Security Manager | AV Defender 6 Release Notes

RELEASE NOTES

Security Manager | AV Defender

Version 6

Last Updated: Thursday, November 29, 2018

Security Manager | AV defender 6 is an integrated AV offering available for all Security Manager | AV Defender

clients as a licensable option for users using SolarWinds N-central. Management and deployment are done through

your Security Manager | AV Defender server.

page 2

Release Notes: Security Manager | AV Defender

AV Defender Version 6.6.6.84

Enhancements

n Bitdefender continuously develops innovative technologies to address the latest security threats. This version

introduces updates to the underlying Bitdefender Content Control technology. The Content Control

technology update is designed to ensure support for future features and operating system updates while

retiring redundant features such as Search Advisor and Browser toolbar. The new Content Control technology

is installed automatically:

n when updating any existing installation including the EDR Sensor module, and

n when repairing or reconfiguring an existing installation.

n Added support for Windows 10 October 2018 Update (Redstone 5 / version 1809) and Windows Server 2019.

n Added exclusions for System Center Configuration Manager 2012 (SCCM 2012) following Microsoft

recommendations.

Resolved issues in this build

n An issue with EPSecurityService causing up to 30% CPU usage on some endpoints running Windows 10

Enterprise.

n An issue that caused high RAM usage on Relay and many queued endpoint connections.

n An issue with the epredline service path.

n An issue where the product installation reverted after going to 100% in a particular situation.

n An issue with Behavioral Analysis (ATC) preventing a non-malicious business application.

n An issue that caused explorer.exe system errors with the message "txmlutil.dll is missing" on some servers.

n An issue causing product crashes.

n An incompatibility issue with MsSenseS.exe that was causing the product folder bdcore_tmp to grow in size

during on-demand scanning until the disk space was consumed.

An issue that was blocking a non-malicious application.

An issue that caused Bitdefender Endpoint Protected Service to stop in particular conditions.

An issue where deployment failed with error code 1627 instead of error code 31, when third-party security

software could not be removed.

An issue with unquoted uninstall path.

An issue where the product was not de-registered from Windows 10 Action Center upon Bitdefender Firewall

removal.

A particular issue causing critical error (BSOD) when accessing items on an external shared drive.

A particular issue causing critical error (BSOD) on Windows Server 2012.

page 3

Release Notes: Security Manager | AV Defender

AV Defender Version 6.6.2.49

Enhancements

New installations automatically get the latest version of Advanced Threat Control (ATC) 4.0.

ATC 4.0 highlights:

n Under-the-hood improvements deliver better proactive heuristics and allow faster response to new threats or

false positives.

n Better detection of script-based and PowerShell attacks.

n ATC 4.0 groups related processes and evaluates actions for improved efficacy.

n Improved mechanism for detecting potential Process Doppelgänging attacks.

n Added support for the system variable %AllUsersProfile% to specify paths for product modules.

Resolved issues in this build

n The firewall module that caused critical errors (BSOD) when using the Linux Subsystem on endpoints running

Windows 10 "Redstone 1" or "Redstone 4".

n The issue that prevented quarantined files from being restored on network paths when using the local user

interface.

n The issue that caused high RAM usage on Relay and many queued endpoints connections in specific

situations.

n Relay issue causing the error code 87 when deploying the product through Relay as well as other Relay

issues.

n Advanced Threat Control causing a critical error (BSOD) when using CodeSoft.

n The issue with Advanced Threat Control that prevented CCH Prosystems Tax from being installed on

endpoints.

n Issue causing error when applying a policy with already existing settings.

page 4

Release Notes: Security Manager | AV Defender

AV Defender Version 6.4.2.79

Enhancements

n Improved mechanism for detecting potential Process Doppelgänging attacks.

n Added support for the system variable %AllUsersProfile% to specify paths for product modules.

