Endpoint Security for

Mac

USER'S GUIDE
 Endpoint Security for Mac
User's Guide

Publication date 2019.10.08

Copyright© 2019 Bitdefender

50340A34392034390AFE02048790BF8082B92FA06FA080BA74BC7CC1AE80BA996CE11D2E80BA74C7E78C2E80
82FFB239EA2080FEAAAAAAAABF800006AA3FB00000FBD5EFE73AD5009CF2544B4C3D00A6B67D616B878031FB
500EA66D0063567F854DF700E84116D29479001E1671326B0580C5FB204BC43D8067FDFBC34DB780D0D21797
1C6C00C7917C347B4580254D7859B54800EE712FF15D9700606495D7DC7D00AFBD83E36BFD8058E6B23EC589
003A89EEB31DAF00C8C91627818C001FB72BF86BFB803D6ABDBFC000809E5E6C015DFE80A54917860DD200B3
0202C06377805DE366E8361180DF05ED2359FA00AD5455C690B200A3E97B50FB728034D4AF78869180FFA96A
063B6F80D53484FF0C718046A5B3D16B298071D6D5BE608100E375ABE609FE8000DA16331D8A00FEF606A13E
AF80825B662EA68800BADF6BE52EFE80BA891646848B00BA9C21A5EE700082CC28DA84E080FEA1EC237E1780

Legal Notice
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic
or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from an authorized representative of Bitdefender. The inclusion of brief quotations in reviews may be
possible only with the mention of the quoted source. The content can not be modified in any way.
Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this
document is provided on an “as is” basis, without warranty. Although every precaution has been taken in the
preparation of this document, the authors will not have any liability to any person or entity with respect to any loss
or damage caused or alleged to be caused directly or indirectly by the information contained in this work.
This book contains links to third-party Websites that are not under the control of Bitdefender, therefore Bitdefender
is not responsible for the content of any linked site. If you access a third-party website listed in this document, you
will do so at your own risk. Bitdefender provides these links only as a convenience, and the inclusion of the link does
not imply that Bitdefender endorses or accepts any responsibility for the content of the third-party site.
Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document
are the sole property of their respective owners, and are respectfully acknowledged.
Table of Contents
Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
1. Purpose and Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
2. How to Use This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
3. Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
3.1. Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
3.2. Admonitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
4. Request for Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
1. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1. About Endpoint Security for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2. Opening Endpoint Security for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3. Application Main Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4. Application Dock Icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Protecting Against Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2. Scanning Your Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3. Scan Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.4. Fixing Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.5. Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.6. Content Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.7. Device Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.8. Web protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.9. Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.9.1. Requesting an Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.9.2. Getting Updates through a Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.9.3. Update to a new version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3. Using Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1. Encrypting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2. Decrypting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.3. Changing the Recovery Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.4. Changing the Encryption Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4. Configuring Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.1. Accessing Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2. Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.3. History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.4. Scanner Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5. Using the Command Line Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.1. Supported Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2. The authToken Parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6. Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7. Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

iii
Types of Malicious Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

iv
Using This Guide
1. Purpose and Intended Audience
This documentation is intended for the end users of Endpoint Security for Mac, the
Security for Endpoints client software installed on computers to protect them
against malware and other Internet threats. The information presented herein
should be easy to understand by anyone who is able to work under Macintosh.
You will find out how to configure and use Endpoint Security for Mac to protect
your computer against viruses and other malicious software. You will learn how
to get best from Bitdefender.
We wish you a pleasant and useful lecture.

2. How to Use This Guide

This guide is organized around several major topics:
Getting Started (p. 1)
Get started with Endpoint Security for Mac and its user interface.
Protecting Against Malware (p. 5)
Learn how to use Endpoint Security for Mac to protect your computer against
malicious software.
Configuring Preferences (p. 20)
Learn more about the Endpoint Security for Mac preferences.
Getting Help (p. 28)
Where to look and where to ask for help if something unexpected appears.

Using This Guide v

3. Conventions Used in This Guide
3.1. Typographical Conventions
Several text styles are used in this guide for an improved readability. Their aspect
and meaning are presented in the table below.

Appearance Description
sample syntax Syntax samples are printed with monospaced
characters.
http://www.bitdefender.com The URL link is pointing to some external location,
on http or ftp servers.
documentation@bitdefender.com E-mail addresses are inserted in the text for
contact information.
Using This Guide (p. v) This is an internal link, towards some location
inside the document.
filename File and directories are printed using monospaced
font.
option All the product options are printed using bold
characters.
keyword Important keywords or phrases are highlighted
using bold characters.

