BitDefender Management Server Administrator's Guide v3.0 en

MANAGEMENT SERVER
Administrator's Guide
BitDefender Management Server

Administrator's Guide
Published 2008.03.31
Revision 3.0
Copyright 2008 BitDefender
Legal Notice
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from an authorized representative of BitDefender. The inclusion of brief quotations in reviews may be
possible only with the mention of the quoted source. The content can not be modified in any way.
Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this
document is provided on an as is basis, without warranty. Although every precaution has been taken in the preparation
of this document, the authors will not have any liability to any person or entity with respect to any loss or damage
caused or alleged to be caused directly or indirectly by the information contained in this work.
This book contains links to third-party Websites that are not under the control of BitDefender, therefore BitDefender
is not responsible for the content of any linked site. If you access a third-party website listed in this document, you
will do so at your own risk. BitDefender provides these links only as a convenience, and the inclusion of the link does
not imply that BitDefender endorses or accepts any responsibility for the content of the third-party site.
Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document
are the sole property of their respective owners, and are respectfully acknowledged.
She came to me one morning, one lonely Sunday morning

Her long hair flowing in the mid-winter wind
I know not how she found me, for in darkness I was walking
And destruction lay around me, from a fight I could not win
Table of Contents
License and Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Description ............................................................... 1
1. Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. BitDefender Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2. BitDefender Client Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3. BitDefender Management Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4. BitDefender Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.5. BitDefender Deployment Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.6. BitDefender Update Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Supported BitDefender Client Products . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1. Workstation Client Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2. Server Client Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installation .............................................................. 13
4. System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1. Requirements of BitDefender Management Server . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1.1. BitDefender Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1.2. BitDefender Management Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1.3. BitDefender Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2. Requirements of BitDefender Client Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2.1. BitDefender Business Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5. Installing BitDefender Management Server . . . . . . . . . . . . . . . . . . . . . . . 16
5.1. Step 1/9 - Welcome Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.2. Step 2/9 - Read the License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.3. Step 3/9 - Customize Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.4. Step 4/9 - Choose Server Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.5. Step 5/9 - Specify Communication Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.6. Step 6/9 - Ensure Database Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.7. Step 7/9 - Connect to Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.8. Step 8/9 - Start Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.9. Step 9/9 - Finish Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6. Repairing or Removing BitDefender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
iv
Configuration and Management ................................. 28

7. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.1. Opening Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.2. Connecting to BitDefender Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
7.3. User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
7.3.1. Tree Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.3.2. Menu Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.4. Changing Logon Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8. Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.1. Purchasing License Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8.2. Registering BitDefender Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
9. Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
9.1. Management Server Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
9.2. Business Clients Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
10. Computers Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
10.1. Managed Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
10.1.1. Viewing All Managed Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
10.1.2. Group Shortcut Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
10.1.3. Computer Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
10.1.4. Refreshing Computer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
10.1.5. Sorting through Computer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
10.1.6. Searching for Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
10.1.7. Assigning Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
10.1.8. Viewing Current Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
10.1.9. Getting Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
10.1.10. Switching between Restricted and Power User . . . . . . . . . . . . . . . . . . . . . . 48
10.1.11. Deleting Computers from Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
10.1.12. Excluding Computers from Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
10.1.13. Changing Displayed Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
10.1.14. Exporting Computer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
10.2. Unmanaged Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
10.2.5. Deploying BitDefender Management Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 53
10.2.6. Excluding Computers from Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
10.2.7. Deleting Computers from Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
10.2.8. Changing Displayed Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
10.2.9. Exporting Computer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
10.3. Excluded Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
v

10.3.5. Deleting Computers from Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
10.3.6. Restoring Excluded Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
10.3.7. Changing Displayed Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
10.3.8. Exporting Computer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
11. Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
11.1. New Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
11.1.1. Managing Policy Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
11.1.2. Creating New Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
11.2. Current Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
11.2.1. Managing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
11.2.2. Enabling/Disabling Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
11.2.3. Assigning Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
11.2.4. Monitoring Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
12. WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
12.1. New WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
12.1.1. Managing WMI Script Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
12.1.2. Creating New WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
12.2. Current WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
12.2.1. Managing WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
12.2.2. Enabling/Disabling WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
12.2.3. Checking Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
13. Reporting Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
13.1. Creating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
13.2. Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
13.2.1. Exporting Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
13.2.2. Printing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
13.2.3. Refreshing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
13.2.4. Navigating in Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
13.2.5. Searching Keywords in Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
13.2.6. Changing Zooming Factor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
14. Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
14.1. Examining Server Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
14.1.1. Setting Verbosity Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
14.1.2. Sorting Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
14.1.3. Deleting Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
15. Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
15.1. Network Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
15.1.1. Step 1/2 - Organize Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
15.1.2. Step 2/2 - Deploy BitDefender Management Agent . . . . . . . . . . . . . . . . . . . . 96
vi
15.2. Credentials Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

15.2.1. Adding New Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
15.2.2. Deleting Existing Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
15.3. Deployment Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
15.3.1. Launching Deployment Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
15.3.2. Automatically Installing, Repairing or Removing Products . . . . . . . . . . . . . 102
15.3.3. Examining Deployment Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
15.3.4. Creating Unattended Installation Packages . . . . . . . . . . . . . . . . . . . . . . . . . 112
15.4. Automatic Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
15.4.1. Configuring Automatic Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
15.4.2. Configuring Automatic Deployment for VPN Computers . . . . . . . . . . . . . . 123
15.4.3. Deploying BitDefender Business Client Automatically . . . . . . . . . . . . . . . . 125
15.4.4. Disabling Automatic Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
15.5. BitDefender Update Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
15.5.1. Opening Configuration Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
15.5.2. Configuring Update Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
16. Master-Slave Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
16.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
16.2. Master Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
16.3. Viewing Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
16.3.1. Network View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
16.3.2. Virtual View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
16.4. Master/Virtual Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
16.5. Master/Virtual WMI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
16.6. Master Reporting Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
16.7. Master Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Policy Templates .................................................... 138

17. BitDefender Management Server Templates . . . . . . . . . . . . . . . . . . . 139
17.1. BitDefender Management Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
17.1.1. Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
18. BitDefender Business Client Templates . . . . . . . . . . . . . . . . . . . . . . . . 142
18.1. Update Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
18.1.1. Update Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
18.1.2. Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
18.1.3. Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
18.2. Update Scheduled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
18.2.1. Update Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
18.2.2. Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
18.2.3. Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
18.3. Scan Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
18.3.1. Scan Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
18.3.2. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
vii
18.3.3. Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

18.3.4. Other Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
18.4. Antivirus Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
18.4.1. Real-time Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
18.4.2. Protection Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
18.4.3. Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
18.4.4. Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
18.5. Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
18.5.1. General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
18.5.2. Profile Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
18.5.3. Other Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
18.6. Privacy Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
18.6.1. Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
18.6.3. Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
18.6.4. Identity Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
18.6.5. Cookie Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
18.6.6. Script Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
18.6.7. Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
18.7. Antispam Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
18.7.1. Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
18.7.3. Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
18.8. User Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
18.8.1. User Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
18.8.2. General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
18.8.3. Web Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
18.8.4. Applications Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
18.8.5. Keyword Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
18.8.6. Webtime Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
18.9. Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
18.9.1. Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
18.9.2. Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
18.9.3. Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
18.10. Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
18.10.1. General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
18.10.2. Virus Report Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Getting Help ........................................................... 190

19. Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
19.1. BitDefender Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
19.2. Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
19.2.1. Web Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
19.2.2. Branch Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
viii
License and Warranty

IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS DO NOT INSTALL
THE SOFTWARE. BY SELECTING "I ACCEPT", "OK", "CONTINUE", "YES" OR BY
INSTALLING OR USING THE SOFTWARE IN ANY WAY, YOU ARE INDICATING
YOUR COMPLETE UNDERSTANDING AND ACCEPTANCE OF THE TERMS OF
THIS AGREEMENT.
These Terms cover BitDefender Corporate Solutions and Services for Companies
licensed to you, including related documentation and any update and upgrade of the
applications delivered to you under the purchased license or any related service
agreement as defined in the documentation and any copy of these items.
This License Agreement is a legal agreement between you (either an individual or a
legal person) and BitDefender for use of BitDefenders software product identified
above, which includes computer software and services, and may include associated
media, printed materials, and "online" or electronic documentation (hereafter designated
as "BitDefender"), all of which are protected by international copyright laws and
international treaties. By installing, copying or using BitDefender, you agree to be
bound by the terms of this agreement.
If you do not agree to the terms of this agreement, do not install or use BitDefender.
BitDefender License. BitDefender is protected by copyright laws and international
copyright treaties, as well as other intellectual property laws and treaties. BitDefender
is licensed, not sold.
GRANT OF LICENSE. BitDefender hereby grants you and only you the following
non-exclusive, limited, non-transferable and royalty-bearing license to use BitDefender.
APPLICATION SOFTWARE. You may install and use BitDefender, on as many
computers as necessary with the limitation imposed by the total number of licensed
users. You may make one additional copy for back-up purpose.
SERVER USER LICENSE. This license applies to BitDefender software that provides
network services and can be installed on computers that provide network services.
You may install this software on as many computers as necessary within the limitation
imposed by the total number of users to which these computers provide network
services. This limitation refers to the total number of users that has to be less than or
equal to the number of users of the license.
DESKTOP USER LICENSE. This license applies to BitDefender software that can be
installed on a single computer and which does not provide network services. Each
primary user may install this software on a single computer and may make one
License and Warranty ix

additional copy for backup on a different device. The number of primary users allowed
is the number of the users of the license.
TERM OF LICENSE. The license granted hereunder shall commence on the purchasing
date of BitDefender and shall expire at the end of the period for which the license is
purchased.
EXPIRATION. The product will cease to perform its functions immediately upon
expiration of the license.
UPGRADES. If BitDefender is labeled as an upgrade, you must be properly licensed
to use a product identified by BitDefender as being eligible for the upgrade in order
to use BitDefender. A BitDefender labeled as an upgrade replaces and/or supplements
the product that formed the basis for your eligibility for the upgrade. You may use the
resulting upgraded product only in accordance with the terms of this License
Agreement. If BitDefender is an upgrade of a component of a package of software
programs that you licensed as a single product, BitDefender may be used and
transferred only as part of that single product package and may not be separated for
use by more than the total number of licensed users. The terms and conditions of this
license replace and supersede any previous agreements that may have existed
between you and BitDefender regarding the original product or the resulting upgraded
product.
COPYRIGHT. All rights, titles and interest in and to BitDefender and all copyright rights
in and to BitDefender (including but not limited to any images, photographs, logos,
animations, video, audio, music, text, and "applets" incorporated into BitDefender),
the accompanying printed materials, and any copies of BitDefender are owned by
BitDefender. BitDefender is protected by copyright laws and international treaty
provisions. Therefore, you must treat BitDefender like any other copyrighted material.
You may not copy the printed materials accompanying BitDefender. You must produce
and include all copyright notices in their original form for all copies created irrespective
of the media or form in which BitDefender exists. You may not sub-license, rent, sell,
lease or share the BitDefender license. You may not reverse engineer, recompile,
disassemble, create derivative works, modify, translate, or make any attempt to discover
the source code for BitDefender.
LIMITED WARRANTY. BitDefender warrants that the media on which BitDefender is
distributed is free from defects for a period of thirty days from the date of delivery of
BitDefender to you. Your sole remedy for a breach of this warranty will be that
BitDefender , at its option, may replace the defective media upon receipt of the
damaged media, or refund the money you paid for BitDefender. BitDefender does not
warrant that BitDefender will be uninterrupted or error free or that the errors will be
corrected. BitDefender does not warrant that BitDefender will meet your requirements.
License and Warranty x

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, BITDEFENDER

DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT
TO THE PRODUCTS, ENHANCEMENTS, MAINTENANCE OR SUPPORT RELATED
THERETO, OR ANY OTHER MATERIALS (TANGIBLE OR INTANGIBLE) OR
SERVICES SUPPLIED BY HIM. BITDEFENDER HEREBY EXPRESSLY DISCLAIMS
ANY IMPLIED WARRANTIES AND CONDITIONS, INCLUDING, WITHOUT
LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, TITLE, NON INTERFERENCE, ACCURACY OF DATA,
ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION, AND NON
INFRINGEMENT OF THIRD PARTY RIGHTS BY FILTERING, DISABLING, OR
REMOVING SUCH THIRD PARTYS SOFTWARE, SPYWARE, ADWARE, COOKIES,
EMAILS, DOCUMENTS, ADVERTISEMENTS OR THE LIKE, WHETHER ARISING
BY STATUTE, LAW, COURSE OF DEALING, CUSTOM AND PRACTICE, OR TRADE
USAGE.
DISCLAIMER OF DAMAGES. Anyone using, testing, or evaluating BitDefender bears
all risk to the quality and performance of BitDefender. In no event shall BitDefender
be liable for any damages of any kind, including, without limitation, direct or indirect
damages arising out of the use, performance, or delivery of BitDefender, even if
BitDefender has been advised of the existence or possibility of such damages. SOME
STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR
INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR
EXCLUSION MAY NOT APPLY TO YOU. IN NO CASE SHALL BITDEFENDER'S
LIABILITY EXCEED THE PURCHASE PRICE PAID BY YOU FOR BITDEFENDER.
The disclaimers and limitations set forth above will apply regardless of whether you
accept to use, evaluate, or test BitDefender.
IMPORTANT NOTICE TO USERS. THIS SOFTWARE IS NOT FAULT-TOLERANT
AND IS NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS
ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THIS
SOFTWARE IS NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION,
NUCLEAR FACILITIES, OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS,
DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR
ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN
DEATH, SEVERE PHYSICAL INJURY OR PROPERTY DAMAGE.
GENERAL. This Agreement will be governed by the laws of Romania and by
international copyright regulations and treaties. The exclusive jurisdiction and venue
to adjudicate any dispute arising out of these License Terms shall be of the courts of
Romania.
Prices, costs and fees for use of BitDefender are subject to change without prior notice
to you.
License and Warranty xi

In the event of invalidity of any provision of this Agreement, the invalidity shall not
affect the validity of the remaining portions of this Agreement.
BitDefender and BitDefender logos are trademarks of BitDefender. All other trademarks
used in the product or in associated materials are the property of their respective
owners.
The license will terminate immediately without notice if you are in breach of any of its
terms and conditions. You shall not be entitled to a refund from BitDefender or any
resellers of BitDefender as a result of termination. The terms and conditions concerning
confidentiality and restrictions on use shall remain in force even after any termination.
BitDefender may revise these Terms at any time and the revised terms shall
automatically apply to the corresponding versions of the Software distributed with the
revised terms. If any part of these Terms is found void and unenforceable, it will not
affect the validity of rest of the Terms, which shall remain valid and enforceable.
In case of controversy or inconsistency between translations of these Terms to other
languages, the English version issued by BitDefender shall prevail.
Contact BitDefender, at 5, Fabrica de Glucoza street, 72322-Sector 2, Bucharest,
Romania, or at Tel No: 40-21-2330780 or Fax:40-21-2330763, e-mail address:
office@bitdefender.com.
License and Warranty xii

Description
1
1. Features and Benefits

Proactive Security and Management. BitDefender Client Security is a robust and
easy-to-use business security and management solution, which delivers superior
proactive protection from viruses, spyware, rootkits, spam, phishing and other malware.
BitDefender Client Security enhances business productivity and reduces management
and malware-related costs by enabling the centralized administration, protection and
control of workstations inside companies' networks.
1.1. Key Features

Policy-based centralized management
Tiered management architecture with master-slave servers
Centrally managed antivirus, firewall, update, antispam, privacy and user control
for workstations
Identification and correction of non-compliant systems
Proactive heuristic protection against zero-day threats
Important data backup at workstation level
Detailed reports
Extensive WMI script support
1.2. Key Benefits

Reduced administration workload and costs.
Provides a series of configurable security policies which can be easily set using
pre-defined templates
Maintains mobile users' compliance with corporate security policies even while
offline
Integrates with Active Directory for an easy and flexible management process
Helps address the compliance issues related to network admission by automatically
detecting new stations
Features and Benefits 2

Ensures consistent antimalware protection across the organization through

centralized management of the Business Client features: antivirus, firewall, antispam,
update, privacy control, user control
Enhances management capabilities allowing the IT admin to uninstall software (MSI)
from client workstations by using WMI scripts
Increases business productivity through user activity administration controls:
Sets restrictions against unsafe or undesirable Web sites and user level applications
Blocks e-mail messages based on key words
Limits Internet access for specific periods of time
Improved Network Visibility.
Offers an enhanced reporting tool which enables the administrator to regularly

generate statistics on the issues that appeared in the network
Facilitates network auditing (gathering of hardware and system information from
workstations) through the use of WMI administration scripts
Offers a first page summary (dashboard) containing the most important
security-related information and an easy way to fix issues
Improved Network Visibility
Optimized for Business Environments.
Saves workstation and network resources due to its small memory footprint and
optimized server-client communication

Works in the most commonly used network types (Ethernet, VPN, remote, WiFi)
Allows the setting of two types of clients - power clients, with unrestricted access
to the interface, and restricted clients, with limited access to the interface
Provides a scalable master-slave architecture capable of managing an increased
number of clients connected to a headquarter network from different physical
locations

2. Architecture
BitDefender Client Security has the following components: BitDefender Management
Server, BitDefender client products, BitDefender Management Agent, BitDefender
Management Console, BitDefender Deployment Tool and BitDefender Update Server.
Note
The only components visible to the user are BitDefender Management Console,
BitDefender Deployment Tool and BitDefender Update Server.
2.1. BitDefender Management Server

BitDefender Management Server is the main component of BitDefender Client Security.
Its purpose is to manage all BitDefender security solutions inside a network based on
customizable security policies.
Using BitDefender Management Server, you can remotely install and manage
BitDefender client products.
Remotely Install and Manage BitDefender Client Products
The "brain" of the product. The policies received from the user through the
management console are forwarded to the workstations in order to be executed, while
the information received from the workstations is processed by BitDefender
Management Server. The information is then forwarded to the management console
Architecture 5
where it can be viewed and interpreted by the administrator. BitDefender Management

Server can be dynamically extended to perform various other security-related policies
that users may need.
Standalone or master-slave configuration. BitDefender Management Server can
be deployed either as a standalone security management solution or in a master-slave
architecture.
Standalone or Master-Slave Architecture
In a standalone configuration, BitDefender Management Server manages the security

of and centralizes security information about client computers.
In a master-slave architecture, a specific instance of BitDefender Management
Server (the master server) manages other instances of BitDefender Management
Server (the slave servers).
As slave, BitDefender Management Server acts as standalone and also sends
centralized information about its managed computers to the master.
As master, BitDefender Management Server does not have its own managed
computers, but only those of its slave BitDefender Management Server. Its role
is to obtain centralized results regarding the security of all computers in the
organization.
Connected to Database. BitDefender Management Server will stay permanently

connected to a database (for example MS SQL Server Database) that stores
information about all product configuration files. In this way, BitDefender Management
Server can manage a huge amount of information in the shortest possible time.
Architecture 6
Password-protected. By default, BitDefender Management Server is

password-protected. The default password is: admin. The password can be changed
in the BitDefender Management Console.
Note
To manage the BitDefender clients from a workstation other than BitDefender
Management Server, you must perform a custom installation of BitDefender Management
Server on the respective workstation. When reaching the third installation step, disable
all components other than BitDefender Management Console.
2.2. BitDefender Client Products

A BitDefender client product is a product that BitDefender Management Server
manages remotely , through policies.
BitDefender Client Security smoothly integrates with and manages:
Workstation Client Products

BitDefender Business Client
Server Client Products (Gateway Level)
BitDefender Security for ISA Servers
BitDefender Security for Mail Servers (UNIX)
BitDefender Security for Exchange (2007)
Server Client Products (FileServer Level)
BitDefender Security for File Servers (Windows)
BitDefender Security for Samba
BitDefender Security for Sharepoint
Architecture 7
BitDefender Client Products
2.3. BitDefender Management Agent

BitDefender Management Agent is the component deployed on each workstation that
you want to be managed by BitDefender Management Server. It is used to ensure
communication between BitDefender Management Server and the BitDefender client
products installed on a specific workstation.
It fulfills three main functions:
queries BitDefender Management Server to learn the security policies that need to
be applied to the local workstation.
applies the security policies received from BitDefender Management Server.
sends the results of the applied policies to BitDefender Management Server .
2.4. BitDefender Management Console

BitDefender Management Console represents the graphical user interface (GUI),
created to allow the administrator to interact with BitDefender Management Server.
By using the management console you can:
visualize the entire network (managed computers, computers that are not currently
managed by BitDefender Management Server, computers excluded from
management).
Architecture 8
remotely deploy BitDefender Management Agent on detected network computers

or on computers from Active Directory.
remotely deploy BitDefender client products on managed computers.
set BitDefender Management Server to automatically deploy BitDefender
Management Agent and BitDefender Business Client on newly detected computers.
find out detailed information about a managed computer.
assign policies to managed computers or to computers from Active Directory in
order to configure and even to install BitDefender client products.
run WMI scripts on managed computers in order to remotely perform administrative
tasks.
check the results of the assigned policies and WMI scripts.
configure BitDefender Management Server and monitor its activity.
obtain centralized easy-to-read reports regarding the managed computers.
remotely remove client products installed on managed computers.
Note
To install only the management console on a workstation you must perform a custom
installation of BitDefender Management Server. When reaching the third installation
step, disable all components other than BitDefender Management Console.
2.5. BitDefender Deployment Tool