Resolved issues in this build

n Fixed an issue that prevented quarantined files from being restored on network paths when using the local

user interface.

page 5

Release Notes: Security Manager | AV Defender

AV Defender Version 6.2.36.1014

Enhancements

n Added support for the installation of the March 13th Microsoft security patches (KB4088877, KB4088880,

ADV180002) for Windows Server 2012, Windows Server 2008 and Windows 8 Embedded.

n To configure an email address in the About window so that it opens the default email application on the

endpoint, it must be added with the "mailto:" prefix in the policy. The "mailto:" prefix is no longer displayed in

the About window.

n Introduced a Signature Update fallback mechanism that loads the last working antimalware signatures in case

of faulty updates.

n Added support for uninstalling the following incompatible security products:

n McAfee Endpoint Security Adaptive Threat Protection

n McAfee Product Improvement Program

n McAfee Client Proxy

Resolved issues in this build

n Fixed an issue where saving Excel files accessed from the network resulted in temporary files not being

deleted.

n Fixed an issue where Content Control was blocking an application from connecting to the console port of an

equipment.

n Fixed an issue where Content Control was blocking access to the nest.com web page.

n Fixed a compatibility issue with Symantec DLP solution causing problems with file downloads and video

streaming in some cases.

n Fixed an issue that caused Content Control to block an internal application.

n Fixed an issue that caused Content Control to block SSL websites in Google Chrome.

n In some cases, Content Control was slowing down the Oracle application. The issue is now fixed.

n In some cases, files from Quarantine were not properly deleted. The issue is now fixed.

n Fixed an issue with firewall blocking RDP connections in the local network when the Network Discovery option

was set to Remote.

n Fixed an issue where the Relay was not removing older versions of malware signatures.

n Fixed an issue causing error message -2009 when trying to update the product via Relay.

n Some Microsoft Lync Server 2013 recommended locations were missing from the built-in exclusions. The

issue is now fixed.

n Repairing the installation while the Endpoint Security Service was not running resulted in AV Defender being

uninstalled. The issue is now fixed.

page 6

Release Notes: Security Manager | AV Defender

AV Defender Version 6.2.31.985

Enhancements

n Made various improvements across the product for better detection and faster access of network shares.

n Added compatibility with Mozilla Firefox 58.0 for SSL traffic scanning.

n Local users can no longer restore files to paths protected by Windows User Account Control.

Resolved issues in this build

n In some situations, the users could experience slowdowns for applications running from Samba network

shares. The issue is now fixed.

n Fixed an issue where the Firewall module did not start after upgrading from very old versions.

n Fixed a communication issue that occurred on Windows Server 2003 after upgrading to the new version of

Update Server.

n Fixed an issue with on-access scanning blocking the execution of Potentially Unwanted Applications (PUA)

even though the option to scan for PUA was disabled.

n Fixed an issue with Microsoft Exchange Server 2016 where the product failed to scan emails after Cumulative

Update 8.

page 7

Release Notes: Security Manager | AV Defender

AV Defender Version 6.2.28.973

Enhancements

n Added support for installation of January 3rd Microsoft security patches (KB4056892, KB4056890,

KB4056898, KB4056897). This update will automatically deliver a specific registry key that enables the

delivery of these security patches through Windows Update.

n Improved the scanning for fileless attacks.

Resolved issues in this build

n Fixed an issue where the Application Control log folder increased in size until it filled the disk.

n Fixed an issue where Content Control was still processing some web pages when disabled.

n Fixed an issue where the upgrade failed due to a ‘looped’ uninstallation of the previously installed product.

n An issue caused multiple tmp* folders being created in C:\Windows\Temp by the scanning engine has been

resolved.

n Fixed an issue where a device scanning task started for each user logged on the endpoint.

n In some situations, scheduled Full Scan tasks were running twice. The issue is now fixed.

n Fixed an issue where Scan SSL activation was blocking Google Hangouts.

n Web Access Control exclusions failed to apply for websites which included, in their URLs, a similar group of

letters as the ones from the Internet domain name (i.e. *ru). The issue is now fixed.

n Fixed the failed redirection of the product Signatures and ThreatScanner folders onto Thawed partition on

endpoints with Faronics Deep Freeze.

n Fixed an Update Server issue, which sometimes failed to communicate with the endpoints as expected.

n Fixed an issue where, in some cases, the Bitdefender security services blocked the terminal server after a

certain number of sessions.

n An issue which caused the Firewall module to malfunction due to a stopped driver has been resolved.

