Network Discovery, Relay and Deployment Prerequisites

Network discovery cannot be performed on Unmanaged workstations.

This task requires an Endpoint Communication Agent, which gets installed with Bitdefender Endpoint Security Tools. If you are also adding the Relay role to the installation package, please note that Relays perform the Network Discovery task every 30 minutes automatically.

By issuing this task on a managed Endpoint, it will not remove it from the GravityZone Control Center.

Network discovery relies on the Microsoft Computer Browser service. The Computer Browser service is a networking technology used by Windows-based computers to maintain updated lists of domains, workgroups, and the computers within them and to supply these lists to client computers upon request. Computers detected in the network by the Computer Browser service can be viewed in My Network Places or Windows Explorer windows or by running the net view command in a command prompt window. The service is widely used in corporate computer networks, which makes it a viable option for network discovery.

This solution does not use network information from Active Directory or from the network map feature available in Windows Vista and later.

Network map relies on a different network discovery technology: the Link Layer Topology Discovery (LLTD) protocol.

This task is not actively involved in the Computer Browser service operation. The Endpoint only queries the Computer Browser service for the list of workstations and servers currently visible in the network (known as the browse list) and then sends it to Cloud Security Console. Cloud Security Console processes the browse list, appending newly detected computers to its Unmanaged Computers list. Previously detected computers are not deleted after a new network discovery query, so you must manually exclude & delete computers that are no longer on the network.

You can find out more information regarding the Network discovery process in this article.

At this point, I recommend following these steps, in order to set up your infrastructure:

  1. In order to proceed with the set up you should login to your cloud management console on https://gravityzone.bitdefender.com/, and create an Endpoint Security Relay installation Package. For this you need to go to Network>Packages->press the + button and create a kit.

Once you create the kit, select it and from the right hand menu and press the download button.

In here select the 32 bit or the 64 bit package Full Kit.

When the install has finished, you will view the computer under Network.

The Relay in background will download the installation kits to

C:\Program Files\BitDefender\Bitdefender Update Server\var\www\DownloadableKits

Please note that the Relay Role requires at least 10 GB of free space.

The kits are downloaded from our Cloud repository, so I highly recommend that these addresses and ports are unblocked so the communication is performed successfully.

  1. The Relay will automatically discover all workstations in the network and you will see them under Network when you apply the Unmanaged filter.

Select the workstations where you want to deploy the product and from the right hand side menu select Install.

  1. Before starting the deployment, make sure the systems in the network comply with the following:

http://www.bitdefender.com/support/how-to-prepare-workstations-for-endpoint-client-by-bitdefender-deployment-408.html

  1. During the deployment process, Bitdefender will automatically uninstall third-party antivirus programs and below you will find a list where this is possible:

http://www.bitdefender.com/support/removing-security-software-incompatible-with-cloud-security-for-endpoints-1028.html

The workstation will be rebooted upon the uninstall process.

For this process, Bitdefender doesn’t use any special scripts but the usual uninstall process (from Control Panel), yet silently.

  1. To manage Endpoints,you need to send out Policies,from the Policies menu.

Once you create the policy, to assign it to a PC, you need to go under Network, select the machine and from the right hand menu select Assign policy.

Any change made to a policy, will apply instantly on the workstation as long as it’s connected to the internet.

Note that on Servers, only the Antimalware, ATC, Power User, Device Control and Relay modules are present. The Firewall and Content control modules are not available and will not be installed.

Also, for complete information about the product you can check the Installation Guide and the Admin Guide.

In case the manual installation fails on a workstation, we would need a set of support tool logs from that workstation, in order to see what is causing it.

The Support Tool can be downloaded from the Bitdefender Control Center> Help & Support section, or from the following links:

32-bit Support Tool
64-bit Support Tool

Please run the Support Tool with administrative rights.

Once the process is complete, you will have an archive created on your Desktop, named BDST_XXX. Attach the Support Tool log to your reply or, if the file is too large to email, you may upload it to a file sharing service such as Sendspace.

If using Sendspace, please do not use their email option with the “To:” and “From:” fields. Instead, use the Upload button and send us the resulting download link.

We will then analyse the data and come back to you with an update in the shortest time possible.