BITDEFENDER ENDPOINT SECURITY TOOLS

BITDEFENDER

ENDPOINT

SECURITY TOOLS

Beta Version Testing Guide

Bitdefender Endpoint Security Tools

Beta Version Testing Guide

Publication date 2014.11.26

Copyright© 2014 Bitdefender

Legal Notice

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from an authorized representative of Bitdefender. The inclusion of brief quotations in reviews may be possible only with the mention of the quoted source. The content can not be modified in any way.

Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this

document is provided on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this document, the authors will not have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. This book contains links to third-party Websites that are not under the control of Bitdefender, therefore Bitdefender is not responsible for the content of any linked site. If you access a third-party website listed in this document, you will do so at your own risk. Bitdefender provides these links only as a convenience, and the inclusion of the link does not imply that Bitdefender endorses or accepts any responsibility for the content of the third-party site.

Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document

Table of Contents

1. Introduction . . . 1

2. The Beta Program . . . 2

2.1. Timeline . . . 2 2.2. Requirements . . . 2 2.2.1. Endpoint Protection . . . 2 2.2.2. Exchange Protection . . . 4 2.3. Feedback . . . 5 3. What's New . . . 6 4. Getting Started . . . 7

4.1. Installing and configuring GravityZone . . . 7

4.2. Installing Endpoint Protection . . . 8

4.3. Installing Exchange Protection . . . 9

5. Testing Guidelines . . . 11

5.1. Testing Endpoint Protection Features . . . 11

5.2. Testing Performance and System Impact . . . 12

5.3. Checking the GravityZone Quarantine . . . 13

5.4. Creating GravityZone reports . . . 13

5.5. Testing Device Control . . . 13

5.5.1. Step 1: Test USB devices control . . . 14

5.5.2. Step 2: Test that external CD/DVD devices are blocked if connected via USB . . . 15

5.6. Testing Exchange Protection . . . 16

6. Feedback Form for Beta-Testers . . . 19

6.1. Feedback for Bitdefender Endpoint Security Tools . . . 19

6.2. Feedback for Exchange protection . . . 21

1. Introduction

The Next-Generation Bitdefender Endpoint Security Tools brings the benefits of both Bitdefender Tools and Endpoint Security version 5.x under the same umbrella.

Features such as uninstall competitors, Active Virus Control, Firewall and Content Control will be available also for the virtual environments.

At the same time, security administrators will be able to configure their physical endpoint clients to offload the heavy part of the scanning process to a dedicated virtual machine (Bitdefender Antimalware Cloud). Moreover, the Next-Generation Bitdefender Endpoint Security Tools includes support for Linux physical systems and brings the new Bitdefender Endpoint Security Tools Relay, allowing the deployment to span across multiple distributed locations (physical and virtual).

With its flexible scanning system (local, remote to Security Server, remote to Bitdefender Cloud), the Next-Generation Bitdefender Endpoint Security Tools is an ideal choice for mixed environments (physical, virtual and cloud).

In addition to endpoint protection, Bitdefender Endpoint Security Tools also includes

Exchange Protection, which provides superior antimalware and antispam protection for

Microsoft Exchange Servers. The solution automatically integrates with Exchange Server, using transport agents, to filter the inbound and outbound email traffic for malware and spam, ensuring a secure messaging and collaboration environment. Additionally, it allows scanning the Exchange databases for malware. Exchange protection is centrally managed from Control Center.

2. The Beta Program

This section describes the Beta Program timeline, requirements for participation, guidelines for providing feedback, and quick-start information.

2.1. Timeline

• October 15, 2014 - Private Beta start

• November 20, 2014 - Public Beta start (+ Device Control and Exchange Server Protection)

2.2. Requirements

2.2.1. Endpoint Protection

To perform a comprehensive Beta Testing of the endpoint protection, you should meet the following minimum environment and time availability requirements:

• 1-2 physical workstations/servers (Windows) for installing Bitdefender Endpoint Security Tools

• 1-2 virtual workstations/servers (Windows) for installing Bitdefender Endpoint Security Tools

• 1-2 virtual Linux machines for installing Bitdefender Endpoint Security Tools • Time for testing: at least 8 dedicated hours