3.2. Admonitions
The admonitions are in-text notes, graphically marked, bringing to your attention
additional information related to the current paragraph.

Note
The note is just a short observation. Although you can omit it, the notes can provide
valuable information, such as specific feature or a link to some related topic.

Important
This requires your attention and is not recommended to skip over it. Usually, it provides
non-critical but significant information.

Using This Guide vi

 Warning
This is critical information you should treat with increased caution. Nothing bad will
happen if you follow the indications. You should read and understand it, because it
describes something extremely risky.

4. Request for Comments

We invite you to help us improve the book. We have tested and verified all of the
information to the best of our ability. Please write to tell us about any flaws you
find in this book or how you think it could be improved, to help us provide you with
the best documentation possible.
Let us know by sending an e-mail to documentation@bitdefender.com. Please
write all of your documentation-related e-mails in English so that we can process
them efficiently.

Using This Guide vii

1. GETTING STARTED
This chapter includes the following topics:
● About Endpoint Security for Mac
● Opening Endpoint Security for Mac
● Application Main Window
● Application Dock Icon

1.1. About Endpoint Security for Mac

Endpoint Security for Mac is a fully-automated computer security program, managed
remotely by your network administrator. Once installed, it protects you against all
kinds of malware, inlcuding viruses, spyware, trojans, keyloggers, worms and
adware. It can also be used to enforce your organization's computer and Internet
use policies.
This app detects and removes not only Mac malware, but also Windows malware,
thus preventing you from accidentally sending infected files to your family, friends
and colleagues using PCs.

1.2. Opening Endpoint Security for Mac

You have several ways to open Endpoint Security for Mac.
● Click the Endpoint Security for Mac icon in the Launchpad.
● Open a Finder window, go to Applications and double-click the Endpoint Security
for Mac icon.
● You can also use Spotlight to find and open the application.
When the application opens, it automatically detects the language of your system
and it will display the user interface in your language.

Note
If the system language is not among the Endpoint Security for Mac supported
languages, the application loads the English language interface by default.

Getting Started 1
1.3. Application Main Window
In the application's main window you can take important actions to improve your
system protection. You can check your computer's security status and secure your
web browsing experience.

Application Main Window

The status area at the top of the window informs you about the system's security
status using explicit messages and suggestive colors:
● Green - If Endpoint Security for Mac has no warnings.
● Yellow - If a security issue has been detected.
● Red - If the license has expired.
Under the status area, three scan buttons are available to help you scan your Mac:
● Quick Scan - checks for malware the most vulnerable locations on your system
(for example, the folders that contain the documents, downloads, mail downloads
and temporary files of each user).

Getting Started 2
● Full Scan - performs a comprehensive check for malware of the entire system.
All connected mounts will be scanned too.
● Custom Scan - helps you check specific files, folders or volumes for malware.
For more information, refer to Scanning Your Mac (p. 5).
Next to the scan buttons, the Modules section informs you about:
● Antimalware – lets you know if On-Access scanning is enabled (On) or disabled
(Off).
● Content Control - lets you know if the following components are enabled (On)
or disabled (Off):
– Traffic Scan
– Application Blacklisting
– Web Access Control
– Antiphishing
● Device Control - informs you if the module is enabled (On) or disabled (Off).

Note
The Content Control and Device Control modules are available starting with OS
X El Capitan (10.11). These functionalities rely on a macOS kernel extension. The
installation of kernel extensions requires your approval on macOS High Sierra
(10.13.x) and later.

● Encryption – provides the encryption status for each disk (Encrypted, Encryption
in progress, Decryption in progress, Not encrypted, Locked or Paused) if a
GravityZone encryption policy is applied on your computer.
Under the scan buttons, an additional option is available:
● Web protection - filters all web traffic and blocks any malicious content to secure
your web browsing experience. For more information, refer to Web protection
(p. 12).

Note
Web protection is available on OS X Mavericks (10.9) and OS X Yosemite (10.10).
Starting with OS X El Capitan (10.11), this feature is replaced with Content Control.

Getting Started 3
At the bottom of the window, by clicking the View history button you are opening
a detailed log of events concerning the Endpoint Security for Mac activity on your
computer. For details, refer to History (p. 20).

