The security agent’s protection modules, roles and scanning modes are initially configured within the installation package. After you have installed the security agent in your network, you can anytime change the initial settings by sending a Reconfigure client remote task to the managed endpoints you are interested in.
The Reconfigure client task overwrites all installation settings and none of the initial settings is kept. While using this task, make sure to reconfigure all the installation settings for the target endpoints.
You can change the installation settings from the Network area or from the Endpoint Modules Status report.
To change the installation settings for one or several endpoints:
Go to the Network page.
Select the group that you want from the left-side pane. All endpoints from the selected container are displayed in the right-side pane table.
Select the check boxes of endpoints for which you want to change the installation settings.
Click the Tasks button at the upper side of the table and choose Reconfigure client.
Reconfigure Client page will not show which modules are currently installed on the endpoint.
Select one of the actions below:
Add – Add new modules besides the existing ones.
Remove – Remove specific modules from the existing ones.
Match list – Match the modules installed with your selection.
Under Scan mode select the scan mode to be used on the endpoint:
Only available when selecting the Match List option.
Automatic. In this case, the security agent will automatically detect the endpoint’s configuration and will adapt the scanning technology accordingly:
Central Scan in Public or Private Cloud (with Security Server) with fallback on Hybrid Scan (Light Engines), for physical computers with low hardware performance and for virtual machines. This case requires at least one Security Server deployed in the network.
Local Scan (with Full Engines) for physical computers with high hardware performance.
Low performance computers are considered to have the CPU frequency less than 1.5 GHz, or RAM memory less than 1 GB.
Custom. In this case, you can configure the scan mode by choosing between several scanning technologies for physical and virtual machines:
Central Scan in Public or Private Cloud (with Security Server), which can fallback* on Local Scan (with Full Engines) or on Hybrid Scan (with Light Engines)
Hybrid Scan (with Light Engines)
Local Scan (with Full Engines)
Default scan modes:
The default scan mode for EC2 instances is Local Scan (security content is stored on the installed security agent, and the scan is run locally on the machine). If you want to scan your EC2 instances with a Security Server, you need to configure the security agent’s installation package and the applied policy accordingly.
In this case, the BitdefenderSecurity Server hosted in the AWS region corresponding to the target EC2 instances is automatically assigned.
The default scan mode for Microsoft Azure virtual machines is Local Scan (security content is stored on the installed security agent, and the scan is run locally on the machine). If you want to scan your Microsoft Azure virtual machines with a Security Server, you need to configure the security agent’s installation package and the applied policy accordingly.
The default scan mode for BEST for Linux v7 when using the Bitdefender for Security Containers add-on is:
Hybrid Scan, for physical endpoints (including container hosts) and nodes (in case of Kubernetes).
Central Scan with the fallback on Hybrid Scan for endpoints (including container hosts) and nodes (in case of Kubernetes) that are either virtual machines or on a cloud infrastructure (whether IaaS or PaaS) supported by GravityZone integrations.
A Security Server needs to be available for this scan to apply. If none is available the scan mode will be set to Hybrid.
For more information regarding available scanning technologies, refer to Antimalware.
Security Server Assignment.
Click the Security Server list in the table header. The list of detected Security Servers is displayed.
Certain Bitdefender Partners can share their Security Servers with their customers. Here you can view the Security Servers your Bitdefender Partner has assigned to you, provided it has this ability.
Select an entity.
Click the Add button from the Actions column header.
The Security Server is added to the list.
Follow the same steps to add several security servers, if available. In this case, you can configure their priority using the up and down arrows available at the right side of each entity. When the first Security Server is unavailable, the next one will be used and so on.
To delete one entity from the list, click the corresponding Delete button at the upper side of the table.
You can choose to encrypt the connection to Security Server by selecting the Use SSL option.
For EC2 instances, the BitdefenderSecurity Server hosted in the corresponding AWS region is automatically assigned, so there is no need to configure the Security Server Assignment section.
Under the Scheduler section, configure the time when the task will run:
Now, to launch the task immediately.
Scheduled, to set up the task recurrence interval. In this case, select the time interval that you want (hourly, daily or weekly) and configure it according to your needs.
For example, when other important processes are also required to run on the target machine, you can schedule the task to run every 2 hours. The task will start on each target machine every 2 hours until it is successfully done.
Configure the modules, roles and scan modes for the target endpoint as you want. For more information, refer to Install security agents – standard procedure
You can only modify scan modes by using the Match list action.
Only the supported modules for each operating system will be installed.
The Firewall module is available only for supported Windows workstations.
Click Save. A confirmation message will appear.
You can view and manage the task on the Network > Tasks page. For more information, refer to Viewing and managing tasks.