Supported Operating Systems

• Red Hat Enterprise Linux / CentOS 5.6 or higher • Ubuntu 10.04 LTS or higher

• SUSE Linux Enterprise Server 11 or higher • OpenSUSE 11 or higher

• Fedora 15 or higher • Debian 5.0 or higher

Windows Operating Systems:

• Windows 8.1 • Windows 8 • Windows 7

• Windows Vista with Service Pack 1 • Windows XP with Service Pack 3 Tablet and embedded operating systems: • Windows Embedded 8.1 Industry • Windows Embedded 8 Standard • Windows Embedded Standard 7 • Windows Embedded Compact 7 • Windows Embedded POSReady 7 • Windows Embedded Enterprise 7 • Windows Embedded POSReady 2009 • Windows Embedded Standard 2009 • Windows Embedded with Service Pack 2* • Windows XP Tablet PC Edition*

* Specific operating system modules must be installed for Security for Endpoints to work. Server operating systems:

• Windows Server 2012 R2 • Windows Server 2012

• Windows Small Business Server (SBS) 2011 • Windows Small Business Server (SBS) 2008 • Windows Server 2008 R2

• Windows Server 2008

• Windows Small Business Server (SBS) 2003 • Windows Server 2003 R2

• Windows Server 2003 with Service Pack 1 • Windows Home Server

Mac OS X: Mavericks (10.9.x), Mountain Lion (10.8.x), Lion (10.7.x)

Hardware Requirements

• Intel ® Pentium compatible processor:

Workstation Operating Systems

– 1 GHz or faster for Microsoft Windows XP SP3, Windows XP SP2 64 bit and Windows 7 Enterprise (32 and 64 bit)

– 2 GHz or faster for Microsoft Windows Vista SP1 or higher (32 and 64 bit), Microsoft Windows 7 (32 and 64 bit), Microsoft Windows 7 SP1 (32 and 64bit), Windows 8 – 800 MHZ or faster for Microsoft Windows Embedded Standard 7 SP1, Microsoft

Windows POSReady 7, Microsoft Windows POSReady 2009, Microsoft Windows Embedded Standard 2009, Microsoft Windows XP Embedded with Service Pack 2, Microsoft Windows XP Tablet PC Edition

Server Operating Systems

– Minimum: 2.4 GHz single-core CPU

– Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU • Free MB RAM memory required for installation:

SINGLE ENGINE

OS Local Scanning Hybrid Scanning Centralized Scanning Full Options AV Only Full Options AV Only Full Options AV Only 400 256 660 512 1200 1024 Windows 256 256 512 512 1024 1024 Linux n/a n/a n/a n/a 1024 1024 Mac

• Free MB HDD space required for installation:

DUAL ENGINE SINGLE ENGINE OS Centralized + Hybrid Scanning Centralized + Local Scanning Centralized Scanning Hybrid Scanning Local Scanning Full Options AV Only Full Options AV Only Full Options AV Only Full Options AV Only Full Options AV Only 700 500 1200 1024 570 350 700 500 1200 1024 Windows 400 400 1024 1024 250 250 400 400 1024 1024 Linux n/a n/a n/a n/a n/a n/a n/a n/a 1024 1024 Mac Note

At least 6 GB free disk space is required for entities with Bitdefender Endpoint Security Tools Relay role, as they will store all updates and installation packages.

2.2.2. Exchange Protection

To perform a comprehensive Beta Testing of the Exchange Protection, you should meet the following minimum environment and time availability requirements:

• 64-bit Exchange Server test lab. Ideally, the test lab should replicate your production

environment.

• Time for testing: at least 8 dedicated hours

Supported Exchange Environments

• Microsoft Exchange Server 2013 (Edge or Mailbox role)

• Microsoft Exchange Server 2010 or 2007 (Edge, Hub or Mailbox role)

Hardware Requirements

• Free RAM memory: 1 GB • Free HDD space: 1 GB

2.3. Feedback

We encourage you to send us your feedback by using the feedback feature available in Control Center or by email [email protected].

3. What's New

1. New installation architecture for the new endpoint client: • One installation kit for any environment

• Ability to reshape the scanning engines according to detected physical or virtual environment

• Ability to uninstall competitors in virtualized environments • Adds support for physical Linux endpoints

• Extends Relay role to virtual machines.