1.4. Application Dock Icon

The Endpoint Security for Mac icon can be noticed in the Dock as soon as you open
the application. The icon in the Dock provides you with an easy way to scan files
and folders for malware. Just drag and drop the file or folder over the Dock icon
and the scan will start immediately.

Dock Icon

Getting Started 4
2. PROTECTING AGAINST MALWARE
This chapter includes the following topics:
● Best Practices
● Scanning Your Mac
● Scan Wizard
● Fixing Issues
● Quarantine
● Content Control
● Device Control
● Web protection
● Updates

2.1. Best Practices

To keep your system malware-free and to prevent accidental infection of other
systems, follow these best practices:
● Check and fix the issues reported by Endpoint Security for Mac regularly. For
detailed information, refer to Fixing Issues (p. 7).
● You should also adhere to these best practices:
– Make a habit of scanning files that you download from an external storage
memory (such as an USB stick or a CD), especially when you do not know
the source.
– If you have a DMG file, mount it and then scan its contents (the files within
the mounted volume/image).

2.2. Scanning Your Mac

On-Access Scanning module continuously monitors your computer, looking for
malware-like actions and prevents new malware threats from entering your system.
On-Access Scanning is controlled by your network administrator via security
policies.
You can also scan your Mac or specific files anytime you want.

Protecting Against Malware 5

The easiest way to scan a file, a folder or a volume is to drag & drop it over the
Dock icon. The scan wizard will appear and guide you through the scanning process.
You can start a scan as follows:
1. Open Endpoint Security for Mac.
2. Click one of the three scan buttons to start the desired scan.
● Quick Scan - checks for malware the most vulnerable locations on your
system (for example, the folders that contain the documents, downloads,
mail downloads and temporary files of each user).
● Full Scan - performs a comprehensive check for malware of the entire system.
All connected mounts will be scanned too.

Note
– Depending on the size of your hard disk, scanning the entire system may
take a while (up to an hour or even more). For improved performance, it
is recommended not to run this task while performing other
resource-intensive tasks (such as video editing).
– You can also run a quick scan or a full scan by using the
productConfigurationTool interface. For details, refer to Using the
Command Line Tool (p. 22).

● Custom Scan - helps you check specific files, folders or volumes for malware.

2.3. Scan Wizard

Whenever you initiate a scan, the Endpoint Security for Mac scan wizard will appear.

Protecting Against Malware 6

Scanning in Progress

You can see real-time information about the scan, such as the number of detected
threats and the number of resolved issues.
Wait for Endpoint Security for Mac to finish scanning.

Note
The scanning process may take a while, depending on the complexity of the scan.

2.4. Fixing Issues

Endpoint Security for Mac automatically detects and informs you about a series
of issues that can affect the security of your system and data.
The detected issues may refer to:
● New malware signatures and product updates have not been downloaded from
Bitdefender servers.
● Security threats have been detected on your system.
● On-Access scanning module is disabled.
● License has expired.
Fixing the issues indicated by Endpoint Security for Mac is a quick and easy process.
This way you can to fix security risks in a timely manner.

Protecting Against Malware 7

To check and fix detected issues:
1. Open Endpoint Security for Mac.
2. Check the color of the status area:
● Green - your Mac is safe.
● Yellow or red - Your Mac has issues. For further investigations, follow the
next steps.
3. Check the description for more information.
4. Depending on the number and type of the detected issues, a button may be
available in the status area:
● Fix issue, if only one issue was found. Click the button to quickly fix the
security risk.
● View issues, if more issues were found. Click the button to view the issues.
A new window opens and then you can fix the issues.
If malware has been detected, the application automatically attempts to remove
it and to reconstruct the original file. This operation is referred to as disinfection.
Files that cannot be disinfected are moved to quarantine to contain the infection.
If the file can neither be disinfected, nor quarantined, Endpoint Security for Mac
informs you about the issue and you can manually delete it.
To manually remove infections:
● Click the Reveal in Finder button.
● Select the file and delete it from your system.
If the file was from an installed application, make sure you repair that installation
for the program to function properly.

Protecting Against Malware 8

Unresolved Threats Window

Some issues may require your network administrator to solve them from the
management console, such as:
● Enabling the On-Access module via security policy.
● Renewing the expired license.