n Fixed an issue occurred on some Citrix PVS systems where the product installation failed at 82% with BSOD

after restart when the Firewall was also installed.

n Addressed a proxy server issue that prevented the endpoints to connect to Bitdefender cloud services.

n Fixed an incompatibility with Windows Firewall that caused network issues on Windows 7 endpoints after

updating the product to version 6.2.24.937.

n A conflict between Bitdefender and Windows Firewall caused connectivity issues.

n Fixed the error code 3 occurred during the signature update, which caused the endpoints to appear as

outdated.

n Fixed an issue where HTTPS web pages were blocked on some machines because the security certificate

validation was taking too long.

n Fixed the vulnerability FG-VD-17-019 reported by the Fortinet FortiGuard Labs through responsible

disclosure.

n Addressed a vulnerability discovered by Hossein Lotfi, Secunia Research at Flexera Software, and reported

through responsible disclosure.

n Fixed the error code 3, received during signature update.

n Fixed the delayed connection to an RDS Server that occurred when on-access scanning was enabled.

n Fixed an issue where Windows Firewall Configuration Provider was detected as an incompatible security

product.

n Fixed an incompatibility issue of the Content Control module with Avaya application.

page 8

Release Notes: Security Manager | AV Defender

Fixed an issue where the product did not support MAC addresses with lowercase letters for networks defined

in the security policies.

On certain Windows Server machines, the product signatures were being reported as out of date in Control

Center. The issue is now fixed.

Fixed an issue where the product was downgrading to a previous version when using a silent installation.

Known issues

n Only one Anti-malware event is generated for an archive with multiple infected files when the Scan Action is

set to Take No Action.

page 9

Release Notes: Security Manager | AV Defender

AV Defender Version 6.2.19.899

Enhancements

n Made several improvements to the installation process to address the removing of incompatible security

products, the replacement of Endpoint Security by Bitdefender versions and the cleaning procedure.

n Bitdefender Endpoint Security Tools is now compatible with Windows Server Core 2016.

Resolved issues in this build

n A compatibility issue with the latest update from Microsoft on Windows 8.1 and Windows Server 2012 R2

systems.

n Fixed the Microsoft Application Verifier vulnerability CVE-2017-6186.

n The Firewall module was disabled after upgrading the operating system from Windows 7 to Windows 10

Creators Update.

n Fixed issue where endpoints were automatically restarting during the product update, although the “Postpone

reboot” option was selected and “If needed, reboot after installing updates” was disabled in the security policy

settings.

n Fixed issue where the option “Take no action”, configured in Control Center for infected and suspicious files

detected at on-access scanning, was automatically changed to “Deny access” when opening the Power User

mode.

n Fixed issue that caused 100% CPU usage when using a proxy with Kerberos/NTLM authentication.

page 10

Release Notes: Security Manager | AV Defender

AV Defender Version 6.2.19.890

Enhancements

n Improved submission options for 3rd party integrations.

n AVC and anti-malware are now the only modules available for Windows XP and 2003.

Resolved issues in this build

n In some situations, the scheduled on-demand scan tasks started immediately after the endpoints resumed

from sleep or hibernation.

n An edge case where scheduled scan tasks from the past started when the user applied a policy on a new

endpoint.

n Assignment rules were in some cases incorrectly applied on SSID for wireless connection.

n An issue where increased Internet traffic generated on endpoints when various proxy servers were configured

in Internet Explorer.

n BSOD generated by Firewall module during boot process after upgrade to Windows 10 has been resolved.

n Critical error occurred where starting certain Windows 8.1 applications via Application Jukebox Player.

n In some situations, endpoints in large networks and with Bitdefender Endpoint Security Tools installed were

sending Internet Control Message Protocol (ICMP) broadcasts that generated high volumes of network traffic.

n Occasionally, Internet browsers were experiencing temporary connectivity losses when AVC was installed on

endpoint. The issue is now fixed.

n Addressed an issue where starting a Reconfigure Client task during malware signature update affected the

Bitdefender update service.

n Internet Explorer plugin issue caused browser to stop working when accessing specific URLs and Antiphising

module was active.

n An issue occurred where the applied Firewall rules did not preserve Power User setting.

n An issue where the handshake.html or refresh.html files were being downloaded in the browser when

accessing some secured websites, such as LinkedIn or banking websites, while the ScanSSL was enabled via

new Content Control components.

n In some cases, Critical issue (BSOD) on full scan was reported.

n After changing the update server download location the signatures were unable to be downloaded. The issue

is now resolved.

n After changing the update server download location the signatures were unable to be downloaded.

n An issue where upgrades from endpoint security v5 to v6 was failing has been resolved.