2. New types of antimalware engines for both Windows and Linux endpoints. a. Single engine:

• Local Scanning, when the scanning is performed locally. This scanning mode is

suited for powerful machines, having all signatures and engines stored locally. • Hybrid scanning, with a medium footprint, using in-the-cloud scanning and,

partially, the local scanning. The detection rate is the same as for the full engine version, with the benefit of better resources consumption, but involving off-premise scanning.

• Centralized Scanning, with a small footprint requiring a Security Server for

scanning. In this case, no signature set is stored locally, and the scanning is offloaded on the Security Server.

b. Dual engines with fallback:

• Centralized Scanning with fallback on Local Scanning

• Centralized Scanning with fallback on Hybrid Scanning

When the first engine is unavailable, the fallback engine will be used. Resource consumption and network utilization will be based on used engines.

3. Bringing the benefits of scanning with Security Server to static physical PCs for both Windows and Linux clients, with load balancing on multiple deployed Security Servers. 4. New features for VDIs:

• Behavioral scan and Photon technologies

• Firewall and Content Control

5. Added Device Control functionality.

6. Added protection for Microsoft Exchange servers.

4. Getting Started

4.1. Installing and configuring GravityZone

Download the GravityZone beta virtual appliance and follow these steps:

1. Import the virtual appliance image in a VMware, Xen or Hyper-V virtual environment. 2. Start the machine and complete the CLI installation: configure the network settings and

install all the roles (Database, Update Server, Web Console and Communication Server) on the same machine.

3. Access the GravityZone web console with your browser, and proceed with the Control Center initial setup, by providing the license keys and configuring the first user account. Use the following keys:

• Security for Endpoints: PH0WEN0 • Security for Virtualized Environments:

– VS: UP0P4VD – VDI: HCBTSHN

• Security for Mobile Devices: 67EXPQF

4. Log in to Control Center with the account you have just created and go to the

Configuration page to proceed with configuring the Control Center settings:

• If an Active Directory is available, configure the Active Directory integration to import the current network inventory in Control Center.

• Integrate Control Center with a vCenter Server or XenServer (if available).

5. Go to Network, select the Virtual Machines service and install a Security Server on a host.

Note

For Hyper-V environments, you need to download the Security Server image from the

Network > Packages page and import it in your Hyper-V host.

6. Go to Network > Packages and create a Bitdefender Endpoint Security Tools installation package.

Note

This package will work for both physical and virtual machines if a Security Server has been installed and if you have a license for virtual machines.

• In the installation package configuration window you can opt between an Automatic engine configuration, which will install a predefined set of engines, and a Custom engine configuration, which allows choosing the exact engine type that you would like to use for physical or virtual environments.

• You can also choose to use the old vShield client for the virtual machines deployment. 7. Go to Policies and create a new policy template.

a. In the policy settings, go to Antimalware > Security Servers section and add the Security Servers that you have installed in your environment.

b. If you have multiple Security Servers installed, add them in policy and select the option

First connect to the Security Server installed on the same physical host, if

available, regardless the assigned priority. The policy template will be able to serve all types of endpoints: physical, virtual, Mac, Windows and Linux.

c. Go to the Network page, select the protected endpoint that you want and assign it with the policy you have just created.

4.2. Installing Endpoint Protection

1. Choose the client installation method that best suites your needs:

a. Use the Downloader for Windows or Linux from the Network > Packages page and install it manually.

b. Deploy the client via a Bitdefender Endpoint Security Tools Relay that was previously installed on a station in your network, which automatically performs a network discovery. As soon as all computers existing in the network are visible in Control Center:

i. Select the endpoints that you want (Windows or Linux) in the Network page and choose Install from the Tasks menu.

ii. Configure the installation settings according to your preferences. c. If you have an Active Directory integration:

i. You can start the deployment on your network by going to the Network page and sending the Install task to the selected targets.

ii. In the installation wizard chose a package with the role that you would like to install on the selected target and customize the various types of scanning engines. iii. Install different types of engines on different machines and monitor the behavior. 2. Check to see if the installed clients are properly displayed in the Network page.

You can see your machines using the following views: a. Computers

• You should see Active Directory physical and virtual machines in the Active Directory container.

• You should see non - Active Directory physical endpoints in the Custom Groups container.

• You should see non - Active Directory virtual machines or Security Servers in the Custom Groups container.