2.5. Quarantine
Endpoint Security for Mac allows isolating the infected or suspicious files in a
secure area, named quarantine. When a malicious app is in quarantine it cannot
do any harm because it cannot be executed or read.
To view and manage the quarantined files, open the Quarantine window:
1. Right-click the Bitdefender icon in the menu bar.
2. Choose Preferences from the options list. A window will be displayed.
3. Choose the View Quarantine tab.

Protecting Against Malware 9

Quarantined Files

The Quarantine section displays all the files currently isolated in the Quarantine
folder.
To delete a file from quarantine, select it and click Delete. If you want to restore a
quarantined file to its original location, select it and click Restore.

2.6. Content Control

The Content Control module protects you while on the Internet against phishing
attacks, fraud attempts and inappropriate web content. It also includes a
comprehensive set of user controls that help the network administrator enforce
computer and Internet use policies. This module is available for Chrome, Firefox
and Safari.
● Traffic Scan. This component prevents malware from being downloaded to the
endpoint by scanning and web traffic in real time.
● Application Blacklisting. This component prevents access to unauthorized
applications in your company. The administrator is responsible for creating
rules for the allowed applications in the organization.

Protecting Against Malware 10

● Web Access Control. This component protects you from accessing dangerous
websites based on administrator-defined rules.
● Antiphishing. This component automatically blocks known phishing web pages
to prevent users from inadvertently disclosing private or confidential information
to online fraudsters.

Note
Content Control is available starting with OS X El Capitan (10.11). This functionality
relies on a macOS kernel extension. The installation of kernel extensions requires
your approval on macOS High Sierra (10.13.x). The system notifies you that a system
extension from Bitdefender was blocked and to allow it from Security & Privacy
preferences. Until you approve the Bitdefender system extension, this module will
not work and the Endpoint Security for Mac user interface will show a critical issue
prompting you for approval.

2.7. Device Control

The Device Control module allows preventing sensitive data leakage and malware
infections via external devices attached to endpoints, by applying blocking rules
via policy to a vast range of device types. The administrator is responsible for
managing permissions for the following types of devices:
● Bluetooth devices
● CDROM devices
● Imaging devices
● Modems
● Windows Portable
● Printers
● Network adapters
● Wireless network adapters
● External storage

Note
Device Control is available starting with OS X El Capitan (10.11). This functionality
relies on a macOS kernel extension. The installation of kernel extensions requires
your approval on macOS High Sierra (10.13.x). The system notifies you that a system
extension from Bitdefender was blocked and to allow it from Security & Privacy
preferences. Until you approve the Bitdefender system extension, this module will
not work and the Endpoint Security for Mac user interface will show a critical issue
prompting you for approval.

Protecting Against Malware 11

2.8. Web protection
Endpoint Security for Mac uses the TrafficLight extensions to completely secure
your web browsing experience. The TrafficLight extensions intercept, process and
filter all web traffic, blocking any malicious content.
The extensions work and integrate with the following web browsers: Mozilla Firefox,
Google Chrome and Safari.

Note
This feature is available on OS X Mavericks (10.9) and OS X Yosemite (10.10). Starting
with OS X El Capitan (10.11), Web protection is replaced with Content Control.

A series of features is available to protect you from all kinds of threats you may
encounter while web browsing:
● Advanced Phishing Filter - prevents you from accessing websites used for
phishing attacks.
● Malware Filter - blocks any malware you come in contact with while browsing
the Internet.
● Search Results Analyzer - provides advance warning of risky websites within
your search results.
● Antifraud Filter - provides protection against fraudulent websites while browsing
the Internet.
● Tracker Notification - detects trackers on the visited web pages protecting your
online privacy.

Enabling TrafficLight extensions

To enable the TrafficLight extensions, follow these steps:
1. Open Endpoint Security for Mac.
2. Click Fix now to open Web Protection window.
3. Endpoint Security for Mac will detect what web browser you have installed on
your system. To install the TrafficLight extension on the browser you want, click
Get extension from the corresponding pane.
4. You will be redirected to this online location:
http://bitdefender.com/solutions/trafficlight.html

Protecting Against Malware 12

5. Select Free Download.
6. Follow the steps to install the TrafficLight extension for the selected web
browser.

Page rating and alerts

Depending on how TrafficLight classifies the web page you are currently viewing,
one of the following icons is displayed in its area:
This is a safe page to visit. You can continue your work.
This web page may contain dangerous content. Exercise caution if you decide
to visit it.
You should leave the web page immediately. Alternatively, you can choose one
of the available options:
● Navigate away from the website by clicking Take me back to safety.
● Proceed to the website, despite the warning, by clicking I understand the risks,
take me there anyway.