BitDefender Deployment Tool is an independent component that helps you
automatically install, remove or repair BitDefender products on remote network
computers. It also allows you to create unattended installation packages for use on
computers where automatic deployment cannot be performed.
Note
You can put it on a CD, on a shared folder, send it by e-mail or use a logon script in
order to install it on workstations.
2.6. BitDefender Update Server

BitDefender Update Server is an independent component that allows you to set up a
BitDefender update location within the local network. In this way, you can reduce
Internet traffic because only one computer will connect to the Internet to download
Architecture 9
updates while the others will update from this local mirror. Moreover, updates will be
performed faster and even on the computers that are not connected to the Internet.
BitDefender Update Server is easy to configure through an intuitive step by step wizard.
Important
You must publish the folder in which updates are downloaded in order to make them
available to the network clients. To this purpose, you can use BitDefender HTTP Server
or another HTTP server such as IIS or Apache.
Architecture 10
3. Supported BitDefender Client Products

BitDefender Client Security smoothly integrates with and manages both BitDefender
workstation and server security solutions.
3.1. Workstation Client Products


BitDefender Business Client integrates antivirus, firewall, antispam and antispyware
modules into one comprehensive workstation security package, tailored to meet the
needs of corporate computer users worldwide.
3.2. Server Client Products

BitDefender Security for ISA Servers
BitDefender Security for Mail Servers (UNIX)
BitDefender Security for Exchange (2007)
BitDefender Security for File Servers (Windows)
BitDefender Security for Samba
BitDefender Security for Sharepoint
Security for ISA Servers

BitDefender Security for ISA Servers offers antivirus and antispyware protection for
web traffic, including protection for data received through webmail. BitDefender Security
for ISA Servers integrates with the Microsoft ISA Servers through two application filters
(ISAPI) offering antivirus and antispyware protection for HTTP, FTP and FTP through
HTTP traffic.
Security for Mail Servers

Designed for mail servers running on Windows or UNIX-based platforms, BitDefender
Security for Mail Servers combines advanced antivirus technlogies with content and
antispam filters to provide safe mail traffic for companies and Service Providers. The
product is compatible with the majority of existing e-mail platforms.
Supported BitDefender Client Products 11

Security for Exchange

BitDefender Security for Exchange provides antivirus and anti-spam engines, creating
a completely clean Exchange environment. Due to the VSAPI technology, BitDefender
Security for Exchange offers advanced e-mail filtering without affecting server
performance or the e-mail traffic.
Security for File Servers

BitDefender Security for File Servers is a solution especially dedicated to
Windows-based servers. It protects file-sharing servers, while lowering the burden
implied by administrating a server software solution. Easy to install and easy to
configure, but with a strong set of functionalities, it targets both small and large
organizations.
Security for Samba

BitDefender Security for Samba provides antivirus and antispyware protection for
Samba network shares. By scanning all accessed files for known and unknown malware
it keeps network users safe and it helps comply with data protection regulations. The
product is highly flexible as the open source BitDefender vfs module can be compiled
against any Samba version, which makes it the best choice for your favorite Unix-based
system.
Security for SharePoint

BitDefender Security for SharePoint provides antivirus protection for your SharePoint
Server. BitDefender Security for SharePoint scans the files uploaded and downloaded
in document libraries and lists, in real-time, with excellent cleanup rates and an option
to quarantine infected files.
Supported BitDefender Client Products 12

Installation
13
4. System Requirements
To fulfill its main purpose - centralized administration of all BitDefender security
solutions in a network environment - BitDefender Management Server requires a
Microsoft Windows Network (TCP/IP)-based computer network.
Besides this primary requirement, specific system requirements must be met in order
for BitDefender Management Server and its client products to operate properly.
To see the BitDefender Management Server system requirements, please refer to

Requirements of BitDefender Management Server (p. 14).
To see the system requirements of the BitDefender Management Server clients,
please refer to Requirements of BitDefender Client Products (p. 15).
4.1. Requirements of BitDefender Management

Server
Before installing BitDefender Management Server or a specific component, make sure
that the system meets its minimum requirements.
4.1.1. BitDefender Management Server

Before installing BitDefender Management Server, make sure that the following system
requirements are met:
Minimum processor - Intel Pentium compatible processor 800MHz

Minimum RAM memory - 512MB
Operating system - Windows 2000 Professional + SP4 / 2000 Server + SP4 / XP
+ SP2 / 2003 + SP2
Software - Microsoft SQL Server / SQL Server Express
4.1.2. BitDefender Management Agent

Before deploying BitDefender Management Agent on a remote computer, make sure
that the following system requirements are met:
Minimum processor - Intel Pentium compatible processor
System Requirements 14
Operating system - Windows 2000 Professional + SP4 / 2000 Server + SP4 / XP

+ SP2 / 2003 + SP2 / Vista / Linux
4.1.3. BitDefender Management Console

Before installing BitDefender Management Console, make sure that the following
system requirements are met:
Minimum processor - Intel Pentium compatible processor

Operating system - Windows 2000 + SP4 / XP + SP2 / 2003 + SP2 / Vista
Software - Internet Explorer 6.0(+); Microsoft Management Console (MMC) 3.0(+)
Minimum resolution - 800x600 / 16 bit
4.2. Requirements of BitDefender Client Products

Before deploying a BitDefender client product on a remote computer, make sure that
the system meets its minimum requirements.
4.2.1. BitDefender Business Client

Before deploying this client product, make sure that the following system requirements
are met:
Minimum processor - 800 MHz

Minimum hard disk space - 60MB
Minimum RAM memory:
256 MB of RAM Memory (512 MB recommended) for Windows 2000
256 MB of RAM Memory (1 GB recommended) for Windows XP
512 MB of RAM Memory (1 GB recommended) for Window 2003 and Vista
Operating system - Windows 2000 + SP4 / 2003 + SP2 / XP + SP2 (32/64 bit) /
Vista (32/64 bit)
System Requirements 15
5. Installing BitDefender Management Server

Launching the setup wizard. Locate the setup file and double-click it. This will launch
a wizard, which will guide you through the setup process.
Note
Before launching the setup wizard, BitDefender will check for newer versions of the
installation package. If a newer version is available, you will be prompted to download
it. Click Yes to download the newer version or No to continue installing the version then
available in the setup file.
BitDefender will also alert you if you have a newer version of BitDefender Management
Server installed.
Follow the setup wizard to install BitDefender Management Server:
5.1. Step 1/9 - Welcome Window

This welcome window describes the main benefits of using BitDefender Management
Server.
Welcome Window
Click Next. A new window will appear.
Installing BitDefender Management Server 16

5.2. Step 2/9 - Read the License Agreement

This window provides you with the License Agreement accompanying BitDefender
Management Server.
License Agreement
Please read the License Agreement, select I accept the terms in the License
Agreement and click Next. A new window will appear.
Note
If you do not agree to these terms click Cancel. The installation process will be
abandoned and you will exit setup.
5.3. Step 3/9 - Customize Installation

This window allows you to change the installation path and to choose which
components of the installation package to be installed.

Custom Installation
Installation Package Components. The installation package contains the following

components:
BitDefender Management Server&Console - allows installing both BitDefender

Management Server and BitDefender Management Console.
BitDefender Management Console - allows installing only BitDefender Management
Console.
BitDefender Update Server - allows installing BitDefender Update Server.
BitDefender HTTP Server - allows installing BitDefender HTTP Server.
If you click any component name, a short description (including the minimum space
required on the hard disk) will appear on the right side. By clicking any component
icon, a menu will appear where you can choose whether to install or not the selected
component.
Installation Path. By default, BitDefender Management Server will be installed in
?:\Program Files\BitDefender\BitDefender Management Server. If you
want to change the installation path, click Browse and select the folder in which you
would like BitDefender Management Server to be installed.
Note
If you have chosen to install only BitDefender Update Server or only BitDefender
Management Console, skip directly to Step 8/9 - Start Installation (p. 24).

5.4. Step 4/9 - Choose Server Type

This window allows you to select the server type to be installed.
Server Type
You can select one of the following options:
Single - to install a standalone, unique instance of BitDefender Management Server

within the network. Such an instance of BitDefender Management Server manages
all computers in the network.
Recommended for growing businesses located in a single physical space.
Master - to install a master instance of BitDefender Management Server which will
manage only slave instances of BitDefender Management Server deployed within
the company's computer networks.
Slave - to install a slave instance of BitDefender Management Server. Such an
instance manages all computers within a defined network, being managed, at the
same time, by a master instance of BitDefender Management Server. If you select
this option, an edit field will appear where you must type the name or IP address of
the master instance.
Note
For more information on the master-slave architecture, please refer to Architecture
(p. 5).

5.5. Step 5/9 - Specify Communication Ports

This window allows you to change the ports used by the BitDefender Management
Server components to communicate.
Communication Ports
You may change the default communication ports in the following fields:
Server port - type in the port that will be used by a master instance of BitDefender
Management Server to communicate with a slave instance. The default port is 8082.
Agent port - type in the port that will be used by BitDefender Management Server
to communicate with BitDefender Management Agent. The default port is 8080.
Console port - type in the port that will be used by BitDefender Management Server
to communicate with BitDefender Management Console. The default port is 8081.
Important
Please take the following into account:
Provide port values between 1 and 65535 and make sure the specified ports are not
used by other applications.
Configure the local firewalls to allow these ports to be used.
Remember the console port as you will need to provide it when connecting to
BitDefender Management Server.

5.6. Step 6/9 - Ensure Database Support

This window allows you to install SQL Server Express or to use an existing database.
Database Support
BitDefender Management Server uses a dedicated database to manage all its

necessary information (about configuration files, settings, and so on). This helps
BitDefender Management Server operate with large amount of data within the shortest
delay possible and increase its efficiency. The supported databases are Microsoft
SQL Server and SQL Server Express.
You can choose one of the following options:
Install SQL Server Express - to install Microsoft SQL Server Express on the local
machine and use this instance to manage the necessary information.
Use existing database - to connect to an existing instance of Microsoft SQL Server
/ SQL Server Express and use this instance to manage the necessary information.
Note
If BitDefender detects a database it can work with on the local machine, this option
will be selected by default.

Note
If you have chosen to install SQL Server Express, you will have to wait for the installation
to complete.
5.7. Step 7/9 - Connect to Database

I have chosen to install SQL Server Express
This window allows you to connect to the database.
Database Credentials
You can see the name of the SQL Server instance (127.0.0.1\SQLEXPRESS) that
will be installed, as well as the database name (em3) and the generic administrator
username (sa).
You must specify the following:
Password - type in a password for the generic administrator username.

Confirm password - re-type the password.
The password must be at least 7 characters long, and it must contain at least one
capital letter, one small letter, one digit and one symbol.

I have chosen to use an existing database

This window allows you to connect to the database.
You must first provide the information used to connect to the database. The following
fields must be filled in:
SQL Server Instance Name - type in the name of the SQL Server instance.
Port - type in the port used by BitDefender Management Server to communicate
with the database.
Username - type in a username recognized by the database.
Password - type in the password of the previously specified username.
BitDefender Management Server detected a compatible

database
This window allows you to connect to a database detected on the local machine.

You can see the name of the detected SQL Server instance
(127.0.0.1\SQLEXPRESS) and the database name (em3).
You must specify the following:
Username - type in a username recognized by the database.

Password - type in the password of the previously specified username.
5.8. Step 8/9 - Start Installation

This window allows you to start installation.

Start Installation
You can see the third-party products that will be installed on your computer, if any.
Depending on the components selected to be installed and on the software already
installed on the local machine, the following third-party products may be installed:
Dot Net Framework (required by BitDefender Management Console)

Crystal Reports (required by BitDefender Management Console)
Microsoft SQL Server (required by BitDefender Management Server)
You can return to the previous steps to make any revisions if you consider this
necessary.
Click Install in order to begin the installation of the product. Please note that the
installation will take several minutes. Please wait for the installation to complete.
5.9. Step 9/9 - Finish Installation

At the end of the installation a new window will appear.

Finish
Click Finish. You will be asked to restart your system in order to complete the
installation process. Please do it as soon as possible.
If you have accepted the default settings for the installation path, a new folder, named
BitDefender, will appear in Program Files and it will contain the BitDefender
Management Server subfolder.

6. Repairing or Removing BitDefender

If you want to repair or remove BitDefender Management Server, follow the path
from the Windows start menu: Start Programs BitDefender Management
Server Repair or Remove.
You will be requested to confirm your choice by clicking Next. A new window will
appear where you can select:
Repair - to re-install all program components installed by the previous setup.

If you choose to repair BitDefender, a new window will appear. Click Repair to start
the repairing process.
Remove - to remove all installed components.
Note
We recommend that you choose Remove for a clean re-installation.
If you choose to remove BitDefender, a new window will appear. Click Remove to
start the removal of BitDefender Management Server from your computer.
Note
After the removal process is over, we recommend that you delete the BitDefender
folder from Program Files.
An error occurred while removing BitDefender

If an error has occurred while removing BitDefender, the removal process will be
aborted and a new window will appear. Click Run UninstallTool to make sure that
BitDefender has been completely removed. The uninstall tool will remove all the
files and registry keys that were not removed during the automatic removal process.
Repairing or Removing BitDefender 27

Configuration and Management
28
7. Getting Started
BitDefender Management Server and its client products can be configured and
managed through a graphical user interface named BitDefender Management Console.
The new MMC-based management console was designed with the network
administrator's needs in mind and focusing on improving user experience.
By using the management console you can:
visualize the entire network (managed computers, computers that are not currently
managed by BitDefender Management Server, computers excluded from
management).
remotely deploy BitDefender Management Agent on detected network computers
or on computers from Active Directory.
remotely deploy BitDefender client products on managed computers.
set BitDefender Management Server to automatically deploy BitDefender
Management Agent and BitDefender Business Client on newly detected computers.
find out detailed information about a managed computer.
assign policies to managed computers or to computers from Active Directory in
order to configure and even to install BitDefender client products.
run WMI scripts on managed computers in order to remotely perform administrative
tasks.
check the results of the assigned policies and WMI scripts.
configure BitDefender Management Server and monitor its activity.
obtain centralized easy-to-read reports regarding the managed computers.
remotely remove client products installed on managed computers.
7.1. Opening Management Console

To open the management console, use the Windows Start menu, by following the
path: Start Programs BitDefender Management Server BitDefender
Management Console.
Getting Started 29
7.2. Connecting to BitDefender Management Server

Whenever you open the management console, you must provide the logon information
of the BitDefender Management Server instance you want to connect to.
Logon Settings
To connect to BitDefender Management Server, fill in the following fields:
Enterprise Server - type in the IP address of the BitDefender Management Server

instance you want to connect to.
Note
If the instance of BitDefender Management Server is on the local machine, you can
type 127.0.0.1 or Localhost.
Port - type in the port used by the management console to communicate with the
respective instance of BitDefender Management Server.
Getting Started 30
Note
This port was specified during the installation of BitDefender Management Server. If
you did not change the default value, type 8081.
Username - type in a recognized username. The default username is

administrator.
Password - type in the password of the previously specified username. The default
password is admin.
7.3. User Interface

When you connect to a BitDefender Management Server instance, its name and all
objects will appear in the tree menu on the left, while the dashboard will be displayed
on the right side of the management console window.
Management Console
Getting Started 31
The management console window consists of two panes. In the pane on the left, you
can see the tree menu containing the BitDefender Management Server instances you
are connected to and their related objects. The right pane displays the selected object
from the tree menu.
At the top of the window, you can see the classic MMC menu bar and toolbar.
7.3.1. Tree Menu

In the pane on the left, you can see the tree menu. The tree menu
consists of several containers, each container with its specific
objects.
The root container is BitDefender Management Console. If you
right-click it, a shortcut menu will appear. You can select:
Add server - to connect to an additional instance of

Disconnect all - to disconnect from all BitDefender
Management Server instances. Tree Menu
Under the root container, you can see all of the instances of
BitDefender Management Server you are connected to. If you right-click such an
instance, a shortcut menu will appear. The same options as on the Action menu are
available.
Each BitDefender Management Server instance in the tree menu contains the following
objects:
Computers Directory - contains the computers managed by BitDefender Management

Server and those automatically detected by BitDefender Management Server in the
broadcast domain.
Managed Computers - displays the computers managed by BitDefender
Management Server.
Unmanaged Computers - displays the detected network computers that are not
managed by BitDefender Management Server.
Excluded Computers - displays the network computers that will not be managed
by BitDefender Management Server.
Policies - allows managing the BitDefender client products installed on managed
computers.
Current Policies - displays current policies and allows managing them.
Create New Policy - displays policy templates and allows creating new policies.
Getting Started 32
WMI Scripts - allows performing administrative tasks on managed computers.

Current WMI Scripts - displays current WMI scripts and allows managing them.
Create New WMI Script - displays WMI script templates and allows creating new
WMI scripts.
Reporting Center - allows obtaining centralized reports regarding the network security
status.
Create New Report - allows creating new reports.
Activity Log - logs all operations of BitDefender Management Server, including error
codes and debug messages.
Server Activity - displays events regarding the activity of BitDefender Management
Server.
7.3.2. Menu Bar

The menu bar contains the menus provided by the MMC framework. You may be
interested in the following menus:
Action
Tools
Action Menu
The Action menu replicates the options available when you right-click the BitDefender
Management Server instance in the tree menu. The following options are available:
Option Description
Register to server Opens a window where you can type the IP address or
name of a master instance of BitDefender Management
Server that will manage this instance.
Disconnect Disconnects the management console from the
BitDefender Management Server instance.
Refresh Refreshes the BitDefender Management Server
dashboard.
Change password Opens a window where you can change the logon
password of the BitDefender Management Server
instance.
Help Opens the help file.
Getting Started 33
Tools Menu
The Tools menu allows access to the tools provided by BitDefender Management
Server. The following options are available:
Option Description
Deployment Tool Launches Deployment Tool.
Deployment Tool helps you automatically install, remove
or repair BitDefender products on remote network
computers. It also allows you to create unattended
installation packages for use on computers where
automatic deployment cannot be performed.
Network Builder Launches Network Builder.
Network Builder helps you easily organize the network
computers into a manageable structure and deploy
BitDefender Management Agent on selected computers.
Credentials Manager Opens Credentials Manager where you can save the
credentials used for authentication when deploying
BitDefender Management Agent on remote computers.
Auto Deployment Opens the Automatic Deployment configuration window.
Automatic Deployment allows BitDefender Management
Server to automatically deploy BitDefender Management
Agent and BitDefender Business Client on newly
detected computers.
Registration Opens the Registration Information window where you
can see the license status and register BitDefender
Management Server.
Note
If connected to more than one instance of BitDefender Management Server in the
management console, you must first select the specific instance to use these tools for.
7.4. Changing Logon Password

To change the logon password for a specific BitDefender Management Server instance,
right-click it in the tree menu and select Change Password. The following window
will open:
Getting Started 34
Change Password
You must fill in the following fields:
Old password - type in the old password.

New password - type in the new password.
Confirm password - type in the new password again.
Click OK to change the password.
Getting Started 35
8. Registration
BitDefender Management Server comes with a trial period of 30 days. During the trial
period, BitDefender Management Server can manage an unlimited number of
BitDefender Business Client products.
To see the registration status of a specific instance of BitDefender Management Server,
follow these steps:
1. In the tree menu, select the respective instance of BitDefender Management Server.
2. Click Tools and then Registration. A new window will appear.
Registration Information
You can see whether the BitDefender Management Server instance is a trial version
or a registered version. If it is a registered version, you can see the following
information:
the number of licensed BitDefender Business Client products that can be managed
by BitDefender Management Server.
the number of BitDefender Business Client products currently managed by
the number of days until the license expires.
Click OK to close the window.
Registration 36
8.1. Purchasing License Keys

License keys specify the number of instances of each BitDefender client product
BitDefender Management Server is allowed to manage.
To purchase a license key, go to the BitDefender website: www.bitdefender.com.
8.2. Registering BitDefender Management Server

In order to register the selected instance of BitDefender Management Server, click
Register. A new window will appear.
Registration
To register BitDefender Management Server, follow these steps:
1. Select Register this product.