• You should see virtual machines from other virtual environments that VMware or Citrix in the Custom Groups container.

b. Virtual machines

• Choosing this view will display all endpoints or Security Servers that have been installed on a vCenter or XenServer integration environment.

• You should see virtual machines in the Custom Groups container.

• You should see virtual machines from other virtual environments that VMware or Citrix in the Custom Groups container.

3. Verify the Computer Details page.

In the Network page, click the endpoint name that you are interested in. You can view the client installation and configuration details for each managed computer in its details page. Verify that the information is correct.

If you chose the automatic scanning engine option, please verify that the description next to the automatic option is reflected in the computer details. Please note that a machine with hardware beneath 1 GB of RAM and 1.5 GHz is considered a slow machine.

4.3. Installing Exchange Protection

To install Bitdefender Endpoint Security Tools with Exchange Protection:

1. Go to Network > Packages and create a new installation package with Exchange Protection role selected.

Important

Exchange Protection uses the same antimalware scanning technologies as the endpoint Antimalware module. Therefore, you can uselocal, hybrid or centralized scanning. By default, packages use automatic configuration of the scanning engines (local scanning for powerful physical machines, and centralized scanning for virtual machines and less powerful physical machines). When configuring the installation package, you can customize the scan engines to be used.

If you installing on a virtual Exchange server, the product is automatically configured to use Private Cloud (Security Server) scan mode, which means you have to install a Security Server prior to installing Exchange Protection and testing antimalware features.

2. Choose the installation method that best suites your needs:

a. Use the Downloader or the 64-bit full kit of the Exchange Protection package from the Network > Packages page and install it manually on the Exchange Server. b. If you have configured Active Directory integration or previously deployed Bitdefender

Endpoint Security Tools Relay (which automatically performs a network discovery), you can remotely deploy the package from Control Center:

i. Find the Exchange Server in the Network page and choose Install from the Tasks menu.

ii. Configure the installation settings according to your preferences.

iii. You can check progress in the Network > Tasks page. When the task is finished, check on the Exchange Server that Bitdefender Endpoint Security Tools is installed and Exchange Protection modules are on.

3. Verify that the protected Exchange Server is properly displayed in the Network page. • You should find it in the Computers inventory. If you are running a virtual lab, it will

also show up in the Virtual Machines view.

• You can use filters or the search fields below the table headings to quickly find your Exchange Server.

4. Click the server name and check that the displayed information is correct.

• General tab displays system info and general agent details, including antimalware

scan engines being used and assigned policy. Note

If you chose the automatic scanning engine option, please verify that the description next to the automatic option is reflected in the computer details. Please note that a machine with hardware beneath 1 GB of RAM and 1.5 GHz is considered a slow machine.

• Endpoint tab displays info related to file system protection.

• Exchange tab displays info related to Exchange Server protection.

5. Testing Guidelines

5.1. Testing Endpoint Protection Features

1. Test all types of scan engines (local, hybrid and centralized scanning). You can configure scan engines at the installation package creation or in the client's modify task options. • When manually installing or deploying the package, the client will use the engines

defined in the installation package according to each physical or virtual environment settings. Verify that all installed clients are reported as managed and online in the

Network page, and also click the installed clients' name to check their details page.

• To change the scanning mode or add another feature, go to the Network page, choose Modify installer for the selected targets and select the features you need to add. Verify that the modify task had finished successfully and check in computer details that the feature has been added.

• To quickly verify that the antimalware protection is on,download an EICAR test file. Verify that the EICAR test file has been detected as a virus and deleted.

2. Test Behavioral scan and Photon for VDIs

• You can enable the Active Virus Control module either when creating the installation package or after the client installation via a modify task. Once the Active Virus Control module has been installed, the machine is protected from 0-day threats.

• Verify in the computer details that the feature is available. 3. Test that Firewall is now available on VMs

• You can enable the Firewall module either when creating the installation package or after the client installation via a modify task.

• Apply a policy with firewall rules, specifically blocking Yahoo Messenger, for instance. • Verify that the application has been prevented to connect to the internet once the

policy has been applied to the endpoint.

• Verify in the computer details that the feature is available, and also in the client's console.

4. Test that Content Control is now available on VMs

• You can install the Content Control module either when creating the installation package or after the client installation via a modify task.

• Apply a policy with Content Control category rules, specifically blocking social media, for instance.