2.9. Updates
New malware is found and identified every day. This is why it is very important to
keep Endpoint Security for Mac up to date with the latest malware signatures.
While the On-Access Scanning is enabled, the malware signatures and product
updates are automatically downloaded on your system. If your network
administrator disables the On-Access module via policy, you will have to manually
request an update for your Endpoint Security for Mac app.
The malware signatures update is performed on the fly, meaning that the files to
be updated are replaced progressively. This way, the update will not affect the
product operation and, at the same time, any vulnerability will be excluded.

2.9.1. Requesting an Update

You can request an update manually anytime you want. Update by user request is
recommended before you start a comprehensive scan.
An active Internet connection is required in order to check for available updates
and download them.
To request an update manually:

Protecting Against Malware 13

1. Open Endpoint Security for Mac.
2. Click the Actions in the menu bar.
3. Choose Update Virus Database.
You can see the update progress and downloaded files.

2.9.2. Getting Updates through a Proxy Server

Endpoint Security for Mac can update only through proxy servers that do not require
authentication. You do not have to configure any program settings.
If you connect to the Internet through a proxy server that requires authentication,
you must switch to a direct Internet connection regularly in order to obtain malware
signature updates.

2.9.3. Update to a new version

Occasionally, we launch product updates to improve the product functionalities.
These updates may require a system restart to initiate the installation of new files.
By default, if an update requires a computer restart, Endpoint Security for Mac will
keep working with the previous files until you reboot the system. In this case, the
update process will not interfere with your work.
When a product update is completed, a pop-up window will inform you to restart
the system. If you miss this notification, you can either click Restart to upgrade
from the menu bar or manually restart the system.

Protecting Against Malware 14

3. USING ENCRYPTION
The Encryption module provides full disk encryption on your Mac through policies
applied by your security administrator. The security agent operates FileVault to
encrypt the Mac’s boot drive and the diskutil command-line utility to encrypt any
non-boot drive. Removable drives are not encrypted.
This chapter includes the following topics:
● Encrypting Volumes
● Decrypting Volumes
● Changing the Recovery Key
● Changing the Encryption Password

3.1. Encrypting Volumes

When an encryption policy is applied on your Mac:
● For boot drives:
1. A window prompts you to enter your system username and password.

2. Click the OK button to start the encryption process.

If you click the Not now option, the encryption process is postponed, but
the window will appear after a time. The window will continue to appear as
long as the encryption policy is active on Mac.
3. This is what happens after the Encrypt with FileVault window closes:

Using Encryption 15
 – If you have a Mac running an operating system version older than macOS
Catalina (10.15), the encryption process starts immediately.
– If you have a Mac running macOS Catalina (10.15), Endpoint Security for
Mac ("fdesetup") will require, in an additional window, your approval for
enabling FileVault. Click the OK button to start encryption. If clicking
Don't Allow, Endpoint Security for Mac will not start encryption and it will
ask you for approval every couple of minutes.

Note
In case of dual-boot systems, the other boot volume will not be encrypted.

● For non-boot drives:

1. A window prompts you to configure a dedicated password to encrypt each
drive. This password is only necessary to unlock a specific non-boot drive.
2. Click the Save button. The encryption process starts immediately.
If you click the Dismiss option, the encryption process is postponed. The
dialog window will appear after a time and it will continue appear as long
as the encryption policy is active on Mac.

Using Encryption 16
If the Mac has more than one drive, the dialog windows for encryption for all drives
will appear at the same time.

3.2. Decrypting Volumes

When a decryption policy is applied on your Mac:
● For boot drives:
1. A dialog window prompts you to enter your system username and password.
2. Click the OK button. The decryption process starts immediately.
● For non-boot drives:
1. A dialog window prompts you to enter the encryption password.
2. Click the Save button. The decryption process start immediately.
If you click the Dismiss option, the decryption process is postponed. The
dialog window will appear after a time and it will continue appear as long
as the encryption policy is active on Mac.
If the Mac has more than one drive, the dialog windows for decryption for all drives
will appear at the same time.

