.0.0.1/8) and then click on Save.

    image-20231226-082440.pngImage Added

Bitdefender Exclusion Through Network Protection

  • Navigate to Network Protection→ Select General

  • To add a port scan exclusion rule:

    • Enter the IP address in the corresponding field. 

    • Provide a short description to easily identify the exclusion rule.

    • If needed and to save time, enable Duplicate to Network Protection to automatically create the same exclusion in the Network Protection section.

    • Click Add exclusion to finish the process.

    • A new entry appears in the grid below.

  • If Duplicate to Network Protection is enabled, the same exclusion rule appears in the Network Protection section. However, to apply it there, make sure the Exclusions section in Network Protection is also enabled.

    image-20231229-092837.pngImage Added
Info

If whitelisting URLs in the firewall section and network protection does not resolve the issue, custom exclusion rules can be utilized to flag the URLs and IP addresses.

  • Navigate to Custom exclusion rules and ADD RULE for Custom exclusion rules.

    image-20231226-091908.pngImage Added
  • To add a rule, center the 'Exclude every' on Connection, and to match the following: Source IP, choose 'Is.' Here, add the agent IP address and click on Next.

    image-20231226-084841.pngImage Added
  • Navigate to Exclusion rule settings Enter the Fields Rule name, Description, Rule tags, Enable exclusion rule, and then click on Next.

    image-20231226-085637.pngImage Added
  • Navigate to Exclusion rule targets Enter the Fields Rule targets in that Apply rule on targets from Endpoint tags and Then click on Save.

...

  • Below is the screenshot of the endpoint machine that excluded the CyberCNS folder from scanning.

...

This completes the Bitdefender GravityZone Whitelisting documentation.

...