• Verify that the access to any social site is being locked once the policy has been applied to the endpoint.

• Configure the same policy to block a specific application, such as Skype. • Verify that Skype is prevented to run on the target endpoints.

5. Test that Bitdefender Endpoint Security Tools Relay is available for VMs as well • Deployment on virtual machines can be done also through a Bitdefender Endpoint

Security Tools Relay.

• Communication and updates can be configured via policy to use a Bitdefender Endpoint Security Tools Relay.

• Verify that, after applying a policy which assigns an endpoint to a Bitdefender Endpoint Security Tools Relay, the details page of the Bitdefender Endpoint Security Tools Relay computer shows the connected endpoints that communicate through this entity.

5.2. Testing Performance and System Impact

The following steps should be done for each scan engine type and for all features that are available in Bitdefender Endpoint Security Tools.

1. Open the Bitdefender Endpoint Security Tools interface by using the Notification Area (SysTray) icon and observe the following:

• Status tab: once the client installation is done, the status shows that the computer

is secured.

• Events tab: contains a policy has been received event.

2. Go to the Security tab and run a Quick Scan task, then a Custom Scan.

• Verify that all scans run locally successfully without any issues regardless of the used engine type.

• What do you think about the scan speed?

• What is the overall scan experience in relation to the old client?

3. Right-click the Notification Area (SysTray) icon, select About and observe the following: • Update is checked and performed.

• Verify the displayed information.

4. With Bitdefender Endpoint Security Tools installed, please use your system as before and tell us about the product impact on your computer for each of the 3 engines use: • CPU and Memory consumption

• Slowdowns or application crashes • Slow Internet access

5.3. Checking the GravityZone Quarantine

You will be able to see that quarantine events are displayed in the same section for virtual and physical machines.

1. Go to Policies and create or edit a policy template.

2. In the policy settings, go to Antimalware > On-Access > Settings > General and set the default action for infected file as Move to quarantine.

3. Check that the new policy is received by the endpoint. 4. Try todownload an EICAR test file.

5. Check if the file was removed from the original location.

6. Check the file in the quarantine section and delete / restore / download the file.

5.4. Creating GravityZone reports

To obtain reports for physical and virtual machines, switch to the network view in the Network page and schedule some reports.

1. Under network inventory, in the Active Directory group, select a target and click the Reports icon at the right side of the page. Select and configure report type that you would like to schedule.

2. Under network inventory, go to Custom Groups and select another target. Click the

Report button at the right side of the page and define the report that you would like to

schedule.

3. Verify that the generated reports contain the expected information.

5.5. Testing Device Control

To test the Device Control feature on already installed clients: 1. Go to the Network page.

2. Select the protected endpoints you need to update.

3. Click the Task button at the right-side of the table and choose Modify installer.

4. Select Device Control in the Modules section. 5. Click Save.

5.5.1. Step 1: Test USB devices control

1. Configure the Device Control module to block access for USB devices. a. Go to the Policies page and create a new policy.

b. Enable the Device Control option in the Device Control > Rules section. By default, all rules are set to allow access.

c. Choose to display more pages at the bottom of the rules table, then click USB to edit the rule.

d. Change the permission setting to Blocked. e. Save the policy.

f. From the Network page, assign the policy to a protected endpoint in your network. 2. Test that connected USB devices are blocked.

a. Connect a stick to the computer and try to access it. An event should be logged in the Bitdefender Endpoint Security Tools user interface stating that the device has been blocked.

b. Go to the Reports page and generate a Device Control Activity report. You should see an entry with the number of events blocked for each device on a specific computer. c. Click the number of blocked devices. You will see a more detailed view containing the device name / user / serial number / product number of the device and the date when it has been plugged into the computer and blocked.

3. Add an exception to the block USB rule.

a. Go back to the Policies page and select the policy.

b. Go to the Device Control > Exclusions section and enable Exclusions. c. Add an exception for the testing computer and configure its options as follows:

• Description: enter a short description to identify the exception in the list.

• Type: choose Serial Number.

• Exceptions: enter the computer's serial number.

• Permission: choose Allow.

d. Save the changes. 4. Test the exception.