3.3. Changing the Recovery Key

After the encryption process starts, Endpoint Security for Mac sends a recovery
key to the security administrator's management console. The recovery key is useful
for your security administrator in case you forget your login credentials or the
encryption passwords and you are unable to unlock the drives, or in case the Mac
has another user who cannot access one of the drives.
You can change the recovery key for the boot drive without needing to change your
login credentials.
To change the encryption recovery key for the boot drive:
1. Click the encrypted boot drive in the main window of Endpoint Security for Mac.
2. Click the Change recovery key option.
3. Enter your system username and password.
4. Click the Save button.

Using Encryption 17
The option to change the recovery key is only available if an encryption policy is
applied to your Mac.
In case you change the system password, the encrypted boot drive remains as it
is, with no action from you required.

3.4. Changing the Encryption Password

You can change the encryption password for non-boot drives from the Endpoint
Security for Mac user interface. After changing the password, Endpoint Security
for Mac will send a new recovery key to the security administrator’s management
console.
How to change the encryption password for a non-boot drive:
1. Click the encrypted disk name in the main window of Endpoint Security for Mac.
2. Click the Change password option.
3. In the Change encryption password window, configure the new password.
4. Click the Save option.

Using Encryption 18
The option to change the encryption password is only available if an encryption
policy is applied to your Mac.

Using Encryption 19
4. CONFIGURING PREFERENCES
The Endpoint Security for Mac offers a minimum set of options for the user to
configure, as it is managed by the network administrator through the assigned
policy.
This chapter includes the following topics:
● Accessing Preferences
● Quarantine
● History
● Scanner Preferences

4.1. Accessing Preferences

To open the Preferences window:
1. Open Endpoint Security for Mac.
2. Do any of the following:
● Click Endpoint Security for Mac in the Application menu and choose
Preferences.
● Right-click the Bitdefender icon in the Status menu and choose Preferences.
● Press Command-Comma(,).
3. Click the tab of the feature you want to configure. Please find them described
herein.

4.2. Quarantine
The Quarantine section displays all the files currently isolated in the Quarantine
folder on your local computer.
To delete a file from quarantine, select it and click Delete. If you want to restore a
quarantined file to its original location, select it and click Restore.

4.3. History
Endpoint Security for Mac keeps a detailed log of events concerning its activity on
your computer. Whenever something relevant to the security of your system or
data happens, a new message is added to the Endpoint Security for Mac History.
Events are a very important tool in monitoring and managing your computer

Configuring Preferences 20
protection. For instance, you can easily check if the update was successfully
performed, if malware was found on your computer, etc.
Whenever you want to delete the history log, click the Clear History button. The
Copy button gives you the possibility to copy this information on clipboard.

4.4. Scanner Preferences

This window allows you to choose whether or not the Endpoint Security for Mac
scans also the backup files. The application will only inform you of an existent
threat, as OS X protects your Time Machine disk and prevents Endpoint Security
for Mac from removing files. If it happens to restore infected files at a later time,
Endpoint Security for Mac will automatically detect them and take the proper action.
By default the backup files are excluded from scanning. Deselect the Don't scan
Time Machine disk check box to scan this location as well.

Configuring Preferences 21
5. USING THE COMMAND LINE TOOL
Endpoint Security for Mac allows you to perform certain tasks by using a command
line tool named productConfigurationTool. Specifically, you can retrieve information
about the product status and run quick and full system scans.
To use productConfigurationTool:
1. Open Terminal on your computer.
2. Change the working directory by using the following command:

cd /Library/Bitdefender/AVP/enterprise.bundle/

3. Run supported commands with administrator privileges (command sudo).

Using productConfigurationTool in Terminal

This chapter includes the following topics related to productConfigurationTool:

● Supported Commands
● The authToken Parameter
● Error Codes

5.1. Supported Commands

The productConfigurationTool interface supports the following commands:
asksForStatus
Retrieves information about:

Using the Command Line Tool 22

 ● Antimalware module status (enabled or disabled).
● Antimalware signatures version.
● Product version.
● The time of the last update.
How to use it:

sudo ./productConfigurationTool -authToken [password]

-asksForStatus

Example of output in case of success:

{
"error" : 0,
"stdout" : {
"avEnabled" : "YES",
"avSignaturesVersion" : "69440",
"productVersion" : "4.0.0.175873",
"lastUpdateTime" : 1507185205
}
}

Example of output in case of fail:

"error" : 100

asksForAScanToRun
Starts a scanning task, providing after completion details about the process:
total scanned items, scan duration, log path and whether infections occurred
or not.
This command is followed by an identifier predefined for each scanning task
type:
● Quick Scan (ID: da29f7c8-23b1-4974-8d11-209959ac694b) – this
task is configured for basic security and low usage of the resources. The
main scanning targets are running processes and some vulnerable locations.
Only one instance of this task can be running at a specific time.
How to perform a quick scan:

Using the Command Line Tool 23

 sudo ./productConfigurationTool -authToken
[password] -asksForAScanToRun
da29f7c8-23b1-4974-8d11-209959ac694b

● Full Scan (ID: dcf483c4-26d0-4e6f-ba28-6a53a00adae1) – this task

is configured for maximum protection against any type of malware. Only
one instance can be running at a specific time.
How to perform a full scan:

sudo ./productConfigurationTool -authToken

[password] -asksForAScanToRun
dcf483c4-26d0-4e6f-ba28-6a53a00adae1

Example of output in case of success after executing the asksForAScanToRun

command:

{
"error" : 0,
"stdout" : {
"scanDuration" : 13,
"logfilepath" : "\/Library\/Application Support\
/Antivirus for Mac\/Logs\
/da29f7c8-23b1-4974-8d11-209959ac694b.xml",
"totalScanned" : 6158,
"infection" : "NO"
}
}

Example of output in case of fail:

"error" : 95

Note
● You cannot run a custom scan by using productConfigurationTool.
● Some scanning tasks may take a long time to finish. For example, a full scan
may run for more than 20 minutes.

Using the Command Line Tool 24

5.2. The authToken Parameter
This parameter helps you to prevent unauthorized usage of
productConfigurationTool. It must be included each time you execute a command.

Note
As a temporary measure, the authToken parameter requires a password that you
can obtain by contacting Bitdefender Business Support.

5.3. Error Codes

The productConfigurationTool interface may return one of the following error codes:

Error Description
100 The productConfigurationTool parameters are not correct.
99 The tool is not running with administrator privileges.
98 "/Library/Bitdefender/AVP/enterprise.bundle/epsdk.dylib"
was not found. Update the product.
97 Failed to load f_EPSDK_GetInstance and f_EPSDK_ReleaseInstance
type functions from the library. Update the product.
96 The .json response lacks some expected fields or it has a different format
than expected. Update the product.
95 A certain query requires events to get all relevant data, but not all events are
caught. Update the product. If this error persists, contact Bitdefender
Business Support.
94 "/Library/Bitdefender/AVP/EndpointSecurityforMac.app
/Contents/Info.plist" was not found or "CFBundleVersion" was
not found in the .plist file. Update the product.
93 productConfigurationTool is not supported on this version of Endpoint
Security for Mac. Update the product.
92 The supplied authToken password does not match the expected value.
0 The command has been executed successfully.

Using the Command Line Tool 25

6. FREQUENTLY ASKED QUESTIONS
The scan log indicates there are still unresolved items. How do I remove them?
The unresolved items in the scan log may be:
● restricted access archives (xar, rar, etc.)
Solution: Use the Reveal in Finder option to find the file and delete it
manually. Make sure to empty the Trash.
● restricted access mailboxes (Thunderbird, etc.)
Solution: Use the application to remove the entry containing the infected
file.
● files owned by another user
Solution: Use the Reveal in Finder option to find the file and contact the
owner to find out if it is safe to remove that file. If it is safe to remove the
file, delete it manually. Make sure to empty the Trash.

Note
Restricted access files means files Endpoint Security for Mac can only open,
but it cannot modify them.

Can I update Endpoint Security for Mac through a Proxy Server?

Endpoint Security for Mac can update only through proxy servers that do not
require authentication. You do not have to configure any program settings.
If you connect to the Internet through a proxy server that requires
authentication, you must switch to a direct Internet connection regularly in
order to obtain malware signature updates.
How do I remove the TrafficLight extensions from my web browser?
● To remove the TrafficLight extensions from Mozilla Firefox, follow these
steps:
1. Open your Mozilla Firefox browser.
2. Go to Tools and select Add-ons.
3. Select Extensions on the left column.
4. Select the extension and click Remove.
5. Restart the browser for the removal process to complete.