2. Provide the license key in the edit field.
3. Click Finish.
You can see the new information regarding your license in the Registration
Information window .
Registration 37
9. Dashboard
Each time you connect to an instance of BitDefender Management Server through
the management console or click, in the tree menu, the name of such instance, a
status pane is displayed. This status pane is referred to as the dashboard.
Dashboard
The dashboard provides you with useful information on the status of the BitDefender
Management Server instance and of its client products and helps you easily solve the
issues that require your attention. You should check the dashboard frequently in order
to quickly identify and solve the issues affecting BitDefender Management Server or
the network security.
Status Buttons. At the top of the pane, you can see the status buttons:
Management Server Status

Business Clients Status
The status buttons change their color depending on the existing issues.
Dashboard 38
Green status buttons indicate that no issue requires your attention.

Yellow status buttons indicate the existence of issues that pose medium security
risks.
Red status buttons indicate the existence of issues that pose high security risks.
The status buttons will turn to green when you fix the related issues, but they will go
back to yellow or red whenever you forget to do important tasks or a new issue appears.
For example, if you do not update BitDefender Business Client regularly, the Business
Clients Status button will turn to red. In the same way, if you deploy BitDefender
Management Agent on a computer without moving it into a specific group or you forget
to change the default password, the Management Server Status button will turn to
yellow.
Issues List. The issues are displayed under the status buttons in a systematically
organized list. Click a specific status button to see the related issues, if any.
Note
By default, the status pane displays the issues concerning BitDefender Management
Server.
Click to see more information about an issue and instructions on how to quickly fix
it. To hide the details, click .
Follow the instructions provided in order to fix the respective issue.
9.1. Management Server Status

A yellow or red Management Server Status button indicates BitDefender Management
Server-related issues that require your attention. Click the button to see the respective
issues.
Follow the instructions provided in order to fix the issues.
9.2. Business Clients Status

A yellow or red Business Clients Status button indicates BitDefender Business
Client-related issues that require your attention. Click the button to see the respective
issues.
Follow the instructions provided in order to fix the issues.
Dashboard 39
10. Computers Directory

Computers Directory contains the network computers managed by BitDefender
Management Server and other computers within the same subnet.
BitDefender Management Server automatically detects all online network devices
within the broadcast domain that have a configured network interface. Most of these
detected devices are computers; however, management switches and router interfaces
are also detected.
The network computers are organized into three main groups:
Managed Computers - contains the computers managed by BitDefender

Management Server, namely those on which BitDefender Management Agent has
already been installed. One or more BitDefender client products may also be installed
on these computers.
Note
Computers will be referred to as managed or under the management of BitDefender
Management Server if they have BitDefender Management Agent installed.
Unmanaged Computers - contains the detected network computers on which

BitDefender Management Agent has not been deployed yet and which have not
been excluded from the management of BitDefender Management Server.
Note
The first time you connect to a server, you will find all detected network computers
in this group.
Excluded Computers - contains the network computers which are not monitored at
all by BitDefender Management Server. In this group you can find all network
computers excluded from the Unmanaged Computers or Managed Computers
group.
Computers Directory 40
10.1. Managed Computers

The Managed Computers group contains all the computers managed by BitDefender
Management Server. BitDefender Management Agent was previously deployed on
these computers.
To display this group, do one of the following:
In the tree menu, go to Computers Directory > Managed Computers.

In the Computers Directory pane, click the corresponding link.
Managed Computers
Here you can find the computers managed by BitDefender Management Server.
In the tree menu, you can see all the groups contained by the Managed Computers
group.
10.1.1. Viewing All Managed Computers

To view all managed computers, just click Show all clients.
All Managed Computers
You can see all the computers managed by BitDefender Management Server listed
in the table. The table columns provide you with useful information about the listed
computers:
Computer Name - the name of the computer.
Note
If No Name is displayed under this column, the respective computer may be a
management switch or a router interface.
Description - the computer description.

IP Address - the IP address of the detected computer.
Activity - the last time the computer was detected.
Note
It is important to monitor the Activity field as long inactivity periods might indicate
that the computer is disconnected.
You can hide all managed computers by clicking the corresponding link.
10.1.2. Group Shortcut Menu

If you right-click the group in the tree menu, a shortcut menu will
appear. You can select:
Refresh - to refresh the Managed Computers pane.

Create Group - to create a new group inside the Managed
Computers group.
Assign Policy - to assign a policy to all managed computers.
View Policies - to view the policies assigned to all managed
computers. Group Menu
View > Add/Remove Columns - to manage the displayed

columns.
Paste - to paste a group inside the Managed Computers group.
Export List - to export the computer list.
Help - to open the contextual help.
Note
If Managed Computers is not the currently open pane, only Refresh, Paste and Help
will appear on the menu.
These options will be discussed in the following topics.
10.1.3. Computer Groups

You can organize managed computers by creating specific groups according to the
structure of your organization. In the tree menu, you can see all the groups included
in the Managed Computers group.
Initially, managed computers are placed in a default group, called Not Grouped. To
display this group, click Not Grouped in the tree menu.
Not Grouped Computers
You can see the managed computers which have not yet been placed in a specific
group.
Different from the custom groups, you cannot rename or delete this group. You cannot
create a new sub-group or move an existing group in this group either.
Creating Groups
To create a new sub-group in the Managed Computers group or in a custom group,
follow these steps:
1. Right-click the group into which the new sub-group is to be included and select
Create group. A new group (named New Group) will appear under the parent
group in the tree menu.
2. Rename the newly created group.
Renaming Groups
To rename a group, right-click it, select Rename and type the new name.
Moving Groups
To move a sub-group from one group to another, follow these steps:
1. Right-click the sub-group you want to move and select Cut.

2. Right-click the group into which the sub-group is to be moved and select Paste.
If you are reorganizing the Managed Computers group, we recommend that you use
the Network Builder.
Deleting Groups
To delete a specific group, right-click it and select Delete. You will have to confirm
your action by clicking Yes.
10.1.4. Refreshing Computer List

To refresh the computer list, either press the F5 key or right-click the group in the tree
menu and select Refresh from the shortcut menu.
10.1.5. Sorting through Computer List

You can sort computers by:
name;
description;
IP address;
the time when they were last detected.
To sort computers by one of the previously mentioned criteria, just click the
corresponding column heading in the table.
For example, if you want to order computers by name click the Computer Name
heading. If you click the heading again, the computers will be displayed in reverse
order.
10.1.6. Searching for Computers

You can easily find a specific computer by its name using the keyboard. First, select
a computer from the table and then press the key corresponding to the first letter of
the computer name until the respective computer is displayed.
Another method to find a specific computer is to sort through the computer list and
scroll up or down in the list to find the respective computer. In this way, you can search
for computers using various criteria, such as name, IP address or activity.
10.1.7. Assigning Policies

You can assign policies to specific clients or to entire client groups (even to the entire
Managed Computers group).
To assign a policy to a specific client, right-click it and select Assign policy. To assign
a policy to an entire client group, right-click the respective group in the tree menu and
select Assign policy. In both cases, a new pane will be displayed.
Assigning Policies
You can choose to assign an existing policy or to create and assign a new policy.
Assigning an Existing Policy

To assign an existing policy, follow these steps:
1. Choose Select and assign an existing policy.

2. Click the specified link to see the current policies.
3. Right-click the policy you want to assign and select Assign policy.
Assigning a New Policy

To create and assign a new policy, follow these steps:
1. Choose Create and assign a new policy.

2. Select a template category to see all available templates for a specific BitDefender
product. The following template categories are available:
BitDefender Management Server Templates
BitDefender Business Client Templates
3. Right-click the policy template you want to use and select Create policy.
Note
For more information, please refer to Policy Templates (p. 138).
10.1.8. Viewing Current Policies

You can view all the policies assigned to specific clients or client groups.
To view the policies assigned to a specific client, right-click it and select View policies.
To view the policies assigned to a specific client group, right-click the respective group
in the tree menu and select View policies. In both cases, a new pane will open and
it will display the current policies.
10.1.9. Getting Computer Details

You can easily get information about a specific computer.
Right-click the computer and select More details to find out information about the
system and the status of BitDefender Management Agent.
10.1.10. Switching between Restricted and Power User

BitDefender Business Client can operate in two modes: restricted user and power
user.
In the restricted user mode, the user cannot configure the product, but only perform
basic tasks, such as launching a default scan task, updating BitDefender or backing
up data. In the power user mode, the user has full control over BitDefender Business
Client.
By default, after deployment, BitDefender Business Client will operate in the restricted
user mode. If you want the BitDefender Business Client installed on a specific computer
to operate in the power user mode, right-click the respective client in the list and select
Switch to power desktop. To go back to the restricted user mode, just right-click the
client again and select Switch to restricted desktop.
Note
Switching to the other operating mode of BitDefender Business Client will require a
system restart on the target computer. You can use a WMI script to automatically restart
managed computers.
10.1.11. Deleting Computers from Table

You can delete any computer listed in the table. In this way, you can remove from the
database the computers that are no longer part of the network.
To delete a computer from the database, right-click it and select Delete from the menu.
You will have to confirm your action by clicking Yes.
To delete several computers from the database, select them, right-click the selection
and then select Delete items from the menu. You will have to confirm your action by
clicking Yes.
Note
If you delete a managed computer while it is still connected to the network, BitDefender
will eventually detect its activity and restore it in the Managed Computers > Not
Grouped group.
10.1.12. Excluding Computers from Management

To exclude a computer from management, just right-click it and select Exclude from
the menu. You will have to confirm your action by clicking Yes.
To exclude several computers from management, select them, right-click the selection
and then select Exclude items from the menu. You will have to confirm your action
by clicking Yes.
Note
The excluded computers will be moved in the Excluded Computers group.
10.1.13. Changing Displayed Information

You can change the displayed information by adding or removing columns from the
table or by changing their order.
Note
By default, all available columns are displayed. Their default order is the following:
1. Computer Name
2. Description
3. IP Address
4. Activity
In the tree menu, right-click the group, then point to View and select Add/Remove
Columns. A new window will appear allowing you to manage the displayed columns.
Changing Displayed Information
You can see the columns that are not displayed (Available columns) and the currently
displayed columns (Displayed columns).
If you do not want a specific column to be displayed anymore, select it from the
displayed columns and click Remove To display a column not currently displayed,
select it from the available columns and click Add.
To change the order in which columns are displayed, select a column and use the
Move Up and Move Down buttons to change its priority.
To apply the default configuration, click Restore Defaults.
Click OK to save the changes and close the window.
10.1.14. Exporting Computer List

You can export the list of the computers in the group to a txt or csv file, in either
plain text or Unicode text.
Note
This is very useful if you need printed statistics.
To export the entire computer list, follow these steps:
1. In the tree menu, right-click the group.

2. Select Export list from the shortcut menu. A new window will appear.
3. Save the file under the desired name and type.
To export only a list of selected computers, follow these steps:
1. Select the desired computers.

4. Check Save Only Selected Rows.
10.2. Unmanaged Computers

The Unmanaged Computers group contains the detected network computers on which
BitDefender Management Agent has not yet been deployed and which have not been
excluded from the management of BitDefender Management Server.
Note
The first time you connect to an instance of BitDefender Management Server, you will
find all detected network computers in this group.
In the tree menu, go to Computers Directory > Unmanaged Computers.

Unmanaged Computers
You can see the unmanaged computers listed in the table. The table columns provide
you with useful information about the listed computers:
Note

IP Address - the IP address of the computer.
Deployment Status - the deployment status, when deploying BitDefender
Management Agent on the remote computer.
Note

Refresh - to refresh the Unmanaged Computers pane.

columns.
Group Menu
Help - to open the contextual help.
Note
If Unmanaged Computers is not the currently open pane, only Refresh and Help will
appear on the menu.


name;
description;
IP address;
deployment status;
order.

10.2.5. Deploying BitDefender Management Agent

In order to manage a remote computer using BitDefender Management Server, you
must first deploy BitDefender Management Agent on the respective computer. You
can do that directly from the Unmanaged Computers group.
Note
When deploying BitDefender Management Agent in the network for the first time, it is
recommended to use Network Builder. To automatically deploy BitDefender Management
Agent on newly detected computers, use Automatic Deployment.
To deploy BitDefender Management Agent on a specific computer, just right-click it

and select Deploy on this computer. To deploy BitDefender Management Agent
simultaneously on several computers, select them, right-click the selection and then
select Deploy on these items. In both situations, a new window will appear, allowing
you to configure the deployment options and initiate the deployment process.
Deployment Options
To configure and initiate the deployment of BitDefender Management Agent, follow

these steps:
Step 1/5 - Configure General Options

You can specify the deployment behavior on the remote computer using the options
in the General Options category.
Check Notify user before and after deploying the agent if you want the user logged
on the remote computer to be briefly informed about the deployment process. Two
dialogs will appear on the user's screen, before and after the deployment process.
Check Install agent without user interface if you want the deployment process to
be performed silently in the background. If you do not check this option, the Windows
Installer interface will appear on the user's screen.
Step 2/5 - Provide Administrative Credentials

In order to remotely deploy BitDefender Management Agent, BitDefender Management
Server requires administrative credentials to authenticate on the remote computer.
Use Credentials Manager to manage these credentials. To open the Credentials
Manager window, click the provided link.
Note
For more information, please refer to Credentials Manager (p. 98).
Step 3/5 - Specify Restart Method

Usually, after deploying BitDefender Management Agent, the remote computer must
be restarted. By default, the user will be prompted for restart, if necessary.
To specify how to restart the remote computer, select one of the options in the Restart
Options category. If you select:
Do not restart after the installation is completed - the remote computer will not
be restarted once the installation is completed, even if necessary. BitDefender will
wait for a user to restart the computer.
Prompt the user for restart if necessary - the user whose credentials are used
for authentication on the remote computer will be prompted to restart the computer,
if necessary.
Note
The user must confirm or suspend computer restart within 30 seconds, otherwise
the remote computer will be restarted automatically.
Always restart the computer after installation - the remote computer is restarted
immediately after the installation is completed, without alerting the user.
Step 4/5 - Specify Management Server

By default, BitDefender Management Agent will be managed by the specific instance
of BitDefender Management Server that deploys it.
If you want BitDefender Management Agent to be managed by another instance of
BitDefender Management Server, provide the name or IP address of the computer it
is installed on in the corresponding field.
Step 5/5 - Start Deployment

Click Start Deployment to initiate the deployment process. You can see the
deployment status in the Deployment Status field.
10.2.6. Excluding Computers from Management

If you do not want specific computers to be managed by BitDefender Management
Server, you just have to exclude them from management. For example, you might
want to exclude your own computer, the computers of your IT team or the computers
of the Quality Assurance team.
You should also exclude:
1. the router interfaces and management switches detected by BitDefender

Management Server in the broadcast domain.
You should make a list of such devices in your network, find them in the Unmanaged
Computers group and exclude them.
2. the computers on which BitDefender Management Server is installed.
Note
BitDefender recommends that you do not deploy BitDefender Management Agent
on the computers on which BitDefender Management Server is installed.
To exclude a computer from management, just right-click it and select Exclude from
the menu. You will have to confirm your action by clicking Yes.
To exclude several computers from management, select them, right-click the selection
and then select Exclude items from the menu. You will have to confirm your action
by clicking Yes.
Note
The excluded computers will be moved in the Excluded Computers group.

clicking Yes.
Note
If you delete an unmanaged computer while it is still connected to the network,
BitDefender will eventually detect its activity and restore it in the Unmanaged Computers
group.

Note
1. Computer Name
2. Description
3. IP Address
4. Deployment Status
5. Activity

Note


10.3. Excluded Computers

The Excluded Computers group contains the network computers that were excluded
from the management of BitDefender Management Server. These computers are not
monitored at all by BitDefender Management Server.
Note
Computers can be excluded both from the Unmanaged Computers and from the
Managed Computers group. As a rule, exclude the management switches and router
interfaces automatically detected by BitDefender in the broadcast domain as well as

the computers that you do not want to be managed by BitDefender Management Server.
In the tree menu, go to Computers Directory > Excluded Computers.

Excluded Computers
You can see the excluded computers listed in the table. The table columns provide
you with useful information about the listed computers:
Note
IP Address - the IP address of the detected computer.

Note

Refresh - to refresh the Excluded Computers pane.

columns.
Help - to open the contextual help. Group Menu
Note
If Excluded Computers is not the currently open pane, only Refresh and Help will
appear on the menu.


name;
description;
IP address;
order.


clicking Yes.
Note
If you delete a computer while it is still connected to the network, BitDefender will
eventually detect its activity. The following situations may occur:
If BitDefender Management Agent is installed on the computer, then the computer

will appear in the Managed Computers > Not Grouped group.
Otherwise, the computer will appear in the Unmanaged Computers group.
10.3.6. Restoring Excluded Computers

You cannot directly restore an excluded computer to its original group.
The only method that you can use to restore an excluded computer is to delete it from
the table. This works however only for the main groups. If the computer was excluded
from a sub-group within the Managed Computers group, after BitDefender Management
Agent contacts the server, the respective computer will be placed in the Not Grouped
group.
Note
For more information, please refer to Deleting Computers from Table (p. 61).

Note
1. Computer Name
2. Description
3. IP Address
4. Activity

Note


11. Policies
BitDefender client products are administered remotely through policies. A policy defines
a set of security rules a client computer must comply with.
Policies are sent by BitDefender Management Server to BitDefender Management
Agent, which applies them to the local BitDefender client product. Once a policy has
been successfully transmitted to BitDefender Management Agent, it will be applied to
the local BitDefender client product no matter if communication with BitDefender
Management Server fails.
Policies can be assigned to individual clients or to entire groups of clients.
11.1. New Policies

New policies are created based on policy templates. A policy template contains a
predefined set of options that allow you to configure BitDefender Management Server
or a specific feature of a BitDefender client product. Policy templates are product
dependent, meaning that you can use them to create policies only for a specific product.
You can create and assign new policies, and also manage the policy templates, in
the Create New Policy pane. To display this pane, do one of the following:
In the tree menu, go to Policies > Create New Policy.

In the Policies pane, click the corresponding link.
Policies 64
Create New Policy Pane
You can see the available categories of policy templates and the policy templates of
the selected category. Policy templates are grouped based on products:
BitDefender Management Server Templates

BitDefender Business Client Templates
Note
For detailed information on the options of each template and how to configure them,
please refer to Policy Templates (p. 138).
11.1.1. Managing Policy Templates

The policy templates can be managed using options from the shortcut menu. You can:
view template settings.

edit template settings.
rename templates.
Policies 65
change template description.

create new templates based on the default templates.
delete templates.
Note
The default templates cannot be edited, renamed or given a new description. In order
to have fully customizable templates, duplicate the default templates and then delete
them. All duplicates are fully customizable.
Viewing Template Settings

To view the settings of a template, right-click it and select View settings. The template
settings will be displayed in a new pane.
Example. The following figure shows how the settings of a template (the Advanced
Settings template) are displayed.
Advanced Settings
You can see the template name and how its settings are configured.
Note
For detailed information on the options of each default template, please refer to Policy
Templates (p. 138).
Click Close to return to the previous pane.
Policies 66
Editing Template Settings

To edit the settings of a template, right-click it and select Edit settings. A new pane
will be displayed for you to be able to modify the template settings.
Example. The following figure represents the configuration pane of the Firewall
Settings template.
Firewall Settings Template
At the top of each template pane, you can see the template name and a short
description. Below, you can find the template settings grouped into sections.
Click to expand a section and see all configurable settings. To collapse a section
and hide all settings, click .
Make the desired changes by selecting new settings or providing other parameters.
Note
For detailed information on the options of each default template and how to configure
them, please refer to Policy Templates (p. 138).
Click Finish to save the changes and return to the previous pane. If you want to go
back without saving any changes, click Cancel.
Policies 67
Renaming Templates
To rename a template, follow these steps:
1. Right-click the template and select Change name.

2. Type a new name in the edit field.
3. Press ENTER.
Changing Template Description

To change the description given of a template, follow these steps:
1. Right-click the template and select Change description.

