Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Current »

Bitdefender GravityZone Whitelisting allows system administrators to create a whitelist of trusted applications based on their digital signatures, file paths, or other attributes. These trusted applications are considered safe and are allowed to run without any restrictions or additional security checks.

The primary executables of CyberCNS which can be whitelisted are as below:

​cybercnsagent.exe
cyberutilities.exe
nmap.exe
osqueryi.exe
cybercnsagentmonitor.exe 

For remote assets getting scanned via Probe Agent:

  • Whitelist the below executable path of the dissolvable agent into a remote asset.  "C:\windows\CyberCNS_DissolvableAgent" 

  • To whitelist the folder on the remote asset, use the installation folder path i.e “C:\Windows\CyberCNSAgent”

Please follow the below steps to whitelist the CyberCNS Folder from Exclusion.

  • The “Folder” type of exclusion can be added in the Bitdefender GravityZone console which helps exclude all files and processes inside the specified folder and from all its subfolders.

  • Type: Folder ; Path : C:\Program Files\Application\

  • Folder exclusion (Examples):

C:\Test\*- excludes all folders from the Test folder

C:\Test– excludes all files and folders under the Test folder

  • For network vulnerabilities detection using a probe agent, nmap is used from the location C:\ProgramFiles<x86>\CyberCNS AgentV2\nmap\nmap.exe

  • Please allow port scanning from probe agent to help determine vulnerabilities.

Steps to be followed In the Bit Defender

Bitdefender’s Antimalware module

  • In the Bit Defender, Navigate to -> Policies → Click on Add.

  • Navigate to Antimalware → Select On-Execute

  • Default action for infected application should be set to Take no action.

  • Navigate to Settings.

  • Enable In-policy exclusions and then select Type as Folder give the path as "C:\Program Files (x86)\CyberCNSAgentV2” and then click on Save.

  • Select the configured policy and then click on Set as Default.

  • After applying the policies the cybercns agent is now allowed to scan.

  • Navigate to Threats Xplorer in General view section to view the process.

  • Here is the scan report from bitdefender.

  • Confirm the configured Policy is applied for the endpoint by navigating to Network and then clicking on the endpoint to verify.

Bitdefender Block port scans function of the Firewall module

  • In order to set exclusions for the Block port scans function of the Firewall module.

  • Navigate to GravityZone Control Center → select Policies.

  • Give the name of your policy For Eg:- (Vulnerability Scanner Exclusion (default)).

  • Click on Save to create policy Details.

    image-20231226-073607.png
  • After creating the Policy Details, the policy name can be viewed under Policies.

  • Then click on Policy name to navigate to Firewall section.

image-20231226-073230.png
  • Navigate to Firewall select General and Enable Firewall, log verbosity level, Block port scan and Exclusion.

  • Enable Exclusions and then select Type as IP/Mask and Excluded entity give the IP which need to Excluded.

  • Specify IP addresses for scenarios involving scanners reporting and assessing endpoint vulnerabilities.

  • Port scan exclusions are compatible with Bitdefender Endpoint Security Tools for Windows.

  • Add port scan Exclusion Ex. IP/mask (10.0.0.1/8) and then click on Save.

    image-20231226-082440.png

Bitdefender Exclusion Through Network Protection

  • Navigate to Network Protection→ Select General

  • To add a port scan exclusion rule:

    • Enter the IP address in the corresponding field. 

    • Provide a short description to easily identify the exclusion rule.

    • If needed and to save time, enable Duplicate to Network Protection to automatically create the same exclusion in the Network Protection section.

    • Click Add exclusion to finish the process.

    • A new entry appears in the grid below.

  • If Duplicate to Network Protection is enabled, the same exclusion rule appears in the Network Protection section. However, to apply it there, make sure the Exclusions section in Network Protection is also enabled.

    image-20231229-054027.png

If whitelisting URLs in the firewall section and network protection does not resolve the issue, custom exclusion rules can be utilized to flag the URLs and IP addresses.

  • Navigate to Custom exclusion rules and ADD RULE for Custom exclusion rules.

    image-20231226-091908.png
  • To add a rule, center the 'Exclude every' on Connection, and to match the following: Source IP, choose 'Is.' Here, add the agent IP address and click on Next.

    image-20231226-084841.png
  • Navigate to Exclusion rule settings Enter the Fields Rule name, Description, Rule tags, Enable exclusion rule, and then click on Next.

    image-20231226-085637.png
  • Navigate to Exclusion rule targets Enter the Fields Rule targets in that Apply rule on targets from Endpoint tags and Then click on Save.

image-20231226-090146.png
  • Below is the screenshot of the endpoint machine that excluded the CyberCNS folder from scanning.

This completes the Bitdefender GravityZone Whitelisting documentation.

  • No labels