Connect the stick to the computer. You should be able to access and use the stick. 5. Set the rule for read-only access.

a. Go back to the Policies page and select the policy.

b. Go to the Device Control > Exclusions section and delete the exclusion previously created.

c. Go to the Device Control > Rules and edit the USB rule by setting the permission to Read-only.

d. Save the changes. 6. Test the read-only settings.

a. Connect a stick to the computer and try to access it. An event should be logged in the Bitdefender Endpoint Security Tools user interface when the user tries to copy something from the USB stick.

b. Go to the Reports page and generate a Device Control Activity report. You should see an entry with the number of events blocked for each device on a specific computer. c. Click the number of blocked devices. You will see a more detailed view containing the device name / user / serial number / product number of the device and the date when it has been plugged into the computer and blocked.

5.5.2. Step 2: Test that external CD/DVD devices are blocked if

connected via USB

1. Configure a rule for external CD/DVD devices that connect via USB. a. Go back to the Policies page and select the policy.

b. Go to the Device Control > Rules section. c. Edit the CDROM Drive rule:

• Set the permission option to Custom.

• Under Custom Permissions, choose Blocked for USB. d. Save the changes.

2. Test the new settings.

a. Try to connect an external CD/DVD device via USB. An event should be logged in the Bitdefender Endpoint Security Tools user interface, stating that the device has been blocked. The CD/DVD device connected via IDE should remain accessible. b. Go to the Reports page and generate a Device Control Activity report. You should

see an entry with the blocked device, including the number of events blocked for each device on a specific computer.

c. Click the number of blocked devices. You will see a more detailed view containing the device name / user / serial number / product number of the device and the date when it has been plugged into the computer and blocked.

5.6. Testing Exchange Protection

Follow these guidelines to test Exchange Protection: 1. Test the antimalware filtering and exclusions

• You can test malware protection by sending an email with an EICAR test file

attachment to the Exchange Server. By default, the scan is configured to disinfect and, if not possible, quarantine infected objects. Because the disinfect action is not applicable to the EICAR test file, the detected EICAR objects will be quarantined. – Check that the EICAR files are not delivered to the users’ mailboxes, but replaced

with a notification text.

– Check that the EICAR files show up on the Quarantine page. Important

This beta release does not support recovering objects quarantined by the antimalware module.

• Verify this behavior is consistent regardless of the protocol or mail client used to send the email (for example, desktop clients using Microsoft Exchange/MAPI or SMTP, mobile clients using Exchange ActiveSync, OWA web client).

• Disable antimalware filtering in the policy.

– Check the status is correctly displayed in the computer details. Also check the status in the Bitdefender Endpoint Security Tools interface on the Exchange Server.

– Verify that EICAR objects are delivered to the users’ mailboxes. • Modify the default scan settings or create additional rules in the policy.

– Check if everything works as expected.

– How easy or intuitive was to configure antimalware filtering? Inform us of any settings that should be organized in a different way or explained better.

– Besides the default rule, do you plan to use additional filtering rules for your production environment? Tell us about your use cases.

• Add exclusions from antimalware filtering in the policy. Verify that emails sent between the selected user groups are not caught by the antimalware filtering.

2. Test the antispam filtering

• You can test spam protection by sendingGTUBE test emailsto the Exchange Server. Important

The default antispam rule only filters incoming emails (that is, emails sent from the outside of the Exchange organization). If you cannot send the test emails from an

external domain, you must create an additional rule in the policy to scan All emails and check authenticated connections.

• Check that GTUBE emails are tagged with [SPAM] in the subject line and delivered to users' Junk folder.

• Disable antispam filtering in the policy.

– Check the status is correctly displayed in the computer details. Also check the status in the Bitdefender Endpoint Security Tools interface on the Exchange Server.

– Verify that GTUBE emails are delivered to the users’ mailboxes. • Modify the default filtering settings or create additional rules in the policy.

– Check if everything works as expected.

– How easy or intuitive was to configure antispam filtering? Inform us of any settings that should be organized in a different way or explained better.

– Besides the default rule, do you plan to use additional filtering rules for your production environment? Tell us about your use cases.

• Add a trusted sender address to the whitelist. Verify that emails from that sender are always delivered, even if they are spam.

3. Test the on-demand antimalware scanning

• Before you begin: populate the Exchange databases with objects having EICAR test

files attached.

• You can run Exchange scans on-demand from the Network page or you can configure scheduled scans via policy. To be able to run scan tasks successfully, you must provide the credentials of an Exchange administrator in the policy.