2. Type a new description in the edit field.
3. Press ENTER.
Creating New Templates

You can create new policy templates based on the existing templates. To create a
new template, follow these steps:
1. Right-click the policy template based on which the new template is to be created
and select Duplicate. A copy of the selected template will appear in the table.
2. Edit the settings of the new template according to your needs.
3. Rename the template to reflect its purpose.
4. Modify the template description to reflect its settings.
Deleting Templates
To delete a template, right-click it and select Delete. You will have to confirm your
action by clicking Yes.
Important
Please note that all policies created based on the deleted template will also be removed.
Policies 68
11.1.2. Creating New Policies

You can create new policies using the provided policy templates and your own
customized policy templates. To create and assign a new policy, follow these steps:
1. Right-click the policy template based on which the new policy is to be created and
select Create policy. The template's pane will be displayed in order for you to be
able to modify the template settings.
2. Configure the policy by editing the template settings.
Note
3. Click Finish. A new pane will be displayed in order for you to be able to assign the
policy.
4. Select the location where clients or groups are to be searched in order to be
assigned the policy. You can select Network Computer to search in the Managed
Computers group or Network User to search in Active Directory.
5. Select the computer, group or domain user to assign the policy to.
6. Select the schedule according to which the policy should run. You can choose from
the menu to run the policy one time only, every minute, hour, day or week. You can
also specify a start and an end time by selecting the corresponding options and
configuring the time from the menus.
7. Click the provided link to assign the policy. The new policy will appear in the Current
Policies pane.
Important
When you assign a new firewall policy to a client, all of the existing firewall rules (created
through the previously assigned policy, through the firewall alerts or by the local users)
are overwritten. If you do not want the rules created through the previously assigned
policy to be lost, you must edit the respective policy as needed (by adding, modifying
or removing rules) and assign it, if not scheduled.
11.2. Current Policies

You can see and manage the active policies in the Current Policies pane. To display
this pane, do one of the following:
Policies 69
In the tree menu, go to Policies > Current Policies.

In the Policies pane, click the corresponding link.
Current Policies Pane
You can see the available categories of policies and the policies of the selected
category. The current policies are grouped based on products:
BitDefender Management Server Policies

BitDefender Business Client Policies
Note
11.2.1. Managing Policies

Policies can be managed using options from the shortcut menu. You can:
Policies 70
view policy settings.

edit policy settings.
rename policies.
change policy description.
create new policies based on the current policies.
delete policies.
Viewing Policy Settings

To view the settings of a specific policy, right-click it and select View settings. The
settings will be displayed in a new pane.
You can see the policy name and how its settings are configured.
Note
A policy allows configuring the same settings as the template based on which it was
created. For detailed information on the options of each template, please refer to Policy
Templates (p. 138).
Click Close to return to the previous pane.

To edit the settings of a specific policy, right-click it and select Edit settings. A new
pane, where you can modify the policy settings, will be displayed.
Example. The following figure represents the configuration pane of a Scan Policy
policy.
Policies 71
Scan Policy
At the top of each policy pane, you can see the policy name and a short description.
Below, you can find the policy settings grouped into sections.
Make the desired changes by selecting new settings or providing other parametres.
Note
A policy allows configuring the same settings as the template based on which it was
created. For detailed information on the options of each template, please refer to Policy
Templates (p. 138).
Click Finish to save the changes and return to the previous pane. If you want to go
back without saving any changes, click Cancel.
Renaming Policies
To rename a policy, follow these steps:
1. Right-click the policy and select Change name.

Policies 72
3. Press ENTER.
Changing Policy Description

To change the description of a policy, follow these steps:
1. Right-click the policy and select Change description.

3. Press ENTER.
Creating New Policies

You can create new policies based on the current policies. To create a new policy,
follow these steps:
1. Right-click the current policy based on which the new policy is to be created and
select Duplicate. A copy of the selected policy will appear in the table.
2. Edit the settings of the new policy according to your needs.
3. Rename the policy to reflect its purpose.
4. Modify the policy description to reflect its settings.
Deleting Policies
To delete a policy, right-click it and select Delete. You will have to confirm your action
by clicking Yes.
Important
Please note that all policies created based on the deleted policy will also be removed.
11.2.2. Enabling/Disabling Policies

To disable an active policy, right-click it and select Disable.
To activate a disabled policy, right-click it and select Enable.
11.2.3. Assigning Policies

To assign a policy to remote clients, follow these steps:
Policies 73
1. Right-click the policy and select Assign policy. A new pane will be displayed in
order for you to be able to assign the policy.
assigned the policy. You can select Network Computer to search in the Managed
Computers group or Network User to search in Active Directory.
3. Select the computer, group or domain user to assign the policy to.
4. Select the schedule according to which the policy should run. You can choose from
the menu to run the policy one time only, every minute, hour, day or week. You can
also specify a start and an end time by selecting the corresponding options and
configuring the time from the menus.
5. Click the provided link to assign the policy.
Important
11.2.4. Monitoring Policies

To monitor a policy, right-click it and select More details. Information about the policy
will be displayed in a new section under the table where policies are listed.
The section contains three tabs:
Settings
Assigned To
Clients
Settings Tab
Click the Settings tab to see the settings of the selected policy.
Assigned To Tab
Click the Assigned to tab to see the clients that are assigned the selected policy.
You can see the name of the assigned clients, their IP addresses and the policy
schedule.
Policies 74
If you do not want the policy to be assigned anymore, just click Remove. All policy
responses will be deleted as well as the assigned clients.
If the policy is not assigned to any client, an Assign button is available. Click this
button to assign the policy to specific clients.
Clients Tab
Click the Clients tab to see the results of the selected policy on each assigned client.
You must click Show all responses to see the results.
Policies 75
12. WMI Scripts

This chapter presents the WMI-based scripts implemented in BitDefender Management
Server and how to use them in order to extend the centralized security administration
provided by policies.
Windows Management Instrumentation (WMI) is the Microsoft implementation of
Web-Based Enterprise Management (WBEM), an initiative to establish standards for
accessing and sharing management information over an enterprise network. WMI is
WBEM-compliant and provides integrated support for Common Information Model
(CIM), the data model that describes the objects that exist in a management
environment.
BitDefender Management Server comes with a series of useful WMI-based scripts
that integrate with the BitDefender policy technology in order to facilitate administrative
control over the network. You can run these WMI scripts on remote network computers
managed by BitDefender Management Server, in order to:
find out useful information about the network computers, such as system information,
installed software, startup programs, free disk space and so on.
remove software installed on the network computers.
kill specific processes running on the network computers.
restart or shutdown the network computers.
log off the user logged on the network computers.
12.1. New WMI Scripts

New WMI scripts are created based on WMI script templates. A WMI script template
allows creating a script that you can assign to managed computers in order to find out
useful information about them or perform a specific administrative task.
You can create and assign new WMI scripts in the Create New WMI Script pane. To
display this pane, do one of the following:
In the tree menu, go to WMI Scripts > Create New WMI Script.
In the WMI Scripts pane, click the corresponding link.
WMI Scripts 76
Create New WMI Scripts Pane
You can see the available WMI script templates.
12.1.1. Managing WMI Script Templates

The WMI script templates can be managed using options from the shortcut menu.
You can:

rename templates.
change template description.
create new templates based on the default templates.
delete templates.
WMI Scripts 77
Note
The default templates cannot be edited, renamed or given a new description. In order
to have fully customizable templates, duplicate the default templates and then delete
them. All duplicates are fully customizable.
Viewing Template Settings

Only WMI script templates created based on the default templates listed below have
configurable settings:
Remove software
Kill process
To view the settings of a template, right-click it and select View settings. The template
settings will be displayed in a new pane. Click Close to return to the previous pane.

Only WMI script templates created based on the default templates listed below have
configurable settings:
Remove software
Kill process
To edit the settings of a custom Remove software WMI script template, follow these
steps:
1. Right-click the template and select Edit settings. A new pane will be displayed.
2. In the edit field, type the name of the software you want to be removed.
3. Click Finish to save the changes and return to the previous pane.
To edit the settings of a custom Kill process WMI script template, follow these steps:
1. Right-click the template and select Edit settings. A new pane will be displayed.
2. In the edit field, type the name of the process you want to be stopped.
Renaming Templates
To rename a template, follow these steps:
WMI Scripts 78
1. Right-click the template and select Change name.

3. Press ENTER.
Changing Template Description

To change the description given of a template, follow these steps:
1. Right-click the template and select Change description.

3. Press ENTER.
Creating New Templates

You can create new WMI script templates based on the existing templates. To create
a new template, follow these steps:
1. Right-click the WMI script template based on which the new template is to be created
and select Duplicate. A copy of the selected template will appear in the table.
2. Edit the settings of the new template according to your needs.
3. Rename the template to reflect its purpose.
4. Modify the template description to reflect its settings.
Deleting Templates
To delete a template, right-click it and select Delete. You will have to confirm your
Important
Please note that all WMI scripts created based on the deleted template will also be
removed.
12.1.2. Creating New WMI Scripts

You can create new WMI scripts using the provided WMI script templates and your
own customized WMI script templates. To create and assign a new WMI script, follow
these steps:
WMI Scripts 79
1. Right-click the WMI script template based on which the new WMI script is to be
created and select Create WMI script. A new pane will be displayed.
2. Configure the WMI script by providing the required parameters, if any, and click
Finish.
Note
Only the WMI script templates listed below and their duplicates have configurable
settings:
Remove software
Kill process

assigned the WMI script.
You can select Network Computer to search in the Managed Computers group
or Network User to search in Active Directory.
4. Select the computer, group or domain user to assign the WMI script to.
5. Select the schedule according to which the WMI script should run.
You can choose from the menu to run the WMI script one time only, every minute,
hour, day or week. You can also specify a start and an end time by selecting the
corresponding options and configuring the time from the menus.
6. Click the provided link to assign the WMI script. The new WMI script will appear in
the Current WMI Scripts pane.
12.2. Current WMI Scripts

You can see and manage the active WMI scripts in the Current WMI Scripts pane. To
display this pane, do one of the following:
In the tree menu, go to WMI Scripts > Current WMI Scripts.

In the WMI Scripts pane, click the corresponding link.
WMI Scripts 80
Current WMI Scripts Pane
You can see the active WMI scripts. You can run these scripts in order to find out
more information about the managed computers and to perform administrative tasks.
12.2.1. Managing WMI Scripts

WMI scripts can be managed using options from the shortcut menu. You can:

rename WMI scripts.
change WMI script description.
create new WMI scripts based on the current WMI scripts.
delete WMI scripts.
Viewing WMI Script Settings

Only WMI scripts created based on the templates listed below or on their duplicates
have configurable settings:
WMI Scripts 81
Remove software
Kill process
To view the settings contained by a template, right-click it and select View settings.
The template settings will be displayed in a new pane. Click Close to return to the
previous pane.

Remove software
Kill process
To edit the settings of a Remove software WMI script, follow these steps:
1. Right-click the WMI script and select Edit settings. A new pane will be displayed.
2. In the edit field, type the name of the software you want to be removed.
To edit the settings of a Kill process WMI script, follow these steps:
1. Right-click the WMI script and select Edit settings. A new pane will be displayed.
2. In the edit field, type the name of the process you want to be stopped.
Renaming WMI Scripts

To rename a WMI script, follow these steps:
1. Right-click the WMI script and select Change name.

3. Press ENTER.
Changing WMI Script Description

To change the description of a WMI script, follow these steps:
1. Right-click the WMI script and select Change description.
WMI Scripts 82

3. Press ENTER.
Creating New WMI Scripts

You can create new WMI scripts based on the current WMI scripts. To create a new
WMI script, follow these steps:
1. Right-click the current WMI script based on which the new WMI scripts is to be
created and select Duplicate. A copy of the selected WMI script will appear in the
table.
2. Edit the settings of the new WMI script, if any, according to your needs.
3. Rename the WMI script to reflect its purpose.
4. Modify the WMI script description to reflect its purpose.
Deleting WMI Scripts

To delete a WMI script, right-click it and select Delete. You will have to confirm your
Important
Please note that all WMI scripts created based on the deleted WMI script will also be
removed.
12.2.2. Enabling/Disabling WMI Scripts

To disable an active WMI script, right-click it and select Disable.
Note
When disabled, a WMI script cannot be executed on the assigned clients.
To activate a disabled WMI script, right-click it and select Enable.
12.2.3. Checking Results

To check the results of an assigned WMI script, right-click it and select More details.
Information about the respective WMI script will be displayed in a new section under
the table where WMI scripts are listed.
The section contains three tabs:
WMI Scripts 83
Settings
Assigned To
Clients
Settings Tab
Click the Settings tab to see the settings of the selected WMI script.
Note
Remove software
Kill process
Assigned To Tab
Click the Assigned to tab to see the clients the selected WMI script is assigned to.
You can see the name of the respective clients, their IP addresses and the schedule
based on which the WMI script is executed.
If you do not want the WMI script to run on any client anymore, just click Remove. All
data in the Assigned to and the Clients tabs will be deleted.
If the WMI script is not assigned to any client, an Assign button will be available. Click
this button to assign the WMI script to run on specific clients.
Clients Tab
Click the Clients tab to see the results of the selected WMI script for each client it
was assigned to. You must click Show all responses to see the results.
WMI Scripts 84
13. Reporting Center

Reporting Center allows you to create centralized reports on the security status of the
network computers managed by BitDefender Management Server. In this way, from
a single report, you can find out:
information about the malware activity on all managed computers.

the status of the BitDefender client products.
which BitDefender client products are not up to date.
Reports are created using the Crystal Reports technology, based on report templates
and information existing in the BitDefender Management Server's database. They
provide you with:
statistical data regarding all managed computers.

detailed information for each managed computer or BitDefender client product.
The information is presented as easy-to-read pie charts, tables and graphics, allowing
you to quickly check the network security status and identify security issues.
The reports created are not automatically saved on the disk. However, you can print
them or save them in various formats, such as .doc or .pdf.
13.1. Creating Reports

You can create and manage reports in the Create New Report pane. To display this
pane, do one of the following:
In the tree menu, go to Reporting Center > Create New Report.

In the Reporting Center pane, click the link provided.
Reporting Center 85
Create New Report Pane
You can see the report templates that you can use to create reports. The following
report templates are available:
Report Description
Product Update Report Provides you with information on the update status of
all of the BitDefender client products managed by
Malware Activity Report Provides you with information regarding the malware
activity on the computers managed by BitDefender
Management Server during a specified time interval.
BitDefender Business Provides you with information on the status of the
Client Status Report BitDefender Business Client products managed by
To create a report, follow these steps:
Reporting Center 86
1. Right-click the report you want to create and select Create report. A new pane will
be displayed.
2. Select the BitDefender Management Server instance to create the report for.
3. For malware activity reports, specify the time interval to be covered in the report.
4. Click the provided link in order to create the report.
Note
The time required for reports to be created may vary depending on the number of
managed computers or of BitDefender client products. Please wait for the requested
report to be created.
13.2. Viewing Reports

The reports created are displayed in the Create New Report pane.
Report Sample
Reporting Center 87
At the top of the first report page, you can see the report name, date and, for malware
activity reports, the period it covers. The first page provides you with statistical data
(pie charts and graphics) for all network computers managed by BitDefender
Management Server. There follows detailed information on each managed computer.
13.2.1. Exporting Reports

The reports created are not automatically saved on the disk. To save the information
they contain, you can export reports in one of the following file formats:
Crystal Reports (.rpt)

Adobe Acrobat (.pdf)
Microsoft Excel (.xls)
Microsoft Excel Data Only (.xls)
Microsoft Word (.doc)
Rich Text Format (.rtf)
To export a report, click the Export Report button and save the file under the
desired name and format.
13.2.2. Printing Reports

To print a report, just click the Print Report button.
13.2.3. Refreshing Reports

To update the report data, just click the Refresh button.
13.2.4. Navigating in Reports

Several buttons in the toolbar allow you to easily navigate in reports:
Go to First Page
Go to Previous Page
Go to Next Page
Go to Last Page
Go to Page
Reporting Center 88
13.2.5. Searching Keywords in Reports

To search through a report for a specific keyword, follow these steps:
1. Click the Find Text button. A dialog will appear.

2. Type the keyword you want to search the report for.
3. Click Find Next to see the results.
13.2.6. Changing Zooming Factor

To change the zooming factor, click the Zoom button and select one of the
available options. If the desired zooming factor is not on the list, select Customize
and specify it.
Reporting Center 89
14. Activity Log

BitDefender Management Server logs all its operations and actions, including error
codes and messages.
14.1. Examining Server Activity

You can examine the records of the activity log in the Server Activity pane. To display
this pane, do one of the following:
In the tree menu, go to Activity Log > Server Activity Log.

In the Activity Log pane, click the link provided.
Note
We recommend checking Server Activity in case BitDefender Management Server does
not function properly.
Server Activity Pane
Activity Log 90
You can see in the table the recorded events that match the selected verbosity level.
The table columns provide you with useful information about the listed events:
Level - the event type, which is related to the verbosity level. Depending on the
verbosity level, all or only specific types of events are displayed in the Server Activity
pane. There are three levels:
1 Indicates an error that occurred during the operation of BitDefender
Management Server.
2 Indicates a warning.
3 Indicates a successful operation.
Date\Time - the moment when the event occurred.
Source - the machine the event took place on.
User - the user account under which the event occurred.
Operation - the operation that caused the event.
Message - the debug message, if any. The debug message offers additional
information about the event.
If you want the management console to automatically check for new events every
second, select Autorefresh. You will also be able to select Autoscroll to automatically
scroll down and keep visible the last added event.
14.1.1. Setting Verbosity Level

The verbosity level allows you to choose what type of events recorded in the activity
log should be displayed in the Server Activity pane.
Select the desired verbosity level from the menu. The following options are available:
Verbosity level Description

Minimum (errors) Only errors (level 1 events) are displayed.
Intermediate (operations) Errors (level 1 events) and warnings (level 2 events) are
displayed.
Full (all relevant actions) All recorded events are displayed.
Activity Log 91
14.1.2. Sorting Events

To easily identify problems and monitor the BitDefender Management Server activity,
you can sort events by:
verbosity level (importance);

date/time;
source;
user;
message.
To sort events by any of these criteria, just click the corresponding column heading
in the table.
14.1.3. Deleting Records

To delete the records in the activity log, click Clear log.
Note
The activity log has a maximum size limit of 10MB. Once the size limit has been reached,
the oldest events will be overwritten as new events occur.
Activity Log 92
15. Tools
BitDefender Management Server comes with several built-in tools that provide:
manual deployment of BitDefender Management Server, BitDefender Management

Agent or BitDefender clients over the network.
automatic deployment of BitDefender Management Server and BitDefender
Management Agent on all newly detected computers.
authentication credentials management.
easy way to organize the network in computer clusters, based on the detected
computers or on Active Directory.
local update mirrors.
In this chapter you can find a detailed description of the BitDefender Management
Server built-in tools.
15.1. Network Builder

Network Builder helps you easily organize the network computers into a manageable
structure and deploy BitDefender Management Agent on selected computers.
Note
You should use Network Builder immediately after deploying BitDefender Management
Server.
Using Network Builder, you can drag&drop the detected network computers (those
displayed in the Unmanaged Computers group) or the computers imported from Active
Directory in the Excluded Computers or Managed Computers group. After organizing
the network computers, you can apply changes and deploy BitDefender Management
Agent on the computers that you have moved into the Managed Computers group.
To display the Network Builder pane, click Tools in the management console and
then Network Builder on the menu.
Note
If connected to more than one instance of BitDefender Management Server in the
management console, you must first select the specific instance to use the tool for.
You must follow a two-step procedure.
Tools 93
15.1.1. Step 1/2 - Organize Computers
Detected Network Computers
On the left side of the Network Builder pane, you can see the detected network
computers. These computers are not managed by BitDefender Management Server
and can be found in the Unmanaged Computers group. On the right side, you can
see the Excluded Computers and Managed Computers groups from Computers
Directory. You can click Active Directory Computers to import the computers from
Active Directory and display them instead of the unmanaged computers.
Creating New Groups

You can create sub-groups in the Managed Computers group in order to organize the
computers managed by BitDefender Management Server according to the company's
structure.
To create a new sub-group in Managed Computers or in one of its sub-groups,
right-click the parent group and select Create new group. Type an appropriate name
for the newly created group.
Tools 94
Deleting Groups
To delete a sub-group of the Managed Computers group, right-click it and select Delete
group.
Removing Computers from Groups

To remove a computer from the Excluded Computers or Managed Computers group,
right-click it and select Remove computer from group.
Deleting Detected Computers

To delete a computer both from the group it is placed in and from the list of detected
network computers, right-click it and select Delete computer.
Note
If you delete an unmanaged computer while it is still connected to the network,
BitDefender will eventually detect its activity and restore it in the Unmanaged Computers
group.
Excluding Computers from Management

If you do not want specific computers to be managed by BitDefender Management
Server, you just have to exclude them from management. For example, you might
want to exclude your own computer, the computers of your IT team or the computers
of the Quality Assurance team.
You should also exclude:
1. the router interfaces and management switches detected by BitDefender

Management Server in the broadcast domain.
You should make a list of such devices in your network, find them in the Unmanaged
Computers group and exclude them.
2. the computers on which BitDefender Management Server is installed.
Note
BitDefender recommends that you do not deploy BitDefender Management Agent
on the computers on which BitDefender Management Server is installed.
To exclude a computer or a group of computers from management, move them by

drag&drop in the Excluded Computers group.
Tools 95
15.1.2. Step 2/2 - Deploy BitDefender Management Agent