Frequently Asked Questions 26

 ● To remove the TrafficLight extensions from Google Chrome, follow these
steps:
1. Open your Google Chrome browser.
2. Click on the browser toolbar.
3. Go to Tools and select Extensions.
4. Select the extension and click Remove.
5. Click Uninstall to confirm the removal process.
● To remove Bitdefender TrafficLight from Safari, follow these steps:
1. Open your Safari browser.
2. Click on the browser toolbar and click Preferences.
3. Select the Extensions tab and find the Bitdefender TrafficLight on Safari
extension in the list.
4. Select the extension and click Uninstall.
5. Click Uninstall to confirm the removal process.

Frequently Asked Questions 27

7. GETTING HELP
For any problems or questions concerning Endpoint Security for Mac, please contact
your network administrator.
Open About Endpoint Security for Mac window to find product and contact
information:
1. Open Endpoint Security for Mac.
2. Click Endpoint Security for Mac in the menu bar.
3. Choose About Endpoint Security for Mac.

Getting Help 28
Types of Malicious Software
Adware
Adware is often combined with a host application that is provided at no charge
as long as the user agrees to accept the adware. Because adware applications
are usually installed after the user has agreed to a licensing agreement that
states the purpose of the application, no offense is committed.
However, pop-up advertisements can become an annoyance, and in some
cases degrade system performance. Also, the information that some of these
applications collect may cause privacy concerns for users who were not fully
aware of the terms in the license agreement.

Keylogger
A keylogger is an application that logs anything you type.
Keyloggers are not malicious in nature. They can be used for legitimate
purposes, such as monitoring employees or children activity. However, they
are increasingly being used by cyber-criminals for malicious purposes (for
example, to collect private data, such as login credentials and social security
numbers).

Polymorphic virus
A virus that changes its form with each file it infects. Since they have no
consistent binary pattern, such viruses are hard to identify.

Rootkit
A rootkit is a set of software tools which offer administrator-level access to a
system. The term was first used for the UNIX operating systems and it referred
to recompiled tools which provided intruders administrative rights, allowing
them to conceal their presence so as not to be seen by the system
administrators.
The main role of rootkits is to hide processes, files, logins and logs. They may
also intercept data from terminals, network connections or peripherals, if they
incorporate the appropriate software.
Rootkits are not malicious in nature. For example, systems and even some
applications hide critical files using rootkits. However, they are mostly used
to hide malware or to conceal the presence of an intruder into the system.
When combined with malware, rootkits pose a great threat to the integrity and

Types of Malicious Software 29

 the security of a system. They can monitor traffic, create backdoors into the
system, alter files and logs and avoid detection.

Spyware
Any software that covertly gathers user information through the user's Internet
connection without his or her knowledge, usually for advertising purposes.
Spyware applications are typically bundled as a hidden component of freeware
or shareware programs that can be downloaded from the Internet; however, it
should be noted that the majority of shareware and freeware applications do
not come with spyware. Once installed, the spyware monitors user activity on
the Internet and transmits that information in the background to someone else.
Spyware can also gather information about e-mail addresses and even
passwords and credit card numbers.
Spyware's similarity to a Trojan horse is the fact that users unwittingly install
the product when they install something else. A common way to become a
victim of spyware is to download certain peer-to-peer file swapping products
that are available today.
Aside from the questions of ethics and privacy, spyware steals from the user
by using the computer's memory resources and also by eating bandwidth as
it sends information back to the spyware's home base via the user's Internet
connection. Because spyware is using memory and system resources, the
applications running in the background can lead to system crashes or general
system instability.

Trojan
A destructive program that masquerades as a benign application. Unlike viruses,
Trojan horses do not replicate themselves but they can be just as destructive.
One of the most insidious types of Trojan horse is a program that claims to rid
your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant
wooden horse to their foes, the Trojans, ostensibly as a peace offering. But
after the Trojans drag the horse inside their city walls, Greek soldiers sneak
out of the horse's hollow belly and open the city gates, allowing their
compatriots to pour in and capture Troy.

Virus
A program or piece of code that is loaded onto your computer without your
knowledge and runs against your will. Most viruses can also replicate

Types of Malicious Software 30

 themselves. All computer viruses are manmade. A simple virus that can copy
itself over and over again is relatively easy to produce. Even such a simple
virus is dangerous because it will quickly use all available memory and bring
the system to a halt. An even more dangerous type of virus is one capable of
transmitting itself across networks and bypassing security systems.

Worm
A program that propagates itself over a network, reproducing itself as it goes.
It cannot attach itself to other programs.

Types of Malicious Software 31