Known issues

The product installation may not work on Windows Vista, Windows 7, Windows Server2008 and Windows Server R2

operating systems due to a known Microsoft issue. This is not related to Bitdefender and can be fixed on Windows 7

and Windows Server 2008 R2 with this KB article.

page 11

Release Notes: Security Manager | AV Defender

AVDefender Version 6.2.15.860

Enhancements

n Notification pop-ups can now be enabled or disables based on the module and severity of the events.

n The AVC module has further controls by blocking unauthorized applications and processes from running.

n Added Support for Windows Server 2016.

n The Anti-Ransomware vaccine, which immunizes endpoints against known ransomware, has now been

added.

n Added support for Anti-exploit techniques that further augments existing technologies to fight targeted

attacks.

n Support for Microsoft Word 2007 document type extensions: .docx, .docm, .dotx, .dotm.

n Improved protection mechanism to enhance malware detection rate.

Resolved issues in this build

n In some situations, the configured proxy servers were not being used.

n Filters were not properly applied for certain web categories in AVC, in some cases.

n BSOD occurred, in some cases, for the AVC module that was enabled on Windows Server 2012 R2 machines.

n Error 160 that occurred on scheduled reboots after update when set hour was only a single digit.

n Vulnerability OpenSSL CVE-2016-6304 was addressed.

n An issue where high CPU usage in virtual environments with NTLM Proxy has been resolved.

n Slow down caused on certain VMware workstations has been addressed.

n Locked hard-drive issue where endpoints running Windows Server 2012/R2 at server reboot with Device

Control activated has been resolved.

n Delayed reboot on Windows 7 32-bit systems has been resolved.

page 12

Release Notes: Security Manager | AV Defender

AV Defender Version 6.2.9.799

Enhancements

n Improvement to the protection mechanism which enhances the malware detection rate.

n Support for Windows 10 Redstone.

n Support for Scan SSL in the Firefox 64-bit browser.

n Built-in antimalware exclusions mechanism has been improved.

n Integrated OpenSSL version 1.0.1s.

n Added exclusions for Systems Center Configuration Manager 2012 (SCCM 2012) following Microsoft

recommendations.

n All packages now archive with WinRAR version 5.31.

n Improved product and signatures update verification mechanisms.

n Made several improvements to the installation process that address the replacement of previous versions.

n Improved the signature updating mechanism.

n Improved endpoint resource consumption during update operations.

n Improved cleanup process on install.

n Improved memory usage.

Resolved issues in this build

n In some situations, Windows 10 systems displayed BSOD when scanning EFS encrypted files through the File

System Redirector.

n Fixed the ZDI-CAN-3749 and ZDI-CAN-3829 vulnerabilities reported byZeroDay Initiative through

responsible disclosure.

n OpenSSL vulnerability CVE-2016-2017 was remedied.

n An issue where the DataProtection module incorrectly blocked web pages based on partial word match.

n Installation error code 234 occurred, in some situations, when the Firewall Module was installed.

n In some situations, when the user was logged in Windows, the desktop icon did not appear in the Windows

Notifications area and all protections modules were disabled.

n In some situations, the deployment was unsuccessful when installing the Firewall module.

n Firewall rules using the environment variable %locallappdata% was not applying to the endpoints.

n Fixed an issue that was preventing users from creating or updating certain security certificates.

n In some situations, websites with self-signed certificates did not load using the Advanced option in Google

Chrome when SSL scan was enabled.

n Device Control reports contained false blocked events on devices that were not used at the time.

n An issue that caused on-access scanning to turn off and return error message “Could not connect to Security

Server” has been resolved.