To save the changes made to the way network computers are organized, click Apply
changes. A new window will appear.
Deployment Options
You must specify the deployment options before initiating the deployment of
BitDefender Management Agent
To configure and initiate the deployment of BitDefender Management Agent, follow
these steps:
Step 1/5 - Configure General Options

You can specify the deployment behavior on the remote computer using the options
in the General Options category.
Check Notify user before and after deploying the agent if you want the user logged
on the remote computer to be briefly informed about the deployment process. Two
dialogs will appear on the user's screen, before and after the deployment process.
Check Install agent without user interface if you want the deployment process to
be performed silently in the background. If you do not check this option, the Windows
Installer interface will appear on the user's screen.
Tools 96

Note
Step 3/5 - Specify Restart Method

Usually, after deploying BitDefender Management Agent, the remote computer must
be restarted. By default, the user will be prompted for restart, if necessary.
To specify how to restart the remote computer, select one of the options in the Restart
Options category. If you select:
Do not restart after the installation is completed - the remote computer will not
be restarted once the installation is completed, even if necessary. BitDefender will
wait for a user to restart the computer.
Prompt the user for restart if necessary - the user whose credentials are used
for authentication on the remote computer will be prompted to restart the computer,
if necessary.
Note
The user must confirm or suspend computer restart within 30 seconds, otherwise
the remote computer will be restarted automatically.
Always restart the computer after installation - the remote computer is restarted
immediately after the installation is completed, without alerting the user.
Step 4/5 - Specify Management Server

By default, BitDefender Management Agent will be managed by the specific instance
of BitDefender Management Server that deploys it.
If you want BitDefender Management Agent to be managed by another instance of
BitDefender Management Server, provide the name or IP address of the computer it
is installed on in the corresponding field.
Tools 97
Step 5/5 - Start Deployment

Click Start Deployment to initiate the deployment process. A new pane will be
displayed.
Deployment Status
You can see the status of the deployment process for each computer moved into the
Managed Computers group.
Click Dismiss page to close this pane.
15.2. Credentials Manager

Server requires a set of credentials for authentication on the remote computer:
the username of a user account with administrative rights on the remote computer.
the password of the specified user account.
for a domain user account, the domain to which it belongs.
for a local user account (on a standalone or workgroup computer), the computer
name.
Tools 98
Credentials Manager allows you to save the credentials used by BitDefender

Management Server for authentication when deploying BitDefender Management
Agent.
Note
These credentials are used only when deploying BitDefender Management Agent directly
on unmanaged computers or by using Network Builder or Automatic Deployment. If you
use Deployment Tool, you will have to provide the appropriate credentials each time
you use it.
To open the Credentials Manager window, open the management console, click Tools
and then Credentials Manager on the menu.
Credentials Manager
You can see all of the credentials saved by Credentials Manager.
Note
For security reasons, the password is not displayed in the Credentials Manager window,
neither in clear, nor masked.
When deploying BitDefender Management Agent on a remote computer, BitDefender

Management Server will try the credentials sets in the list one by one until
Tools 99
authentication is successful. If authentication fails, BitDefender Management Agent

will not be deployed on the remote computer.
15.2.1. Adding New Credentials

You can add up to 100 sets of credentials. To add a new set of credentials, click the
Add button. A new window will appear.
You must fill the required information in the following
fields:
Username - type the username of a user account

with administrative rights.
Password - type the password of the previously
specified username.
Note
The provided password is encrypted in order to Adding New Credentials
avoid a potential security threat.
Domain - if you specified a domain user account, type the respective domain;
otherwise, type the computer name.
Click Add to add the new credentials. If you want to quit, just click Cancel.
When finished adding credentials, click OK to save the changes and close the window
Adding Credentials for Windows Server (Active Directory) Domains

For the network computers that are within an Active Directory domain, you will only
have to provide the credentials of the domain administrator.
Adding Credentials for Windows Workgroups or Stand-alone Computers

In the case of network computers grouped into Windows workgroups, you will have
to provide administrative credentials for each computer. This also applies to stand-alone
computers.
If the same username and password are configured on all computers in a workgroup,
you can provide only these credentials, leaving the Domain field blank.
Tools 100
15.2.2. Deleting Existing Credentials

To delete an existing set of credentials, select the corresponding user from the list
and click the Delete button. You will have to confirm your action by clicking Yes.
15.3. Deployment Tool

Deployment Tool helps you automatically install, remove or repair BitDefender products
on remote network computers. It also allows you to create unattended installation
packages for use on computers where automatic deployment cannot be performed.
You will need to use Deployment Tool in the following situations:
to remotely deploy BitDefender Management Agent (or a BitDefender client product)

on the network computers that are not automatically detected by BitDefender.
Note
BitDefender only detects the computers in the same broadcast domain as the
computer on which the BitDefender Management Server is installed.
to automatically repair or remove BitDefender Management Agent or BitDefender

client products installed on remote network computers.
to create unattended installation packages, which will be used to install BitDefender
Management Agent and BitDefender client products on computers where automatic
deployment cannot be performed.
15.3.1. Launching Deployment Tool

You can launch Deployment Tool in one of the following ways:
Open the management console, click Tools and then Deployment Tool on the
menu.
On the Windows Start menu, follow the path: Start Programs BitDefender
Management Server BitDefender Deployment Tool.
A wizard will appear and guide you through the deployment process.
Tools 101
Note
The wizard steps and use instructions of Deployment Tool will be discussed in the
following sections.
15.3.2. Automatically Installing, Repairing or Removing

Products
To automatically install, remove or repair BitDefender products on remote network
computers, launch Deployment Tool and follow the wizard steps.
Note
You must choose Automatically Install / Uninstall / Repair a product in the second
step of the wizard.
Step 1/8 - Welcome Window

When you launch Deployment Tool, a welcome window will appear.
Welcome Window
Tools 102
Step 2/8 - Select Deployment Method

This window allows you to select the deployment method you want to use.
Deployment Method
The following options are available:
Automatically Install / Uninstall / Repair a product - to automatically install,

remove or repair BitDefender products on remote network computers.
Create an unattended installation package for later use - to create an installation
package which can be used to manually install BitDefender Management Agent or
the BitDefender client products.
Select the first option and click Next. A new window will appear.
Step 3/8 - Select Package

This window allows you to select the package you want to use.
Tools 103
Packages
You can see the list of available installation packages:

Select the package you want to use and click Next. A new window will appear.
Step 4/8 - Select Operation

This window allows you to select what operation to perform.
Tools 104
Operations
You can choose to automatically install, repair or remove the previously selected
package on remote network computers.
Note
If you choose Repair or Remove, you will skip the next step.
Select the operation you want to perform and click Next. A new window will appear.
Step 5/8 - Configure Package

This window allows you to specify which package components to install and
package-specific installation settings.
Tools 105
Package Components
You can see the installation package selected and its components, if any. Click a
specific component to see its description.
By default, all package components will be installed. If you do not want to install a
specific component, just click its corresponding check box.
Note
You cannot choose not to install core package components.
Depending on the installation package selected, you may have to provide

package-specific installation information. You can see the required information, if any,
in the lower part of the window.
If you have selected to install BitDefender Management Agent, you must set the
following properties:
BitDefender Management Server Name or IP - type the name or the IP address

of the computer on which BitDefender Management Server is installed in the
corresponding field.
BitDefender Management Agent Port - type the communication port used by
BitDefender Management Agent in the corresponding field.
Tools 106
Step 6/8 - Configure Deployment Options

This window allows you to configure the deployment options.
Deployment Options
The deployment options are grouped into two categories:
General Options
The options in the General Options category allow you to specify the deployment
behaviour on the target computers. You can check:
Notify user before and after deploying the package - to alert the user logged on
the target computers about the deployment process. Two dialogs will appear on the
user's screen, before and after the deployment process.
Do not display user interface on the target computers (recommended) - to
install the package silently in the background. The Windows Installer interface will
not be displayed on target computers.
Use non interactive Authentication - to provide the administrative credentials
(username and password) that will be used to authenticate on the target computers.
Tools 107
Important
If you do not provide these credentials, the deployment process will fail.
To provide the credentials, click Enter authentication credentials. A new window

will appear.
Type the usernames required for
authentication and their respective
passwords in the corresponding fields.
Click OK.
Credentials
Note
The provided credentials will be used only for the current deployment process. They
will not be saved for future deployments.
Reboot Options
Usually, after the deployment is completed, the target computers must be restarted.
The options in the Reboot Options category allow you to specify how to restart the
target computers. If you select:
Do not reboot target computers - the target computers will not be restarted, even
if necessary. BitDefender will wait for a user to restart them.
Reboot the computer if necessary, and ask the user to confirm - the user will
be prompted to restart the computer, if necessary. If no user response is received
within a certain time interval, the computer is automatically restarted. To specify the
time interval until restart, type the number of seconds in the edit field.
Tools 108
Note
By default, the time interval until restart is set to 0. This means that the target computer
will be automatically restarted.
Force the target computer to reboot - the target computers will be restarted after
a certain time interval. To specify the time interval until restart, type the number of
seconds in the edit field.
Note
By default, the time interval until restart is set to 0. This means that the target computer
will be automatically restarted.
Step 7/8 - Specify Target Computers

This window allows you to specify the computers on which the package will be
deployed.
Target Computers
Tools 109
You can easily browse the entire Microsoft Windows Network and see all domains
and workgroups in your network.
To specify the target computers, use one the following methods:
Browse the network to find target computers. You must follow the next steps:
1. Double-click a domain or workgroup in the Entire Network list (or select it from
the menu) to see the computers it contains.
2. Double-click the computers you want to add to the target list (or select them and
click Add computers to list).
Note
To select all computers in the list, click one of them and then press CTRL+A.
Type the name or IP address of the target computers directly into the target
list, separated by semicolons ";".
To learn about the syntax you must use, click View some examples. A new window
will appear providing you with examples of valid and wrong syntax.
Click Start to initiate the deployment process. A new window will appear.
Step 8/8 - View Deployment Status

This window shows you the deployment status.
Tools 110
Results
You can see the deployment status on each target computer. Wait until all deployment
processes are finished.
Note
If the deployment process fails, you can see the returned error message explained in
detail.
If you want to save the results in a HTML or a txt file, click Save Results.
Click Finish to close the window.
15.3.3. Examining Deployment Results

You can easily examine the results of the automatic deployment performed on the
remote computers. You just have to save them in a HTML or a txt file in the last step
of the wizard.
Note
This is very useful when troubleshooting errors that occurred during deployment.
The following picture presents the deployment results saved in HTML format:
Tools 111
Deployment Results in HTML Format
You can see:
when the operation was performed.

information about the deployed package.
what operation was performed.
the status of and additional information on the deployment process for each target
computer, as well as detailed information about the error, if any.
15.3.4. Creating Unattended Installation Packages

The unattended installation packages allow you to install BitDefender Management
Agent or BitDefender client products on computers where automatic deployment fails.
An unattended installation package is an executable archive (an installer) which
contains:
the installation package of BitDefender Management Agent or of a BitDefender

client product.
the installation settings, which specify:
what product components to be installed.
the product-related installation settings, if any.
Tools 112
how to interact with the user during installation.

the reboot procedure after the installation is completed.
You can do one of the following with this package:
Put it on a removable storage device (CD, DVD, USB stick) and then copy it on
network computers.
Send it by e-mail to a certain user.
Transfer it in a shared folder, so that it can be read from any other workstation.
Use a logon script to automatically install it after the login procedure.
To create an unattended installation package, launch Deployment Tool and follow the
wizard steps.
Note
You must choose Create an unattended installation package for later use in the
second step of the wizard.

When you launch Deployment Tool, a welcome window will appear.
Welcome Window
Tools 113
Step 2/7 - Select Deployment Method

This window allows you to select the deployment method you want to use.
Deployment Method
Automatically Install / Uninstall / Repair a product - to automatically install,

remove or repair BitDefender products on remote network computers.
Create an unattended installation package for later use - to create an installation
package which can be used to manually install BitDefender Management Agent or
the BitDefender client products.
Select the second option and click Next. A new window will appear.
Step 3/7 - Select Package

This window allows you to select the package you want to use.
Tools 114
Packages
You can see the list of available installation packages:

Select the package you want to use and click Next. A new window will appear.
Step 4/7 - Configure Package

This window allows you to specify which package components to install and
package-specific installation settings.
Tools 115
Package Components
You can see the installation package selected and its components, if any. Click a
specific component to see its description.
By default, all package components will be installed. If you do not want to install a
specific component, just click its corresponding check box.
Note
You cannot choose not to install core package components.
Depending on the installation package selected, you may have to provide

package-specific installation information. You can see the required information, if any,
in the lower part of the window.
If you have selected to install BitDefender Management Agent, you must set the
following properties:
BitDefender Management Server Name or IP - type the name or the IP address

of the BitDefender Management Server in the corresponding field.
BitDefender Management Agent Port - type the communication port used by the
BitDefender Management Agent in the corresponding field.
Tools 116
Step 5/7 - Configure Deployment Options

This window allows you to configure the deployment options.
Deployment Options
The deployment options are grouped into two categories:
General Options
The options in the General Options category allow you to specify the deployment
behaviour on the target computers. You can check:
Notify user before and after deploying the package - to alert the user logged on
the target computers about the deployment process. Two dialogs will appear on the
user's screen, before and after the deployment process.
Do not display user interface on the target computers (recommended) - to
install the package silently in the background. The Windows Installer interface will
not be displayed on target computers.
Tools 117
Reboot Options
Usually, after the deployment is completed, the target computers must be restarted.
The options in the Reboot Options category allow you to specify how to restart the
target computers. If you select:
Do not reboot target computers - the target computers will not be restarted, even
if necessary. BitDefender will wait for a user to restart them.
Reboot the computer if necessary, and ask the user to confirm - the user will
be prompted to restart the computer, if necessary. If no user response is received
within the specified time interval, the computer is automatically restarted. To specify
the time interval until restart, type the number of seconds in the edit field.
Note
By default, the time interval is set to 0. This means that the target computer will be
automatically restarted.
Force the target computer to reboot - the target computers will be restarted after
the specified time interval. To specify the time interval until restart, type the number
of seconds in the edit field.
Note
By default, the time interval is set to 0. This means that the target computer will be
automatically restarted.
Step 6/7 - Save Installation Package

This window allows you to create and save the unattended installation package.
Tools 118
Saving Options
You can make any changes you want by returning to the previous steps (click Back).
To specify the package name and where to save it, follow the next steps:
1. Click Browse.
2. Select the location where to save the file. You can save it on the local machine or
on a network share.
3. Save the file with the desired name. The default filename is deploypack.exe.
Note
We recommend that you choose an explicit filename, such as
deploypack_bdagent.exe.
You can also type the full path and name of the installation package directly in the
edit field.
Click Next to create and save the unattended installation package. A new window will
appear.
Tools 119
Step 7/7 - Close Window

This window shows you the results.
Results
Click Finish to close the window.

You can find the unattended installation package at the location where you chose to
save it. Next, you will have to copy the file on the target computers and execute it.
15.4. Automatic Deployment

Automatic Deployment allows BitDefender Management Server to automatically deploy
BitDefender Management Agent and BitDefender Business Client on newly detected
computers. This tool is very useful in keeping the network managed by BitDefender
Management Server up to date with the changes in the physical network, after the
initial deployment and configuration.
Note
By default, Automatic Deployment is disabled. BitDefender Management Agent will be
deployed only on the computers detected after enabling Automatic Deployment.
Tools 120
To open the Automatic Deployment configuration window, open the management

console, click Tools and then Automatic Deployment on the menu.
Automatic Deployment
Here you can find the following information:
if Automatic Deployment is enabled.

the IP addresses of the computers on which BitDefender Management Agent can
be deployed or, on the contrary, those expressly excepted from the management
of BitDefender Management Server.
if BitDefender Business Client is deployed along with BitDefender Management
Agent.
whether automatic deployment is performed on computers in Virtual Private Networks
(VPNs).
To remove IP addresses from the list, select them and click Remove Selected. You
will have to confirm your action by clicking Yes.
15.4.1. Configuring Automatic Deployment

In order to configure Automatic Deployment, follow the next steps:
Step 1/4 - Enable Automatic Deployment

Check Enable Automatic Deployment to enable Automatic Deployment.
Tools 121
Note
BitDefender Management Agent will not be automatically deployed only by enabling
Automatic Deployment. You will have to follow the next configuration steps in order for
Automatic Deployment to work properly.
If you also want BitDefender Business Client to be automatically deployed along with
BitDefender Management Agent, check Install BitDefender Business Client.
Step 2/4 - Specify Allowed or Restricted IP Addresses

You must specify the IP addresses on which BitDefender Management Server is
allowed or not to deploy BitDefender Management Agent. Choose either Deploy on
these computers only or Deploy on all computers except and provide the IP
addresses.
Note
If you have specific IP addresses assigned to router interfaces, management switches
or some computers that you do not want to be managed by BitDefender Management
Server, choose Deploy on all computers except and provide the excepted IP
addresses.
If you have a range of IP addresses assigned to computers that you want to be
managed by BitDefender Management Server, choose Deploy on these computers
only and provide these IP addresses.
To add IP addresses, click Add IP address. A new window will appear.
Add IP addresses
If you want to add one or several IP addresses, type them in the upper edit field.
Tools 122
Note
If you provide more than one IP address, separate them by a semicolon ";".
If you want to add a range of IP addresses, type the lower and upper range limit in
the corresponding fields.

Note
Step 4/4 - Save Changes

15.4.2. Configuring Automatic Deployment for VPN Computers

To configure automatic deployment for VPN computers, follow these steps:
1. Configure Automatic Deployment.

2. Click the link that informs you about the automatic deployment on VPN computers.
A new configuration window will appear.
Tools 123
Automatic Deployment for VPN Computers
3. Select Enable Automatic Deployment on VPN computers.

4. Specify the IP addresses beloging to the VPN computers.
Important
In order to perform automatic deployment on the specified VPN computers, their IP
addresses must be either explicitly allowed or not restricted in the Automatic
Deployment configuration window.
To add IP addresses to the list, click Add. A new window will appear.
Type the IP addresses in the upper edit field,
separating them by semicolons (";"). If you want
to add a range of IP addresses, type the lower
and upper range limit in the corresponding
fields.
Click OK to add the specified IP addresses to
the list.
Add IP addresses
To remove an entry from the list, select it and click Remove.
Tools 124
5. Click OK to save the changes and close the window.
15.4.3. Deploying BitDefender Business Client Automatically

By default, when Automatic Deployment is enabled, only BitDefender Management
Agent is automatically deployed.
If you also want BitDefender Business Client to be automatically deployed along with
BitDefender Management Agent, check Install BitDefender Business Client. Click
OK to save the changes and close the window.
15.4.4. Disabling Automatic Deployment

To disable Automatic Deployment, just clear the check box corresponding to Enable
Automatic Deployment. Click OK to save the changes and close the window.
15.5. BitDefender Update Server

BitDefender Update Server allows you to set up a BitDefender update location within
the local network. Having a local update location, you can configure update policies
and assign them to clients so that the BitDefender products update from this local
mirror instead of updating from the Internet.
By using a local BitDefender update location, you can reduce Internet traffic (only one
computer connects to the Internet to download updates) and achieve faster updates.
Moreover, you do not have to worry about updating the BitDefender products installed
on computers that are not connected to the Internet.
15.5.1. Opening Configuration Window

To open the BitDefender Update Server configuration window, go to the Windows
Start menu and follow the path: Start Programs BitDefender Management
Server BitDefender Update Server.
Tools 125
Update Server Settings
The first time you open the configuration window you can see that no settings are
configured. You will have to click Change Settings and follow the configuration wizard
steps.
If BitDefender Update Server has already been configured, the window will display
the following:
the Internet location updates are downloaded from.

the local folder the updates are stored in.
the update interval.
the proxy settings, if a proxy server is used to connect to the Internet.
information about the last update performed and the BitDefender malware signatures.
the BitDefender products that are currently updated using BitDefender Update
Server.
The local update address that must be configured on the BitDefender products is:
Tools 126
http://computer_name if you are using port 80.

http://computer_name:port if you are using a different port.
Configure and assign update policies using such an update location to set the
BitDefender client products to update from the local mirror.
Important
You must publish the folder where updates are downloaded in order to make them
available to the network clients.
If you want to immediately download updates from the Internet update location, just
click Update Now.
To close the configuration window, click Exit.
15.5.2. Configuring Update Server Settings

In order to configure BitDefender Update Server and set up the local update location,
click Change Settings and follow the steps of the configuration wizard that will appear.
The configuration wizard is a 7-step procedure.

