Installing Bitdefender Endpoint Security Tools on the ASM

Overview

Ribbon recommends the deployment of an approved third party anti-malware solution to SBC 1000/2000 ASMs with SBA (Applications Solutions Modules running the Skype for Business/Office 365 Direct Routing Survivable Branch Appliance application) units as an added measure of security to inspect and “cleanse” devices of viruses and ransomware,

Ribbon approves Bitdefender Endpoint Security Tools (BEST) as the Antivirus and Ransomware protection software for any SBC 1000 or SBC 2000 unit with an Applications Solutions Module:

BEST is a fully-automated computer security program, managed remotely by the network administrator. Once installed, it protects the system against malware (such as viruses, spyware and trojans), network attacks, phishing, ransomware, and other threats. For more information, refer to: https://www.bitdefender.com.

Before you install BEST on the ASM, make sure you have completed the following:

• Obtain an active Bitdefender GravityZone subscription.
• Obtain administrative access to the Bitdefender GravityZone Control Center.

This document assumes that the ASM has Internet access.

Installing Bitdefender Endpoint Security Tools on the ASM

The following workflow defines the procedures for installing BEST on the ASM. 

Create an Installer Package for the ASM

1. Log in to the Bitdefender GravityZone Control Center at: https://gravityzone.bitdefender.com/.
2. In the left navigation pane, navigate to Network > Packages. The Packages settings pane opens on the right.
3. In the menu bar at the top, click Add. The New Endpoint Package window opens.
    
4. Complete the following fields:
   
   1. In the General section, 
      • Name: Enter the name of the Package.
      • Description: Enter a description for the Package.
      • Language: From the dropdown list, select the required language.
      
      
   2. In the Security Modules & Roles section, select the required modules and roles.
      
5. Click Save. 

Download an Installer Package for the ASM 

1. Log in to the Bitdefender GravityZone Control Center at: https://gravityzone.bitdefender.com/.
2. In the left navigation pane, navigate to Network > Packages. The package settings pane opens on the right.
3. Select the package you created in Create an Installer Package for the ASM.
4. In the menu bar at the top, select Download > Windows Downloader.

Run the Installation Package on the ASM 

1. Start Remote Desktop session to the ASM. For more information, refer to: Enabling and Disabling Remote Desktop on the ASM.
2. Copy the installation package you downloaded in Download an Installer Package for the ASM to a local ASM folder (for example, the Documents folder).

3. Run the installer. The following message opens when the installation is complete.
   

   Note

   The installer checks the system and downloads the required packages from the Bitdefender cloud. Depending on your ASM hardware, the amount of time it takes for the package to install varies. The system displays the installation progress screens during the process. 

   Note

   The system does not require you to provide any input once the installation starts.

4. Click Finish.

Verify the Bitdefender Endpoint Security Tools Installation on the ASM 

The following workflow defines the procedures for verifying the BEST installation on the ASM. 

Verifying the Bitdefender Endpoint Security Tools Installation on the ASM in an SBC Edge 

1. Log in to your SBC Edge.
2. In the SBC Edge WebUI, click the Settings tab.
3. In the left navigation pane, select Application Solution Module > Installed Packages. The Installed Packages on ASM pane opens on the right.
4. In the Name column, make sure that you see Bitdefender Endpoint Security Tools.
   
5. In the left navigation pane, select Application Solution Module > Operational Status. The Operational Status pane opens on the right.
6. In the Windows Status section, make sure that the Support Mode shows Application Certified.
   
   

Verifying the Protection Status of an ASM System in the Bitdefender GravityZone Control Center 

1. Log in to the Bitdefender GravityZone Control Center at: https://gravityzone.bitdefender.com/.
2. In the left navigation pane, select Network. The network settings pane opens on the right.
3. Under your organization, make sure that you see the ASM system (for example, SBA3).
   
4. Select the system name. 
5. From the menu bar, select Protection.
6. Verify the protection status of your ASM system.
   

Configure a Scan Policy Exclusion 

Configuring a scan policy exclusion allows you to create a Bitdefender security policy for the ASM and exclude certain process from scanning to ensure that the BEST operations do not interfere with the SBA. 

1. Log in to the Bitdefender GravityZone Control Center at: https://gravityzone.bitdefender.com/.
2. In the left navigation pane, select Policies. The policy settings pane opens on the right.
   
3. Select Default Policy.

4. From the menu bar at the top, click Clone Policy. The policy settings pane opens.

   Note

   Bitdefender does not allow any modifications to the Default Policy, so you must clone the Default Policy first to make any modifications.

5. In the Name field, enter a name for the cloned policy.
6. Click Save. The cloned policy becomes a new policy.
7. In the policy settings pane, click on the new policy. 
8. From the policy settings menu, expand Antimalware > Settings. The settings pane opens.
9. Select In-policy exclusions.

10. Complete the following fields to add the required exclusion entries:
    • Type: From the dropdown list, select the file type that applies.
    • Excluded Name: Enter the file path. 
    • Modules: From the dropdown list, select the modules that apply. 
    • Action: Click Add.
    
    Exclusions Recommended by Ribbon 

    SBA	Exclusion
    Office 365 Direct Routing SBA	C:\Program Files\Microsoft\Microsoft SBA C:\Program Files\Microsoft\Microsoft SBA\Microsoft.Teams.SBA.exe C:\UX\APPS\UXSBA.EXE C:\UX\PUBLIC\LOGS\
    Skype for Business SBA	C:\windows\SoftwareDistribution\Datastore\ C:\windows\SoftwareDistribution\Datastore\Logs\ C:\Windows\security\database\*.edb C:\Windows\security\database\*.sdb C:\Windows\security\database\*.log C:\Windows\security\database\*.chk C:\Windows\security\database\*.jrs C:\Windows\System32\LogFiles\ C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ C:\UX\PUBLIC\LOGS\ C:\Program Files\Microsoft Lync Server 2010\ C:\Program Files\Microsoft Lync Server 2013\ C:\Program Files\Skype for Business Server 2015\ C:\Program Files\Common Files\Microsoft Lync Server 2010\ C:\Program Files\Common Files\Microsoft Lync Server 2013\ C:\Program Files\Common Files\Skype for Business Server 2015\ C:\Program Files\Microsoft SQL Server\MSSQL11.LYNCLOCAL\MSSQL\Binn\SQLServr.exe C:\Program Files\Microsoft SQL Server\MSSQL12.LYNCLOCAL\MSSQL\Binn\SQLServr.exe C:\Program Files\Microsoft SQL Server\MSSQL11.RTCLOCAL\MSSQL\Binn\SQLServr.exe C:\Program Files\Microsoft SQL Server\MSSQL12.RTCLOCAL\MSSQL\Binn\SQLServr.exe ABServer.exe UXSBA.exe ClsAgent.exe LysSvc.exe MediationServerSvc.exe ReplicaReplicatorAgent.exe ReplicationApp.exe RtcHost.exe RTCSrv.exe Fabric.exe FabricDCA.exe FabricHost.exe For more information, refer to: https://learn.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/security/antivirus.

    

11. Click Save.

Assign a Security Policy to the ASM 

1. Log in to the Bitdefender GravityZone Control Center at: https://gravityzone.bitdefender.com/.
2. In the left navigation pane, select Network. The network settings pane opens on the right.
3. Right-click on the required ASM system (for example, SBA2) and select Assign Policy.
4. From the Assign the following policy template dropdown list, select the ASM policy template (for example, ASM BEST Policy).
5. Click Finish.