• Configure and run an Exchange scan. By default, the scan is configured to disinfect and, if not possible, quarantine infected objects. Because the disinfect action is not applicable to the EICAR test file, the detected EICAR objects will be quarantined.

Important

On-demand scanning of Exchange databases is a resource intensive task and can take a considerable time to complete (depending on the scanning options and the number of objects to be scanned). In a test environment with hundreds to thousands of objects to be scanned, it should complete in less than an hour.

– If you're running a task from the Network page, you can check progress in the

Network > Tasks page. Alternatively, for all tasks, you can open the Bitdefender Endpoint Security Tools interface to check when a task starts or finishes.

– Check that the EICAR files are removed from the users’ mailboxes and public folders and replaced with a notification text.

– Check that the EICAR files show up on the Quarantine page.

– Once the scan is completed, you can access the scan log from the Computer

Information page.

• Configure exclusions for an Exchange scan and verify exclusions are applied. 4. Test the Exchange Server performance (CPU, RAM, slowdowns, application crashes)

• Send continuous flows of emails to the Exchange server. Check the impact of antimalware and antispam filtering on server performance.

• Check server performance during on-demand scans. Note

For performance testing, you can useMicrosoft Exchange Server Stress and Performance ToolandMicrosoft Exchange Load Generator.

5. Check Exchange Protection reports

• You can create reports from the Network page (select the server and click the Reports button) or from the Reports page. This beta release includes two reports for Exchange Protection: Top 10 Detected Malware and Top 10 Malware Recipients.

• Verify that the generated reports contain the expected information. • What additional reports/information do you need for Exchange Protection? 6. Check Exchange Protection quarantine

• From previous tests, the Exchange quarantine should already contain some EICAR files detected by the antimalware module. Additionally, from the policy, you can configure the antispam module to automatically quarantine spam emails.

– Verify that GTUBE emails end up in Quarantine instead of being delivered to users' mailboxes.

– Check the details for quarantined objects are correct.

• Test the restore action for quarantined spam emails. Check that emails are delivered to original recipients.

Important

This beta release does not support recovering objects quarantined by the antimalware module.

6. Feedback Form for Beta-Testers

After testing the features described in theTesting Guidelineschapter, please take a few seconds to fill-in the following feedback form. Select your answer regarding the test status for each feature (OK or Not OK). Please enter any encountered issue, comment or any suggestion you may have for the corresponding feature.

6.1. Feedback for Bitdefender Endpoint Security

Tools

Feedback Form for Beta-Testers 19

Features and functionalities

Test status Observations OK Not OK Not Tested Local Scanning Engine

The engine works on Windows systems The feature works on Linux systems Scanning performance

Client OS performance

Hybrid Scanning Engine

The feature works on Windows systems The feature works on Linux systems Scanning performance

Client OS performance

Centralized Scanning Engine

The feature works on Windows systems The feature works on Linux systems Scanning performance Client OS performance Centralized Scanning with fallback on Local Scanning

The feature works on Windows systems The feature works on Linux systems Scanning performance

Centralized Scanning with fallback on Hybrid Scanning

The feature works on Windows systems The feature works on Linux systems Scanning performance

Client OS performance

Device Control

Blocked at least one USB storage device Read-only action for file system devices Blocked other supported devices (besides USB)

Exclusions by Serial No./Product No. Device Control Activity reports Active Virus Control module on VDIs Firewall module on VMs

Content Control on VMs

Bitdefender Endpoint Security Tools Relay for VMs Quarantine for physical and virtual machines Reports for virtual machines

6.2. Feedback for Exchange protection

Feedback Form for Beta-Testers 

Features and functionalities Test status Observations OK Not _{OK Tested} Not

Installation Local Installation Remote deployment Easy to install Antimalware filtering

With local scanning engines

With centralized scanning engines (Security Server) With hybrid scanning engines (Public Cloud) Works across all protocols/mail clients Exclusion mechanism Suitable defaults Easy to configure Scanning performance Server performance Antispam filtering Antispam filtering Trusted senders (whitelist) Suitable defaults Easy to configure Server performance On-demand antimalware scanning

With local scanning engines

With centralized scanning engines (Security Server) With hybrid scanning engines (Public Cloud) Exclusion mechanism

Suitable defaults Easy to configure