When you launch the configuration wizard, a welcome window will appear.
Welcome Window
Tools 127
Step 2/7 - Set Internet Update Location

This window allows you to specify the address of the Internet update location that
BitDefender Update Server will mirror on the local computer.
Internet Update Location
By default, BitDefender Update Server will download updates on the local computer
from http://upgrade.bitdefender.com. This is a generic address that is automatically
resolved to the closest server that stores BitDefender malware signatures in your
region.
Step 3/7 - Set Local Update Location

This window allows you to set up the local update location.
Tools 128
Local Update Location
To set up the local update location, follow these steps:
1. Type the path to the local folder into which to download and store the BitDefender
updates or click Browse and select it.
2. Publish the folder where updates are downloaded in order to make them available
to the network clients.
If you want to use BitDefender's own HTTP server to publish the local update
location, select Use BitDefender HTTP Server. By default, port 80 will be used,
but you can specify another port.
You can also publish the downloads folder by using another HTTP server like IIS
or Apache.
Important
The local update address that must be configured on the BitDefender products is:
http://computer_name if you are using port 80.

http://computer_name:port if you are using a different port.
Configure and assign update policies using such an update location to set the
BitDefender client products to update from the local mirror.
Tools 129
Step 4/7 - Configure Proxy

This window allows you to configure the proxy settings in order to connect to the
Internet through a proxy server.
Proxy Settings
In case your company connects to the Internet through a proxy, select Use a proxy
server for access to the Internet and provide the proxy settings. You must fill in the
following fields:
Proxy Address - type in the IP address of the proxy server.

Port - type in the port BitDefender uses to connect to the proxy server.
Username - type in a user name recognized by the proxy.
Password - type in the valid password of the previously specified user.
Domain (NTLM) - type in the NTLM domain if you use NTLM domain authentication
inside the network. Otherwise, leave this field blank.
Step 5/7 - Select Products to Update

This window allows you to specify for which BitDefender products to download updates.
Tools 130
BitDefender Products List
You can see the entire list of BitDefender products that can be updated using
BitDefender Update Server.
Select the products that interest you (those installed on computers managed by
BitDefender Management Server) and click Next. A new window will appear.
Step 6/7 - Set Update Interval

This window allows you to specify how often BitDefender Update Server should
download updates from the Internet update location.
Tools 131
Update Interval
Type the update interval in hours and click Next. A new window will appear.
Step 7/7 - Finish

This window allows you to review settings.
Finish
The last window of the configuration wizard displays all the settings you have
configured. You can make any changes you want by returning to the previous steps
(click Back).
Tools 132
Click Finish to save changes. The settings will appear in the BitDefender Update
Server configuration window.
Tools 133
16. Master-Slave Architecture

BitDefender Management Server provides great scalability through its master-slave
architecture. You can set up a master instance of BitDefender Management Server
to manage a number of slave instances of BitDefender Management Server. The
master-slave architecture can be used both to extend the BitDefender Management
Server capabilities in very large computer networks and to centrally manage
BitDefender Management Server instances in different physical locations.
In this chapter you can find information about the master-slave architecture of
BitDefender Management Server and the differences between the single (standalone),
slave and master instances of BitDefender Management Server.
16.1. Overview
In a master-slave architecture, a specific instance of BitDefender Management Server
(the master server) manages other instances of BitDefender Management Server (the
slave servers).
A slave server acts as a single (standalone) instance of BitDefender Management
Server, managing network computers. Furthermore, the slave server receives policies
and WMI scripts assigned by and reports to its master server.
If you want a slave server not to be managed by its master anymore, right-click its
name in the tree menu and select Unregister from server. If you want a single
(standalone) instance of BitDefender Management Server to be managed by a master,
follow these steps:
1. Right-click the instance name in the tree menu and select Register to server. A
new window will appear.
2. In the edit field, type the name or the IP address of the master instance.
3. Click OK.
The master server does not have its own managed computers, but it indirectly manages
those of its slave servers by assigning policies and WMI scripts to them. Another main
purpose of the master server is to provide you with information on the network security
status, by centralizing data from all managed servers. In this way, you can get
centralized results from all the clients of the slave servers in a single report.
Master-Slave Architecture 134

16.2. Master Registration

You do not need to register a master server in order for it to manage slave instances
All you have to do is to register each slave server with a license key that allows it to
manage a specific number of BitDefender client products.
Note
For more information on registering BitDefender Management Server, please refer to
Registration (p. 36).
16.3. Viewing Modes

You can choose between two modes to view a master instance of BitDefender
Management Server:
Network View
Virtual View
The tree menu will change depending on the chosen viewing mode.
To switch from one view to the other, right-click the BitDefender Management Server
instance in the tree menu and select the appropriate option.
16.3.1. Network View

In Network View, you can see in the tree menu the servers
managed by BitDefender Management Server grouped
under Managed servers. Each slave server contains its
Computers Directory, with the corresponding Managed
Computers, Unmanaged Computers and Excluded
Computers groups.
At the same time, Master Policies and Master WMI Scripts
allow managing policies and WMI scripts for each slave
server.
Tree Menu in Network View

16.3.2. Virtual View

In Virtual View, there is a global Computers Directory that
contains all the network computers from all Computers
Directory of each slave server.
This virtual Computers Directory has the following groups:
Virtual Managed Computers - displays the managed

computers of all slave servers.
Virtual Unmanaged Computers - does not display any
computer.
Note
In Virtual View, you cannot see the detected network
computers that are not managed by the slave instances
Tree Menu in Virtual View
Virtual Excluded Computers - displays the computers excluded from the

management of all slave servers.
16.4. Master/Virtual Policies

The master server allows you to create and assign policies to its slave servers in order
to indirectly manage their respective clients.
In Network View, you can create and assign policies to clients based on the slave
servers that manage them. The current policies are also grouped based on the slave
servers they are assigned to.
In Virtual View, you can create and assign virtual policies to any client from the virtual
Computers Directory, irrespective of the slave server that manages it. All of the current
virtual policies assigned are displayed in the Virtual Current Policies pane.
A policy assigned by a master server cannot be altered in any way (modified, deleted,
renamed) by an administrator logged to the slave server. Moreover, such a policy has
precedence over a local policy assigned by the slave server.

16.5. Master/Virtual WMI Scripts

The master server allows you to create and assign WMI scripts to its slave servers in
order to find out more information about their respective clients or perform
administrative tasks.
A WMI script assigned by a master server cannot be altered in any way (modified,
deleted, renamed) by an administrator logged to the slave server.
16.6. Master Reporting Center

Master Reporting Center is similar to Reporting Center. It allows you to create
centralized reports on the security status of the network computers managed by all
or only specific slave servers. In this way, you can get in a single report the security
status of all the company's computers, even if they are part of networks in different
physical locations.
You can create reports in the Create New Report pane. When creating a report, you
will be able to select to create the report for the master server or only for specific slave
servers.
16.7. Master Activity Log

Master Activity Log is similar to Activity Log. It contains information regarding the
activity of the master BitDefender Management Server.
Note
Master Activity Log does not provide information regarding the activity of the slave
servers.
You can examine the activity of BitDefender Management Server (errors, warnings
and successful actions that occurred during its operation) in the Server Activity pane.

Policy Templates
138
17. BitDefender Management Server Templates

The BitDefender Management Server policy templates allow you to create policies
that you can assign to clients or client groups in order to manage BitDefender
Management Server.
In this chapter you can find out what settings and parameters each template allows
you to configure and manage. For information on managing the policy templates and
creating policies, please refer to New Policies (p. 64).
To access the BitDefender Management Server policy templates, follow these steps:
1. Connect to BitDefender Management Server using the management console.

2. In the tree menu, go to Policies > Create New Policy.
3. In the Create New Policy pane, select BitDefender Management Server
Templates.
The following table lists the default BitDefender Management Server policy templates:
Template Description
BitDefender Management Allows creating policies through which you can configure
Agent Settings the settings of BitDefender Management Agent.
17.1. BitDefender Management Agent Settings

This policy template allows you to create policies concerning the settings of BitDefender
Management Agent. You can specify how often BitDefender Management Agent
should connect to BitDefender Management Server depending on the network type.
When you select to edit or to create a new policy based on this template, the following
pane will be displayed:
BitDefender Management Server Templates 139

BitDefender Management Agent Settings Template
Here you can configure the BitDefender Management Agent settings that will be applied
on the assigned clients. The settings are organized into a single section:
Agent Settings
17.1.1. Agent Settings

In this section you can specify how often BitDefender Management Agent should
connect to BitDefender Management Server in a:
Local Area Network (LAN). The following options are available:
Connection interval Description

Small Sets the minimum connection interval to 1 minute.
Recommended for small networks.

Connection interval Description

Medium Sets the minimum connection interval to 10 minutes.
Recommended for medium networks.
Large Sets the minimum connection interval to 2 hours.
Recommended for large networks.
Custom Allows customizing the minimum connection interval.
Select the desired connection interval from the menu.
Virtual Private Network (VPN). The following options are available:
Option Description
Default Sets the minimum connection interval to one hour.
Custom Allows customizing the minimum connection interval.
Select the desired connection interval from the menu.

18. BitDefender Business Client Templates

The BitDefender Business Client policy templates allow you to create policies that you
can assign to clients or client groups in order to manage BitDefender Business Client.
By using these policies you can ensure consistent configuration of BitDefender
Business Client throughout the network and compliance with your organization's
regulations regarding the workstation security.
In this chapter you can find out what settings and parameters of BitDefender Business
Client each template allows you to configure and manage. For information on managing
the policy templates and creating policies, please refer to New Policies (p. 64).
To access the BitDefender Business Client policy templates, follow these steps:
1. Connect to BitDefender Management Server using the management console.

2. In the tree menu, go to Policies > Create New Policy.
3. In the Create New Policy pane, select BitDefender Business Client Templates.
The following table lists the default BitDefender Business Client policy templates:
Update Request Allows creating policies through which you can configure
and trigger an immediate update of BitDefender
Business Client.
Update Scheduled Allows creating update policies for BitDefender Business
Client.
Scan Policy Allows creating on-demand antimalware scan policies
for BitDefender Business Client.
Antivirus Settings Allows creating antivirus policies for BitDefender
Business Client.
Firewall Settings Allows creating firewall policies for BitDefender Business
Client.
Privacy Control Allows creating policies for the Privacy Control module
of BitDefender Business Client.
Antispam Settings Allows creating antispam policies for BitDefender
Business Client.
BitDefender Business Client Templates 142

User Control Allows creating policies for the User Control module of
BitDefender Business Client.
Exceptions Allows creating scan exception policies for BitDefender
Business Client.
Advanced Settings Allows creating policies concerning the advanced
settings of BitDefender Business Client.
18.1. Update Request

This policy template allows you to create policies through which you can configure
and trigger an immediate update of BitDefender Business Client. You can set
BitDefender to update over the Internet or from a mirror inside the local network,
directly or through a proxy server.
The update process is performed on the fly, meaning that the files to be updated are
replaced progressively. In this way, the update process will not affect product operation
and, at the same time, any vulnerability will be excluded.
Update Request Template

Here you can configure the update settings that will be used to immediately update
BitDefender Business Client on the assigned clients. The settings are organized into
3 sections:
Update Locations
Proxy Settings
Advanced Settings
18.1.1. Update Locations

In this section you can configure the update location settings. You will need to configure
these settings in the following situations:
Your company connects to the Internet through a proxy server.

BitDefender update files are available on a local mirror created using BitDefender
Update Server.
For more reliable and faster updates, you can configure two update locations: a
Primary update location and an Alternate update location. By default, these
locations are the same: http://upgrade.bitdefender.com.
To modify one of the update locations, provide the URL of the local mirror in the URL
field corresponding to the location you want to change.
Note
We recommend you to set as primary update location the local mirror and to leave the
alternate update location unchanged, as a fail-safe plan in case the local mirror becomes
unavailable.
If the company uses a proxy server to connect to the Internet, select Use proxy and
specify the proxy settings.
18.1.2. Proxy Settings

In this section you can specify the proxy settings. If you have selected Use proxy next
to either of the update locations, you must fill in these fields:
Address - type in the IP of the proxy server.

18.1.3. Advanced Settings

In this section you can configure advanced update settings. The following options are
available:
Wait for reboot, instead of prompting - If an update requires a reboot, the product
will keep working with the old files until the system is rebooting. The user will not
be prompted for rebooting, therefore the BitDefender update process will not interfere
with the users work.
Don't update if scan is in progress - BitDefender will not update if a scan process
is running. This way, the BitDefender update process will not interfere with the scan
tasks.
Note
If BitDefender is updated while a scan is in progress, the scan process will be aborted.
18.2. Update Scheduled

This policy template allows you to create update policies for BitDefender Business
Client. You can set BitDefender to update over the Internet or from a mirror inside the
local network, directly or through a proxy server.
The update process is performed on the fly, meaning that the files to be updated are
replaced progressively. In this way, the update process will not affect product operation
and, at the same time, any vulnerability will be excluded.

Update Scheduled Template
Here you can configure the update settings that will be applied on the assigned clients.
The settings are organized into 3 sections:
Update Locations
Proxy Settings
Advanced Settings
18.2.1. Update Locations

In this section you can configure the update location settings. You will need to configure
these settings in the following situations:
Your company connects to the Internet through a proxy server.

BitDefender update files are available on a local mirror created using BitDefender
Update Server.

For more reliable and faster updates, you can configure two update locations: a
Primary update location and an Alternate update location. By default, these
locations are the same: http://upgrade.bitdefender.com.
To modify one of the update locations, provide the URL of the local mirror in the URL
field corresponding to the location you want to change.
Note
We recommend you to set as primary update location the local mirror and to leave the
alternate update location unchanged, as a fail-safe plan in case the local mirror becomes
unavailable.
If the company uses a proxy server to connect to the Internet, select Use proxy and
specify the proxy settings.
18.2.2. Proxy Settings

In this section you can specify the proxy settings. If you have selected Use proxy next
to either of the update locations, you must fill in these fields:
Address - type in the IP of the proxy server.

18.2.3. Advanced Settings

In this section you can configure advanced update settings. The following options are
available:
Wait for reboot, instead of prompting - If an update requires a reboot, the product
will keep working with the old files until the system is rebooting. The user will not
be prompted for rebooting, therefore the BitDefender update process will not interfere
with the users work.
Don't update if scan is in progress - BitDefender will not update if a scan process
is running. This way, the BitDefender update process will not interfere with the scan
tasks.
Note
If BitDefender is updated while a scan is in progress, the scan process will be aborted.

Overwrite settings - The automatic update settings configured previously will be

overwritten.
18.3. Scan Policy

This policy template allows you to create on-demand antimalware scan policies for
BitDefender Business Client. By using scan policies you can set BitDefender to scan
for malware the assigned clients, one time only or on a regular basis. You can choose
a default configuration of the scan level or you can specify the scanning options, the
scan target and the actions to be taken on the detected files.
The scanning is performed silently in the background. The user is informed that a
scanning process is running only through an icon that appears in the system tray.
Scan Policy Template
Here you can configure the antimalware scan settings that will be used to scan the
assigned clients. The settings are organized into 4 sections:
Scan Level
Options
Actions

Other Options
18.3.1. Scan Level

In this section you can set the scan level. The scan level specifies the scanning options,
the locations to be scanned and the actions to be taken on the detected files.
Choose the scan level that fits the purpose of the scan policy you want to create.
There are 4 scan levels:
Scan Level Description

Deep system scan The entire system is scanned for all types of malware
threatening its security, such as viruses, spyware,
adware, rootkits and others.
Full system scan The system is scanned for all types of malware
threatening its security, except for rootkits. Archives are
not scanned.
Quick system scan The Windows, Program Files and All Users
folders are scanned for all types of malware, except for
rootkits. Archives, memory, the boot sectors, the registry
and cookies are not scanned.
Custom scan Allows customizing the scanning options, the locations
to be scanned and the actions to be taken on the
detected files. You can configure these settings in the
Options and Actions sections.
Note
If BitDefender is set to perform Deep system scan or Full system scan, the scanning
may take a while. Therefore, you should run such scan policies on low priority or, better,
when the assigned clients are idle.
18.3.2. Options
In this section you can configure the scanning options and the locations to be scanned.

Note
These settings can be configured only if you have set the scan level to Custom scan.
The scan settings BitDefender offers may help you adapt the scanning process to
your needs. The scanner can be set to scan only specific file extensions, to search
for specific malware threats or to skip archives. This may greatly reduce scanning
times and improve the system's responsiveness during a scan.
To configure the scan settings, follow these general steps:
1. Specify the type of malware you want BitDefender to scan for. You can do that by
selecting the appropriate options from the Scan level settings category.
Option Description
Scan for viruses Scans for known viruses. BitDefender detects
incomplete virus bodies, too, thus removing any
possible threat to the system's security.
Scan for adware Scans for adware threats. Detected files will be
treated as infected. The software that includes adware
components might stop working if this option is
enabled.
Scan for spyware Scans for known spyware threats. Detected files will
be treated as infected.
Scan for application Scans for programs that can be used for spying
purposes.
Scan for dialers Scans for applications dialing high-cost numbers.
Detected files will be treated as infected. The software
that includes dialer components might stop working
if this option is enabled.
Scan for rootkits Scans for hidden objects (files and processes),
generally known as rootkits.
Note
These options affect only the signature-based scanning. The heuristic analysis will
report any suspicious file no matter the options you choose to be disabled.

2. Specify the type of objects to be scanned (all or specific file types, archives, e-mail
messages and so on). You can do that by selecting specific options from the Virus
scanning options category.
Option Description
Scan files Scan all files All files are scanned, regardless of their type.
Scan program files Only the program files are scanned. This
only category is limited to files with the following
extensions: exe; bat; com; dll; ocx; scr;
bin; dat; 386; vxd; sys; wdm; cla; class;
ovl; ole; exe; hlp; doc; dot; xls; ppt;
wbk; wiz; pot; ppa; xla; xlt; vbs; vbe;
mdb; rtf; htm; hta; html; xml; xtp; php;
asp; js; shs; chm; lnk; pif; prc; url; smm;
pdf; msi; ini; csc; cmd; bas; eml; nws.
Scan user defined Only the files with the extensions specified by
extensions the user will be scanned. These extensions
must be separated by ";".
Open packed programs Scans packed files.
Open archives Scans inside archives.
Password-protected archives cannot be
scanned. If such archives are detected, extract
the files they contain in order to scan them.
Open e-mail archives Scans inside mail archives.
BitDefender may not have the legal rights or
may not be able to disinfect certain e-mails
from e-mail archives. In such cases, please
contact us for support at
www.bitdefender.com.
Scan boot sectors Scans the systems boot sector.
Scan memory Scans the memory for viruses and other
malware.
Scan registry Scans registry entries.

Option Description
Scan cookies Scans cookie files.
3. Specify the locations to be scanned. You can set BitDefender to scan My Computer,
My Documents or you can select Paths and type the locations to be scanned in
the edit field, separated by a semi-colon ";".
18.3.3. Actions
In this section you can specify the actions to be taken on the files detected by
BitDefender as infected, suspicious or hidden.
Note
These settings can be configured only if you have set the scan level to Custom scan.
You can specify a second action to be taken if the first one fails and different actions
for each category. Choose from the corresponding menus the first and the second
action to be taken on each type of detected file.
Infected files. The following options are available:
Action Description
None (log objects) No action will be taken on infected files. These files
will appear in the report file.
Abort scan The scanning process is aborted when an infected
file is detected.
Disinfect infected files Disinfects infected files. This option is available only
as a first action.
Rename infected files Changes the extension of infected files. The new
extension of the infected files will be .vir. By
renaming the infected files, the possibility of executing
them and thus of spreading the infection is eliminated.
At the same time they can be saved for further
examination and analysis.
Delete files Deletes infected files immediately, without any
warning.

Action Description
Copy infected file to Copies the infected files into the quarantine. They will
Quarantine not be moved from the initial location.
Move files to Quarantine Moves infected files into the quarantine.
Suspicious files. The following options are available:
Action Description
None (log objects) No action will be taken on suspicious files. These files
will appear in the report file.
Abort scan The scanning process is aborted when a suspicious
file is detected.
Delete files Deletes suspicious files immediately, without any
warning.
Move files to Quarantine Moves suspicious files into the quarantine.
Note
Files are detected as suspicious by the heuristic analysis. We recommend you to
send these files to the BitDefender Lab.
Hidden files. The following options are available:
Action Description
None (log objects) No action will be taken on hidden files. These files will
appear in the report file.
Abort scan The scanning process is aborted when a hidden file
is detected.
Move files to Quarantine Moves hidden files into the quarantine.
Make visible Reveals hidden files so that you can see them.
18.3.4. Other Options

In this section you can configure general options regarding the scanning process. The
following options are available:

Option Description
Submit suspect files to Automatically submits all suspicious files to the
BitDefender Lab BitDefender lab after the scan process has finished.
Run task with low priority Decreases the priority of the scan process. You will allow
other programs to run faster and increase the time
needed for the scan process to finish.
18.4. Antivirus Settings

This policy template allows you to create policies for the Antivirus module of BitDefender
Business Client. The Antivirus module protects the system against all kinds of malware
threats (viruses, Trojans, spyware, rootkits, adware and so on). This module has two
components:
On-access scanning (or real-time protection): prevents new malware threats from
entering the system by scanning all accessed files, e-mail messages and the
messages sent through Instant Messaging Software applications (ICQ, NetMeeting,
Yahoo Messenger, MSN Messenger).
On-demand scanning: allows detecting and removing malware already residing in
the system. You can manage this component using the Scan Policy template.
BitDefender allows isolating the infected or suspicious files in a secure area, named
quarantine. By isolating these files in the quarantine, the risk of getting infected
disappears and, at the same time, you have the possibility to send these files for further
analysis to the BitDefender lab.
Note
When a virus is in quarantine it cannot do any harm because it cannot be executed or
read.