n An issue where Content Control had prevented emails from being downloaded to Thunderbird and Outlook.

n Addressed several scenarios that were causing product crashes.

n Fixed an issue that was causing Windows10 systems to enter in recovery mode after installing the product

and rebooting the machine.

n Fixed a BSOD with a REFERENCE_BY_POINTER error, occurred on Windows 10 Professional x64 systems

during scanning the encrypted folder C:\Windows\CSC.

n Error code 1460, received when on-demand scans tasks were run.

n Fixed an issue with Firewall profiles which were improperly set when using unusual network masks.

page 13

Release Notes: Security Manager | AV Defender

n Content Control was cropping incoming emails.

n BSOD occurred in rare situations when installing the product with Content Control module.

n Addressed failed installation scenario in which the notification message improperly displayed installation was

successful.

n AVC module that was causing backups to fail when using VSS and Veeam.

n Web page load failure in Google Chrome version 38.0.2125.101 when AVC was enabled.

n A corner case was discovered that prevented full scans from completing successfully.

n Addressed a vulnerability that implied the possibility of remote execution.

n In some situations, HP machines with specific hardware configuration were starting Windows OS in recovery

mode.

n In some situations, update to endpoints was not performed.

n The firewall module was malfunctioning on certain Windows 10 machines, when added and with Content

Control enabled.

n In some situations, scans that finished immediately were displayed with 0% scan progress.

n The security agent reconfiguration failed when an uninstall password was set.

n In some specific situations, the product downloaded a higher amount of signatures than necessary during

update.

n If the update required a reboot and the reboot was scheduled with day and hour of the week, only the hour

was taken into account.

n In some situations, the security agent used an abnormally large amount of RAM.

n The Firewall module could not install on endpoint after system upgrade to Windows 10.

n Microsoft Surface Pro tablets were improperly detected as virtual machines.

n After upgrade to Windows 10, the Firewall module was reported as disabled in the Windows Action Center.

n Installation was crashing one endpoints with high CPU usage.

n In some situations, the agent deployment on Windows 8.1 systems had failed.

n Built-in firewall rules issues occurred when accessing an Active Directory domain or when connecting through

Remote Desktop Connection.

n In some situations, when repairing the product files and a system reboot was required, the system entered a

reboot loop.

n Blocked process occurred in certain situations, was causing the endpoint to run slow.

page 14

Release Notes: Security Manager | AV Defender

No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or

distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of

SolarWinds MSP Canada ULC ("SolarWinds MSP"). All right, title, and interest in and to the software and

documentation are and shall remain the exclusive property of SolarWinds MSP and its respective licensors.

SOLARWINDS MSP DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED,

STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING

WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR

PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS MSP, ITS SUPPLIERS, NOR ITS

LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER

LEGAL THEORY EVEN IF SOLARWINDS MSP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds MSP and N-CENTRAL marks are the exclusive property of SolarWinds MSP Canada ULC and its

affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in

other countries. All other SolarWinds MSP trademarks, service marks, and logos may be common law marks,

registered or pending registration in the United States or in other countries. All other trademarks mentioned herein

are used for identification purposes only and may be or are trademarks or registered trademarks of their respective

companies.

Feedback

SolarWinds MSP is a market driven organization that places importance on customer, partner and alliance

feedback. All feedback is welcome at the following email address: n-ablefeedback@solarwinds.com.

About SolarWinds MSP

SolarWinds is a leading provider of powerful and affordable IT infrastructure management software. Our products

give organizations worldwide, regardless of type, size, or IT infrastructure complexity, the power to monitor and

manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models. We

continuously engage with all types of technology professionals—IT operations professionals, DevOps professionals,

and managed service providers (MSPs)—to understand the challenges they face maintaining high-performing and

highly available IT infrastructures. Targeted for MSPs, the SolarWinds MSP product portfolio delivers broad,

scalable IT service management solutions that integrate layered security, collective intelligence, and smart

automation. Our products are designed to enable MSPs to provide highly effective outsourced IT services for their

SMB end customers and more efficiently manage their own businesses. Learn more today at solarwindsmsp.com.

page 15

Release Notes: Security Manager | AV Defender