Antivirus Settings Template
Here you can configure the real-time protection and quarantine settings that will be
applied on the assigned clients. The settings are organized into 4 sections:
Real-time Protection
Protection Level
Settings
Quarantine Settings
18.4.1. Real-time Protection

In this section you can enable or disable real-time protection.
If you want real-time protection to be enabled, select Enable real-time protection.
Otherwise, clear this check box.
18.4.2. Protection Level

In this section you can configure the protection level. This is where you can easily
configure real-time protection using default configurations or a custom configuration.

Choose the protection level that best suits your security needs. There are 4 protection
levels:
Protection level Description

Aggressive Offers high security. The resource consumption level is moderate.
All files, incoming&outgoing mail messages and web traffic are
scanned for viruses and spyware. Besides the classical
signature-based scan, the heuristic analysis is also used. The
actions taken on infected files are the following: clean file/deny
access.
Default Offers standard security. The resource consumption level is low.
All files and incoming&outgoing mail messages are scanned for
viruses and spyware. Besides the classical signature-based scan,
the heuristic analysis is also used. The actions taken on infected
files are the following: clean file/deny access.
Permissive Covers basic security needs. The resource consumption level is
very low.
Programs and incoming mail messages are only scanned for
viruses. Besides the classical signature-based scan, the heuristic
analysis is also used. The actions taken on infected files are the
following: clean file/deny access.
Custom Allows customizing the real-time protection settings. You can
configure these settings in the Settings section.
18.4.3. Settings
In this section you can configure the real-time protection settings individually.
Note
These settings can be configured only if you have selected the Custom protection level.
The scan settings BitDefender offers may help you fully adapt real-time protection to
your company's regulations regarding workstation security. The scanner can be set
to scan only specific file extensions, to search for specific malware threats or to skip
archives. This may greatly reduce scanning times and improve the system's
responsiveness during a scan.

Scan accessed files and P2P transfers options - scans the accessed files and
the communications through Instant Messaging Software applications (ICQ,
NetMeeting, Yahoo Messenger, MSN Messenger). Further on, select the type of
the files you want to be scanned.
Option Description
S c a n Scan all files All the accessed files will be scanned,
accessed regardless their type.
files Scan program files Only the program files will be scanned. This
only means only the files with the following
extensions: .exe; .bat; .com; .dll; .ocx;
.scr; .bin; .dat; .386; .vxd; .sys; .wdm;
.cla; .class; .ovl; .ole; .exe; .hlp;
.doc; .dot; .xls; .ppt; .wbk; .wiz; .pot;
.ppa; .xla; .xlt; .vbs; .vbe; .mdb; .rtf;
.htm; .hta; .html; .xml; .xtp; .php;
.asp; .js; .shs; .chm; .lnk; .pif; .prc;
.url; .smm; .pdf; .msi; .ini; .csc; .cmd;
.bas; .eml and .nws.
Scan user defined Only the files with the extensions specified by
extensions the user will be scanned. These extensions
must be separated by ";".
Scan for riskware Scans for riskware. Detected files will be
treated as infected. The software that includes
adware components might stop working if this
option is enabled.
Select Skip dialers and applications from
scan if you want to exclude these kind of files
from scanning.
Scan boot Scans the systems boot sector.
Scan inside archives The accessed archives will be scanned. With
this option on, the computer will slow down.
Scan packed files All packed files will be scanned.

Option Description
First action Select from the drop-down menu the first
action to take on infected and suspicious files.
Deny access and In case an infected file is detected, the access
continue to this will be denied.
Clean file Disinfects infected files.
Delete file Deletes infected files immediately, without any
warning.
Move file t o Moves infected files into the quarantine.
quarantine
Second Select from the drop-down menu the second
action action to take on infected files, in case the first
action fails.
Deny access and In case an infected file is detected, the access
continue to this will be denied.
Delete file Deletes infected files immediately, without any
warning.
Move file t o Moves infected files into the quarantine.
quarantine
Do not scan files greater than [x] Type in the maximum size of the files to be
Kb scanned. If the size is 0 Kb, all files will be
scanned, regardless their size.
Do not scan network shares If this option is enabled, BitDefender will not
scan the network shares, allowing for a faster
network access.
We recommend you to enable this option only
if the network you are part of is protected by
an antivirus solution.
Scan e-mail traffic - scans the e-mail traffic.


Option Description
Scan incoming mails Scans all incoming e-mail messages.
Scan outgoing mails Scans all outgoing e-mail messages.
Scan http traffic - scans the http traffic.

Show warning when a virus is found - opens an alert window when a virus is
found in a file or in an e-mail message.
For an infected file the alert window will contain the name of the virus, the path to
it, the action taken by BitDefender and a link to the BitDefender site where you can
find more information about it. For an infected e-mail the alert window will contain
also information about the sender and the receiver.
In case of a suspicious file, the user can launch a wizard from the alert window in
order to send that file to the BitDefender Lab for further analysis. The user can
provide an e-mail address so as to receive information regarding the report.
18.4.4. Quarantine Settings

In this section you can configure the quarantine settings. You can set BitDefender to
automatically perform the following actions:
Delete old files. To automatically delete old quarantined files, check the corresponding
option. You must specify the number of days after which the quarantined files should
be deleted and frequency with which BitDefender should check for old files.
Note
By default, BitDefender will check for old files every day and delete files older than 10
days.
Delete duplicates. To automatically delete duplicate quarantined files, check the

corresponding option. You must specify the number of days between two consecutive
checks for duplicates.
Note
By default, BitDefender will check for duplicate quarantined files every day.
Automatically submit files. To automatically submit quarantined files, check the

corresponding option. You must specify the frequency with which to submit files.

Note
By default, BitDefender will automatically submit quarantined files every 60 minutes.
18.5. Firewall Settings

This policy template allows you to create firewall policies for BitDefender Business
Client. The Firewall protects the computer from inbound and outbound unauthorized
connection attempts.
Important
Firewall Settings Template
Here you can configure the firewall settings that will be applied on the assigned clients.

General Settings
Profile Settings
Other Settings
18.5.1. General Settings

In this section you can enable or disable the BitDefender Firewall and configure the
general settings.
If you want Firewall to be enabled, select Enable Firewall. Otherwise, clear this check
box.
To block all network / Internet traffic, select Block all traffic.
If you want a generic firewall profile to be applied each time the user connects to a
new network or a network is disabled, select Use generic profile in all networks.
18.5.2. Profile Settings

In this section you can configure the settings for both the current and the generic
firewall profiles. The current firewall profile contains the rules that currently control
applications' network / Internet access. The generic firewall profile contains the rules
that are initially applied each time the network configuration changes.
In order to configure the profile settings, follow these general steps:
1. Specify whether the settings are to be applied to the current profile, the generic
profile or to both.
2. Specify whether or not to check applications for changes.
Note
Usually, applications are changed by updates. But there is a risk that they might be
changed by malware applications, with the purpose of infecting the local computer
and other computers in the network.
Select Check process integrity if you want each application attempting to connect
to the Internet to be checked whether it has been changed since the addition of the
rule controlling its Internet access. If the application has been changed, an alert
will prompt the user to allow or to block the access of the application to the Internet.

Signed applications are supposed to be trusted and have a higher degree of security.
You can select Ignore changes for signed processes to automatically allow
changed signed applications to connect to the Internet.
3. Configure the firewall rules that should be applied. You can select to apply the
following default groups of rules:
Default group Description

Essential rules Allow network / Internet connection for:
Domain Name System (DNS);
Dynamic Host Configuration Protocol
(DHCP);
winlogon;
userinit;
Lightweight Directory Access Protocol
(LDAP);
Windows updates;
the Kerberos computer network
authentication protocol.
Remote Desktop Connection Allow network computers to connect to the
incoming rules computer using Remote Desktop Connection.
Remote Desktop Connection Allow the computer to connect to other
outgoing rules network computers using Remote Desktop
Connection.
Samba incoming rules Allow network computers to connect to the
computer's Samba shares.
Samba outgoing rules Allow the computer to connect to the Samba
shares of other network computers.
VPN incoming rules Allow incoming VPN connections.
VPN outgoing rules Allow outgoing VPN connections.
Internet Connection Sharing If Internet Connection Sharing is enabled,
rules these rules will allow the computer to share
its Internet connection with other network
computers.
Optional rules Allow network / Internet connection for:
Universal Plug and Play (UPnP) protocol;
Network Time Protocol (NTP);

Default group Description

Remote Authentication Dial-In User Service
(RADIUS);
Active Sync.
Web browser rules Allow the default web browser to connect to
the Internet.
E-mail rules Allow the default e-mail client to connect to
the network or the Internet.
To see the configured rules, to create additional rules or to manage the rules you
have created, click Manage Rules. A new pane will be displayed.
Firewall Rules
The configured firewall rules are grouped into two separate sections: Rules for
incoming packets and Rules for outgoing packets. For each rule listed in the
table, you can see:

the group the rule belongs to. This can be a default group or the Administrator
rules group, which contains the custom firewall rules that you have created.
the generic path to the application the rule applies to.
the protocol the rule applies to.
the rule action (allow or deny packets).
the packet source (IP address, subnet mask, port) the rule applies to.
the packet destination (IP address, subnet mask, port) the rule applies to.
the network events the rule applies to.
To edit an administrator rule, select it and click Modify. To change the priority of
an administrator rule by one level, use the Move up and Move down buttons.
To delete an administrator rule, select it and click Delete. You can select Delete
complementary rule to automatically delete the complementary rule for the other
type of packets.
Note
You can neither delete/modify the default firewall rules, nor change their priority.
If you want to configure a new firewall rule, click Add.

Add Rule
To configure a new firewall rule, follow these steps:

a. In the Process path field, type the path to the application the new firewall rule
applies to.
b. From the Protocol menu, select the protocol the rule applies to. You can choose
to apply the rule to one or all of the following protocols: ICMP, TCP, UDP.
c. From the Direction menu, select the traffic direction the rule applies to: incoming,
outgoing or both.
Note
If you select Both, two complementary rules will be created: one for incoming
packets and the other for outgoing packets.
d. From the Action menu, select the rule action (allow or deny packets).
e. Specify the packet source the rule applies to.

Type the source IP address and subnet mask in the corresponding fields.
If you want the rule to apply to all ports, select Any Port from the menu.
Otherwise, select Specific Port or Port Range and type in the desired port(s).
f. Specify the packet destination the rule applies to.
Type the destination IP address and subnet mask in the corresponding fields.
If you want the rule to apply to all ports, select Any Port from the menu.
Otherwise, select Specific Port or Port Range and type in the desired port(s).
g. If you have selected TCP or UDP as protocol, choose the network events the
rule applies to.
h. Click Add to add the rule.
18.5.3. Other Settings

In this section you can configure the automatic response to the firewall alerts. The
firewall asks for permission each time an application that does not match any rule in
the current profile tries to connect to the Internet. Based on the user's response or on
the automatic response configured, a rule is created for the respective application and
it is added to the profile.
Choose from the menu an automatic response to the firewall alerts. The following
options are available:
Automatic response Description

Forced Yes The application is automatically allowed to connect to
the Internet.
Forced No The application is not allowed to connect to the Internet.
No alert window is displayed on the user's screen.
Ask user (alert is shown) An alert window with detailed information is displayed
on the user's screen, prompting the user for action.
BDOKF and forced No The application is automatically allowed to connect to
the Internet only if it is in the BitDefender whitelist.
Otherwise, its connection attempt is blocked.
BDOKF and ask user The application is automatically allowed to connect to
the Internet only if it is in the BitDefender whitelist.
Otherwise, the user is prompted for action.

18.6. Privacy Control

This policy template allows you to create policies for the Privacy Control module of
BitDefender Business Client. This module has two independent functionalities:
Web Antiphishing: ensures safe web navigation by alerting the user about potential
phishing web pages.
Privacy Control: prevents data theft, monitors applications that try to load at system
startup, and protects against two two types of potential Internet threats, cookies and
scripts.
Privacy Control Template
Here you can configure the Privacy Control settings that will be applied on the assigned
clients. The settings are organized into 7 sections:
Protection
Protection Level
Settings
Identity Control
Cookie Control

Script Control
Alerts
18.6.1. Protection
In this section you can enable or disable Privacy Control.
If you want Privacy Control to be enabled, select Enable Privacy Control. Otherwise,
clear this check box.
Privacy Control has the following components:
Identity Control - prevents data theft by filtering all outgoing HTTP and SMTP traffic
according to the rules you create in the Identity Control section.
Registry Control - asks for permission whenever a new program, which does not
match any of the current rules, tries to modify a registry entry in order to be executed
at Windows start-up. Rules are automatically created for the local client product
based on the user's response or on the automatic response configured in the Alerts
section.
Cookie Control - asks for permission whenever a new web page, which does not
match any of the current rules, tries to set a cookie. Rules are automatically created
for the local client product based on the user's response or on the automatic response
configured in the Alerts section. You can also configure global rules manually in the
Cookie Control section.
Script Control - asks for permission whenever a new web page, that does not match
any of the current rules, tries to run a script or other active content. Rules are
automatically created for the local client product based on the user's response or
on the automatic response configured in the Alerts section. You can also configure
global rules manually in the Script Control section.

In this section you can configure the protection level. The protection level specifies
which components of Privacy Control should be enabled.
Choose the protection level that suits the purpose of the policy you want to create.


Aggressive Registry control, Identity Control and Script Control are
enabled.
Default Registry control and Identity Control are enabled.
Permissive Only Registry control is enabled.
Note
You can also enable or disable each component of Privacy Control separately, without
configuring the protection level.
18.6.3. Settings
In this section you can enable or disable Registry Control and Web Antiphishing.
Registry Control prompts the user for permission whenever a program tries to modify
a registry entry in order to be executed at Windows start-up. Web Antiphishing alerts
the user about potentially phished web pages.
If you want Registry Control to be enabled, select Enable Registry Control. Otherwise,
If you want Web Antiphishing to be enabled, select Enable Antiphishing. Otherwise,
18.6.4. Identity Control

In this section you can configure Identity Control. Identity Control filters all outgoing
HTTP and SMTP traffic according to the rules you created. The e-mail messages and
web pages that containing a string indicated in one of these rules are blocked.
If you want Identity Control to be enabled, select Enable Identity Control. Otherwise,
You can see a table where the configured rules are displayed. If you want only these
rules to be applied and to overwrite the rules of the local client product, clear the
Append rules check box.
To configure a rule, follow these steps:
1. In the Rule name field, type the name of the rule.

2. From the Rule type menu, choose the rule type (address, name, credit card, PIN,
SSN etc).

3. In the Rule data field, type the string you want to prevent being sent.
Note
We recommend you to enter at least three characters in order to avoid the mistaken
blocking of messages and web pages.
4. Select Scan HTTP to scan the outgoing web traffic and block the outgoing data
that matches the rule data.
5. Select Scan SMTP to scan the outgoing mail traffic and block the outgoing e-mail
messages that contain the rule data.
6. To block web pages and e-mail messages only if the rule data matches whole
words, select Match whole words.
7. To block web pages and e-mail messages only if the rule data and the detected
string case match, select Match case.
8. In the Rule description field, type a description of the specified rule.
9. Click Add. The new rule will be added to the table.
To remove an entry from the table, select it and click Delete.

At the bottom of this section you can see another table where exceptions to the
specified rules are displayed. If you want only these exceptions to be applied and to
overwrite those of the local client product, clear the Append exceptions check box.
To add an exception, follow these steps:
1. From the Exception type menu, choose the type of exception you want to create.
2. In the Allowed web/e-mail address field, type the web address or the mail address
that you want to add as exception.
3. Click Add to add the new exception in the table.
To remove an exception from the table, select it and click Remove.
18.6.5. Cookie Control

In this section you can configure Cookie Control. Cookie Control helps you control
which web pages are allowed to set cookies or to request them and which are not.
If you want Cookie Control to be enabled, select Enable Cookie Control. Otherwise,

rules to be applied and to overwrite those of the local client product, clear the Append
rules check box.
1. Specify the domain to which the rule applies. Do one of the following:
To apply the rule to all domains, select Any.
To apply the rule to a specific domain, select Enter domain and type the domain
name in the edit field.
2. Select the action of the rule. The following options are available:
Action Description
Permit The cookies on that domain will execute.
Deny The cookies on that domain will not execute.
3. Select the traffic direction. The following options are available:
Type Description
Outgoing The rule applies only for the cookies that are sent out back
to the connected site.
Incoming The rule applies only for the cookies that are received from
the connected site.
Both The rule applies in both directions.
4. Click Add. The new rule will be added in the table.
Note
You can accept cookies but never return them by setting the action to Deny and the
direction to Outgoing.

18.6.6. Script Control

In this section you can configure Script Control. Script Control helps you control which
web pages are allowed to run active content (scripts, ActiveX controls, Java applets)
and which are not.
Note
Some web pages may not be properly displayed if you block active content.
If you want Script Control to be enabled, select Enable Script Control. Otherwise,
rules to be applied and to overwrite those of the local client product, clear the Append
rules check box.
1. In the Domain field, type the domain to which the rule applies.
2. Select the action of the rule. The following options are available:
Action Description
Permit The scripts on that domain will execute.
Deny The scripts on that domain will not execute.
18.6.7. Alerts
In this section you can configure the automatic response to the registry, cookie, script
and antiphishing alerts.
Choose from the corresponding menus an automatic response for each type of alert.
Note
You cannot choose an automatic response if the respective component is disabled.
Registry Alerts. You can choose one of the following automatic responses:


Forced No The application is not allowed to modify registry entries
in order to be executed at Windows start-up. No alert
window is displayed on the user's screen.
Forced Yes The application is automatically allowed to modify
registry entries in order to be executed at Windows
start-up, without notifying the user.
Cookie Alerts. You can choose one of the following automatic responses:

Forced No The web page is not allowed either to place its cookies
on the user's system or to receive them. No alert
window is displayed on the user's screen.
Forced Yes The web page is automatically allowed to place its
cookies on the user's system or to receive them,
without notifying the user.
Script Alerts. You can choose one of the following automatic responses:

Forced No The web page is not allowed to execute active content.
No alert window is displayed on the user's screen.
Forced Yes The web page is automatically allowed to execute
active content, without user notification.
Antiphishing Alerts. You can choose one of the following automatic responses:


View The web page suspected of phishing is automatically
displayed, without user notification.
Block The web page suspected of phishing is automatically
blocked.
The user is informed that the web page is a potential
phishing threat.
18.7. Antispam Settings

This policy template allows you to create policies for the Antispam module of
BitDefender Business Client. BitDefender Antispam employs remarkable technological
innovations and industry standard antispam filters to weed out spam before it reaches
the user's Inbox.
Antispam Settings Template

Here you can configure the antispam settings that will be applied on the assigned
Protection
Protection Level
Settings
18.7.1. Protection
In this section you can enable or disable Antispam protection.
If you want the Antispam protection to be enabled, select Enable Antispam. Otherwise,

In this section you can configure the protection level. The protection level defines the
antispam aggressiveness which BitDefender should use to process e-mails.
Choose the protection level that better fits your security needs. There are 5 protection
levels:

Aggressive Offers protection for accounts that receive very high
volumes of spam regularly.
The filter will let very little spam through, but it may
produce false positives(legitimate mail incorrectly tagged
as spam).
Moderate to Aggressive Offers protection for accounts that receive high volumes
of spam regularly.
The filter will let very little spam through, but it may
produce false positives(legitimate mail incorrectly tagged
as spam).
Moderate Offers protection for regular accounts.


The filter will block most spam, while avoiding false
positives.
Permissive to Moderate Offers protection for accounts that receive some
legitimate commercial mail.
The filter will let most e-mail pass through, but it may
produce false negatives (spam classified as legitimate
mail).
Permissive Offers protection for accounts that receive a lot of
legitimate commercial mail.
The filter will let most e-mail pass through, but it may
produce false negatives (spam classified as legitimate
mail).
18.7.3. Settings
In this section you can configure the antispam filters and settings. The BitDefender
Antispam engine incorporates seven different filters that ensure protection against the
various types of spam: White list, Black list, Charset filter, Image filter, URL filter,
NeuNet (Heuristic) filter and Bayesian filter.
The antispam settings are grouped into three categories:
Antispam Settings
Basic Antispam Filters
Advanced Antispam Filters
Antispam Settings
These settings allow you to specify whether or not to tag the e-mail messages detected
by the Antispam module. If you select:
Mark spam messages in subject - all e-mail messages considered to be spam

will be tagged with SPAM in the subject line.
Mark phishing messages in subject - all e-mail messages considered to be
phishing messages will be tagged with SPAM in the subject line.

Basic Antispam Filters

These settings allow you to configure basic antispam filters and related options. You
can select:
Friends/Spammers lists - to filter e-mail messages according to the

Friends/Spammers lists. Any e-mail coming from an address contained in the Friends
list is automatically delivered to the Inbox, without further processing. Any e-mail
received from an address contained in the Spammers list is automatically marked
as SPAM, without further processing.
Note
You should recommend the users to add the e-mail addresses of their contacts to
the Friends list.
You can select:

Automatically add recipients to Friends list - to automatically add recipients
of sent mail to Friends list.
Automatically add to Friends list - to automatically add the sender of a selected
e-mail to Friends list when the user clicks the Not Spam button from the
Antispam toolbar. In this way, you can prevent the confirmation window from
being displayed.
Automatically add to Spammers list - to automatically add the sender of a
selected e-mail to Spammers list when the user clicks the Is Spam button from
the Antispam toolbar. In this way, you can prevent the confirmation window from
being displayed.
Note
The Antispam toolbar is integrated into the most common mail clients and allows
configuring the Friends/Spammers lists and training the Learning Engine. The
Not Spam and the Is Spam buttons are used to train the Learning Engine.
Block mails written in Asian characters - to consider SPAM e-mail messages

written in Asian charsets.
Block mails written in Cyrillic characters - to consider SPAM e-mail messages
written in Cyrillic charsets.
Note
If certain users receive legitimate e-mails written in Asian or Cyrillic charsets, create
special policies that disable the detection of such e-mails.

Advanced Antispam Filters

These settings allow you to configure advanced antispam filters and related options.
You can select:
Enable the Learning Engine (bayesian) - to check e-mail messages using the
Learning Engine (bayesian). The Learning Engine classifies messages according
to statistical information regarding the rate at which specific words appear in
messages classified as SPAM compared to those declared NON-SPAM (by the
user or by the heuristic filter).
This means, for example, if a certain four-letter word is seen to appear more often
in SPAM, it is natural to assume there is an increased probability that the next
incoming message that includes it actually IS SPAM. All relevant words within a
message are taken into account. By synthesizing the statistical information, the
overall probability for the whole message to be SPAM is computed.
This module presents another interesting characteristic: it is trainable. It adapts
quickly to the type of messages received by a certain user, and stores information
about all. To function effectively, the filter must be trained, meaning, to be presented
with samples of SPAM and legitimate messages, much like a hound is primed to
trace a certain scent. Sometimes the filter must be corrected too - prompted to adjust
when it makes a wrong decision.
You can configure the following options:
Limit the dictionary size to 200000 words - sets the size of the Bayesian
dictionary - smaller is faster, bigger is more accurate. The recommended size is:
200.000 words.
Train the Learning Engine (bayesian) on outgoing e-mails - trains the Learning
Engine (bayesian) on outgoing e-mails. Outgoing e-mails are considered to be
legitimate messages.
Enable URL filter - to filter e-mail messages using the URL filter. The URL filter
checks every URL link in a message against its database. If a match is made, the
message is tagged as SPAM.
Enable NeuNet (Heuristic) filter - to check e-mail messages using the NeuNet
(Heuristic) filter. The NeuNet (Heuristic) filter performs a set of tests on all the
message components (i.e. not only the header but also the message body in either
HTML or text format), looking for words, phrases, links or other characteristics of
SPAM. Based on the results of the analysis, it adds a SPAM score to the message.
You can select Block explicit content to activate the detection of messages
marked as SEXUALLY EXPLICIT in the subject line.

Note
Starting May 19, 2004, spam that contains sexually oriented material must include
the warning SEXUALLY-EXPLICIT: in the subject line or face fines for violations
of federal law.
Enable Image filter - to filter e-mail messages using the Image filter. The Image
filter deals with image spam. It compares the image from a message with those
from the BitDefender database. In case of a match, the message is tagged as SPAM.
18.8. User Control

This policy template allows you to create policies for the User Control module of
BitDefender Business Client. User Control can be used to block the users' access to:
applications such as games, chat, filesharing programs or others.

the Internet, for certain periods of time or completely.
inappropriate web pages.
web pages and e-mail messages if they contain certain keywords.
User Control Template

Here you can configure the User Control settings that will be applied on the assigned
User Control
Settings
Web Control
Applications Control
Keyword Control
Webtime Control
18.8.1. User Control

In this section you can enable or disable User Control.
If you want User Control to be enabled, select Enable User Control. Otherwise, clear
this check box.
User Control has the following components:
Web Control - filters web navigation according to the rules you set in the Web Control
section. It also blocks access to the inappropriate content web pages included in
the list provided and updated by BitDefender.
Applications Control - blocks access to applications you specified in the Applications
Control section.
Keyword Control - filters web and mail access according to the rules you set in the
Keyword Control section.
Webtime Control - allows web access according to the timetable set by you in the
Webtime Control section.
Heuristic web filter - filters web access according to pre-established content-based
rules.
You must enable the components you want to use and configure them accordingly.


In this section you can block web access and configure the heuristic web filter. The
heuristic web filter analyzes web pages and blocks those that match the patterns of
potentially inappropriate content.
Select Block web access if you want to block access to all websites (not just the
ones specified in the Web Control section).
To configure the heuristic web filter, follow these steps:
1. Select Enable heuristic web filter.

2. Set a specific tolerance level in order to filter web access according to a predefined
content-based ruleset. There are 3 tolerance levels:
Tolerance level Description

High Offers highly restrictive web access.
Web pages with inappropriate content (porn, sexuality, drugs,
gambling, hacking etc) are blocked.
Medium Offers restrictive web access.
Web pages with sexual, pornographic or adult content are
blocked.
Low Offers unrestricted access to all web pages regardless of
their content.
If you do not want to filter web access using the heuristic web filter, either clear the
Enable heuristic web filter check box or set the tolerance level to Low.
18.8.3. Web Control

In this section you can configure Web Control. Web Control helps you to block access
to web pages with inappropriate content. BitDefender provides and updates a list of
candidates for blocking, made up of both web pages and parts thereof, as part of the
regular update process. When assigning a policy with Web Control enabled, these
web pages (mostly pornographic) are automatically blocked.

The web pages blocked by Web Control are not displayed in the browser. Instead, a
default web page is displayed informing the user that the requested web page has
been blocked by Web Control.
If you want Web Control to be enabled, select Enable Web Control. Otherwise, clear
this check box.
In order to use Web Control, you must select one of the following options:
Block these pages - to block access to specific web pages.

Allow these pages - to allow access only to specific web pages.
Two tables are displayed: one for the blocked/allowed web pages and the other for
the allowed exceptions. If you want only these web pages to be filtered and the pages
indicated in the local client product to be overwritten, clear the Append pages and
exceptions check box.
Specify the web pages to be blocked/allowed and the allowed exceptions to these
pages, if any.
Note
Exceptions may be needed when defining web pages using wildcards.
To specify a web page to be blocked/allowed or an exception, follow these steps:
1. Type the name of the web page in the edit field.
Important
You can use wildcards instead of entire names of web pages. For example, if you
type:
*.xxx.com - the action of the rule will apply on all web sites finished with
.xxx.com;
*porn* - the action of the rule will apply on all web sites containing porn in the
web site address;
www.*.com - the action of the rule will apply on all web sites having the domain
suffix com;
www.xxx.* - the action of the rule will apply on all web sites starting with
www.xxx. no matter the domain suffix.
2. Click Add. The new web page will be added in the table.

18.8.4. Applications Control

In this section you can configure Applications Control. Applications Control helps you
block any application from running. Games, media and messaging software, as well
as other categories of software and malware can be blocked in this way.
If you want Applications Control to be enabled, select Enable Applications Control.
You can see a table where the applications to be blocked are displayed. If you want
only these applications to be blocked and the applications indicated in the local client
product to be overwritten, clear the Append applications check box.
To add an application to the blockading list, follow these steps:
1. Type the full name of the application.

2. Click Add. The application name will appear in the table.
18.8.5. Keyword Filtering

In this section you can configure Keyword Filtering. Keyword Filtering helps you block
access to e-mail messages or web pages that contain specific strings. In this way you
can prevent users from accessing inappropriate content.
The web pages and e-mails matching a filtering rule are not displayed. Instead, a
default web page or e-mail is displayed informing the user that the respective web
page or e-mail has been blocked by Keyword Filtering.
If you want Keyword Filtering to be enabled, select Enable Keyword Filtering.
rules to be applied and the rules indicated in the local client product to be overwritten,
clear the Append rules check box.
1. Type the keyword (word or phrase) you want to be blocked in the edit field.
2. Choose from the menu the protocol BitDefender should scan for the specified
keyword. The following options are available:

Option Description
POP3 E-mail messages that contain the keyword are blocked.
HTTP Web pages that contain the keyword are blocked.
Both Both e-mail messages and web pages that contain the keyword are
blocked.
3. To block web pages and e-mail messages only if the keyword matches whole words,
select Match whole words.
18.8.6. Webtime Control

In this section you can configure Webtime Control. Webtime Control helps you allow
or block web access for users or applications during specified time intervals.
Note
BitDefender will update itself as configured no matter the settings of Webtime Control.
If you want Webtime Control to be enabled, select Enable Web Control. Otherwise,
You can see the timetable according to which web access is allowed. Click individual
cells to select the time intervals when all internet connections will be blocked.
Important
The boxes coloured in grey represent the time intervals when all internet connections
are blocked.
18.9. Exceptions
This policy template allows you to create scan exception policies for BitDefender
Business Client. You can exclude specific paths or application types (extensions) from
both real-time and on-demand scanning.

Note
If you have an EICAR test file that you use periodically to test BitDefender, you should
exclude it from on-access scanning.
Exceptions Template
Here you can configure the scan exceptions that will be applied on the assigned clients.
Exceptions
Paths
Extensions
18.9.1. Exceptions
In this section you can enable or disable the use of scan exceptions.
If you want to apply scan exceptions, select Enable exceptions. Otherwise, clear this
check box.

18.9.2. Paths
In this section you can configure specific paths to be excluded from scanning. Paths
can be excluded from both real-time and on-demand scanning.
Note
The exceptions specified here will NOT apply for contextual scanning. Contextual
scanning is initiated by right-clicking a file or folder and selecting BitDefender Antivirus.
You can see a table containing the paths to be excluded from scanning and the type
of scanning they are excluded from. If you want only these paths to be excluded from
scanning, clear the Append paths check box. To also exclude the paths configured
through previously assigned policies, keep this check box selected.
To configure paths to be excluded from scanning, follow these steps:
1. Type in the edit field the path to be excluded from scanning.

2. From the menu, choose to exclude the path from the on-demand or on-access
scanning, or from both.
3. Click Add. The new path will appear in the table.
18.9.3. Extensions
In this section you can configure specific extensions to be excluded from scanning.
Extensions can be excluded from both real-time and on-demand scanning.
Note
The exceptions specified here will NOT apply for contextual scanning. Contextual
scanning is initiated by right-clicking a file or folder and selecting BitDefender Antivirus.
You can see a table containing the extensions to be excluded from scanning and the
type of scanning they are excluded from. If you want only these extensions to be
excluded from scanning, clear the Append extensions check box. To also exclude
the extensions configured through previously assigned policies, keep this check box
selected.
To configure extensions to be excluded from scanning, follow these steps:
1. Do one of the following:

Type in the edit field the extension to be excluded from scanning. To provide
several extensions, separate them by a semi-colon ";".
Choose an extension from the corresponding menu. The menu contains a list of
all the extensions registered on your system.
2. From the menu, choose to exclude the extension from the on-demand or on-access
scanning, or from both.
3. Click Add. The new extension will appear in the table.
18.10. Advanced Settings

This policy template allows you to create policies concerning the advanced settings
of BitDefender Business Client. You can choose to load BitDefender at Windows
startup, to enable/disable the Scan Activity bar and to configure other general settings.
Advanced Settings Template
Here you can configure the advanced settings that will be applied on the assigned

General Settings
Virus Report Settings

In this section you can configure the general settings of BitDefender Business Client.
Show BitDefender News (security related notifications) - shows from time to

time security notifications regarding virus outbreaks, sent by the BitDefender server.
Show pop-ups (on-screen notes) - shows pop-up windows regarding the product
status. These pop-ups can be useful to the user. For example, there is a pop-up
that informs the user about new computers that join the wireless network.
Load BitDefender at Windows startup - automatically launches BitDefender at
system startup. We recommend you to keep this option selected.
Enable the Scan Activity bar - displays the Scan Activity bar. The Scan Activity
bar is a graphic visualization of the scanning activity on the system.
The green bars (the File Zone) show the number of scanned
files per second, on a scale from 0 to 50.
The red bars displayed in the Net Zone show the number of
Kbytes transferred (sent and received from the Internet) every
second, on a scale from 0 to 100.
Scan Activity Bar
You may find this small window useful for two reasons:
The Scan Activity bar will notify the user when real-time protection or the
BitDefender firewall is disabled by displaying a red cross over the corresponding
area (File Zone or Net Zone).
The user can drag&drop files or folders over the Scan Activity bar in order to scan
them.

18.10.2. Virus Report Settings

In this section you can configure the virus reporting settings. The following options
are available:
Send virus reports - sends to the BitDefender Labs reports regarding viruses
identified on the company's computers.
The reports will contain no confidential data, such as your name, IP address or
others, and will not be used for commercial purposes. The information supplied will
contain only the virus name and will be used solely to create statistic reports.
Enable BitDefender Outbreak Detection - sends to the BitDefender Labs reports
regarding potential virus-outbreaks.
The reports will contain no confidential data, such as your name, IP address or
others, and will not be used for commercial purposes. The information supplied will
contain only the potential virus and will be used solely to detect new viruses.

Getting Help
190
19. Support
As a valued provider, BitDefender strives to provide its customers with an unparalleled
level of fast and accurate support. The Support Center (which you can contact at the
address provided below) continually keeps up with the latest threats. This is where all
of your questions are answered in a timely manner.
With BitDefender, dedication to saving customers time and money by providing the
most advanced products at the fairest prices has always been a top priority. Moreover,
we believe that a successful business is based on good communication and
commitment to excellence in customer support.
You are welcome to ask for support at support@bitdefender.com at any time. For a
prompt response, please include in your email as many details as you can about your
BitDefender, your system and describe the problem you have encountered as
accurately as possible.
19.1. BitDefender Knowledge Base

The BitDefender Knowledge Base is an online repository of information about the
BitDefender products. It stores, in an easily accessible format, reports on the results
of the ongoing technical support and bugfixing activities of the BitDefender support
and development teams, along with more general articles about virus prevention, the
management of BitDefender solutions with detailed explanations, and many other
articles.
The BitDefender Knowledge Base is open to the public and freely searchable. The
extensive information it contains is yet another means of providing BitDefender
customers with the technical knowledge and insight they need. All valid requests for
information or bug reports coming from BitDefender clients eventually find their way
into the BitDefender Knowledge Base, as bugfix reports, workaround cheatsheets or
informational articles to supplement product helpfiles.
The BitDefender Knowledge Base is available any time at http://kb.bitdefender.com.
19.2. Contact Information

Efficient communication is the key to a successful business. During the past 10 years
BITDEFENDER has established an unquestionable reputation by constantly striving
for better communication so as to exceed the expectations of our clients and partners.
Should you have any questions, do not hesitate to contact us.
Support 191
19.2.1. Web Addresses

Sales department: sales@bitdefender.com
Technical support: support@bitdefender.com
Documentation: documentation@bitdefender.com
Partner Program: partners@bitdefender.com
Marketing: marketing@bitdefender.com
Media Relations: pr@bitdefender.com
Job Opportunities: jobs@bitdefender.com
Virus Submissions: virus_submission@bitdefender.com
Spam Submissions: spam_submission@bitdefender.com
Report Abuse: abuse@bitdefender.com
Product web site: http://www.bitdefender.com
Product ftp archives: ftp://ftp.bitdefender.com/pub
Local distributors: http://www.bitdefender.com/partner_list
BitDefender Knowledge Base: http://kb.bitdefender.com
19.2.2. Branch Offices

The BitDefender offices are ready to respond to any inquiries regarding their areas of
operation, both in commercial and in general matters. Their respective addresses and
contacts are listed below.
U.S.A
BitDefender, LLC
6301 NW 5th Way, Suite 3500
Fort Lauderdale, Florida 33309
Web: http://www.bitdefender.com
Technical support:
E-mail: support@bitdefender.com
Phone:
1-888-868-1873 (Registered Users Only; accessible in United States only)
1-954-776-6262 (Registered Users Only)
Customer Service:
E-mail: customerservice@bitdefender.com
Phone:
1-888-868-1873 (Registered Users Only; accessible in United States only)
Support 192
1-954-776-6262 (Registered Users Only)
Germany
BitDefender GmbH
Headquarter Western Europe
Karlsdorferstrasse 56
88069 Tettnang
Germany
Tel: +49 7542 9444 60
Fax: +49 7542 9444 99
Email: info@bitdefender.com
Sales: sales@bitdefender.com
Web: http://www.bitdefender.com
Technical Support: support@bitdefender.com
UK and Ireland
One Victoria Square
Birmingham
B1 1BD
Tel: +44 207 153 9959
Fax: +44 845 130 5069
Email: info@bitdefender.com
Web: http://www.bitdefender.co.uk
Spain
Constelacin Negocial, S.L
C/ Balmes 195, 2a planta, 08006
Barcelona
Soporte tcnico: soporte@bitdefender-es.com
Ventas: comercial@bitdefender-es.com
Phone: +34 932189615
Fax: +34 932179128
Sitio web del producto: http://www.bitdefender-es.com
Support 193
Romania
BITDEFENDER
5th Fabrica de Glucoza St.
Bucharest
Phone: +40 21 4085600
Fax: +40 21 2330763
Product web site: http://www.bitdefender.com
Support 194

BitDefender Management Server Administrator's Guide v3.0 en

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BitDefender Management Server Administrator's Guide v3.0 en

Uploaded by

Copyright:

Available Formats

MANAGEMENT SERVER

BitDefender Management Server

Copyright 2008 BitDefender

She came to me one morning, one lonely Sunday morning

Configuration and Management ................................. 28

10.3.2. Refreshing Computer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

15.2. Credentials Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Policy Templates .................................................... 138

18.3.3. Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Getting Help ........................................................... 190

License and Warranty

License and Warranty ix

License and Warranty x

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, BITDEFENDER

License and Warranty xi

License and Warranty xii

1. Features and Benefits

1.1. Key Features

1.2. Key Benefits

Features and Benefits 2

Ensures consistent antimalware protection across the organization through

Improved Network Visibility.

Offers an enhanced reporting tool which enables the administrator to regularly

Improved Network Visibility

Optimized for Business Environments.

Features and Benefits 3

Features and Benefits 4

2.1. BitDefender Management Server

Remotely Install and Manage BitDefender Client Products

where it can be viewed and interpreted by the administrator. BitDefender Management

Standalone or Master-Slave Architecture

In a standalone configuration, BitDefender Management Server manages the security

Connected to Database. BitDefender Management Server will stay permanently

Password-protected. By default, BitDefender Management Server is

2.2. BitDefender Client Products

Workstation Client Products

BitDefender Client Products

2.3. BitDefender Management Agent

2.4. BitDefender Management Console

remotely deploy BitDefender Management Agent on detected network computers

2.5. BitDefender Deployment Tool

2.6. BitDefender Update Server

3. Supported BitDefender Client Products

3.1. Workstation Client Products

BitDefender Business Client

3.2. Server Client Products

Security for ISA Servers

Security for Mail Servers

Supported BitDefender Client Products 11

Security for Exchange

Security for File Servers

Security for Samba

Security for SharePoint

Supported BitDefender Client Products 12

To see the BitDefender Management Server system requirements, please refer to

4.1. Requirements of BitDefender Management

4.1.1. BitDefender Management Server

Minimum processor - Intel Pentium compatible processor 800MHz

4.1.2. BitDefender Management Agent

Minimum processor - Intel Pentium compatible processor

Operating system - Windows 2000 Professional + SP4 / 2000 Server + SP4 / XP

4.1.3. BitDefender Management Console

Minimum processor - Intel Pentium compatible processor