Documente Academic
Documente Profesional
Documente Cultură
Mac
USER'S GUIDE
Endpoint Security for Mac
User's Guide
50340A34392034390AFE02048790BF8082B92FA06FA080BA74BC7CC1AE80BA996CE11D2E80BA74C7E78C2E80
82FFB239EA2080FEAAAAAAAABF800006AA3FB00000FBD5EFE73AD5009CF2544B4C3D00A6B67D616B878031FB
500EA66D0063567F854DF700E84116D29479001E1671326B0580C5FB204BC43D8067FDFBC34DB780D0D21797
1C6C00C7917C347B4580254D7859B54800EE712FF15D9700606495D7DC7D00AFBD83E36BFD8058E6B23EC589
003A89EEB31DAF00C8C91627818C001FB72BF86BFB803D6ABDBFC000809E5E6C015DFE80A54917860DD200B3
0202C06377805DE366E8361180DF05ED2359FA00AD5455C690B200A3E97B50FB728034D4AF78869180FFA96A
063B6F80D53484FF0C718046A5B3D16B298071D6D5BE608100E375ABE609FE8000DA16331D8A00FEF606A13E
AF80825B662EA68800BADF6BE52EFE80BA891646848B00BA9C21A5EE700082CC28DA84E080FEA1EC237E1780
Legal Notice
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic
or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from an authorized representative of Bitdefender. The inclusion of brief quotations in reviews may be
possible only with the mention of the quoted source. The content can not be modified in any way.
Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this
document is provided on an “as is” basis, without warranty. Although every precaution has been taken in the
preparation of this document, the authors will not have any liability to any person or entity with respect to any loss
or damage caused or alleged to be caused directly or indirectly by the information contained in this work.
This book contains links to third-party Websites that are not under the control of Bitdefender, therefore Bitdefender
is not responsible for the content of any linked site. If you access a third-party website listed in this document, you
will do so at your own risk. Bitdefender provides these links only as a convenience, and the inclusion of the link does
not imply that Bitdefender endorses or accepts any responsibility for the content of the third-party site.
Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document
are the sole property of their respective owners, and are respectfully acknowledged.
Table of Contents
Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
1. Purpose and Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
2. How to Use This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
3. Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
3.1. Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
3.2. Admonitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
4. Request for Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
1. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1. About Endpoint Security for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2. Opening Endpoint Security for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3. Application Main Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4. Application Dock Icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Protecting Against Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2. Scanning Your Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3. Scan Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.4. Fixing Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.5. Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.6. Content Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.7. Device Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.8. Web protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.9. Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.9.1. Requesting an Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.9.2. Getting Updates through a Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.9.3. Update to a new version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3. Using Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1. Encrypting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2. Decrypting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.3. Changing the Recovery Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.4. Changing the Encryption Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4. Configuring Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.1. Accessing Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2. Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.3. History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.4. Scanner Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5. Using the Command Line Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.1. Supported Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2. The authToken Parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6. Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7. Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
iii
Types of Malicious Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iv
Using This Guide
1. Purpose and Intended Audience
This documentation is intended for the end users of Endpoint Security for Mac, the
Security for Endpoints client software installed on computers to protect them
against malware and other Internet threats. The information presented herein
should be easy to understand by anyone who is able to work under Macintosh.
You will find out how to configure and use Endpoint Security for Mac to protect
your computer against viruses and other malicious software. You will learn how
to get best from Bitdefender.
We wish you a pleasant and useful lecture.
Appearance Description
sample syntax Syntax samples are printed with monospaced
characters.
http://www.bitdefender.com The URL link is pointing to some external location,
on http or ftp servers.
documentation@bitdefender.com E-mail addresses are inserted in the text for
contact information.
Using This Guide (p. v) This is an internal link, towards some location
inside the document.
filename File and directories are printed using monospaced
font.
option All the product options are printed using bold
characters.
keyword Important keywords or phrases are highlighted
using bold characters.
3.2. Admonitions
The admonitions are in-text notes, graphically marked, bringing to your attention
additional information related to the current paragraph.
Note
The note is just a short observation. Although you can omit it, the notes can provide
valuable information, such as specific feature or a link to some related topic.
Important
This requires your attention and is not recommended to skip over it. Usually, it provides
non-critical but significant information.
Note
If the system language is not among the Endpoint Security for Mac supported
languages, the application loads the English language interface by default.
Getting Started 1
1.3. Application Main Window
In the application's main window you can take important actions to improve your
system protection. You can check your computer's security status and secure your
web browsing experience.
The status area at the top of the window informs you about the system's security
status using explicit messages and suggestive colors:
● Green - If Endpoint Security for Mac has no warnings.
● Yellow - If a security issue has been detected.
● Red - If the license has expired.
Under the status area, three scan buttons are available to help you scan your Mac:
● Quick Scan - checks for malware the most vulnerable locations on your system
(for example, the folders that contain the documents, downloads, mail downloads
and temporary files of each user).
Getting Started 2
● Full Scan - performs a comprehensive check for malware of the entire system.
All connected mounts will be scanned too.
● Custom Scan - helps you check specific files, folders or volumes for malware.
For more information, refer to Scanning Your Mac (p. 5).
Next to the scan buttons, the Modules section informs you about:
● Antimalware – lets you know if On-Access scanning is enabled (On) or disabled
(Off).
● Content Control - lets you know if the following components are enabled (On)
or disabled (Off):
– Traffic Scan
– Application Blacklisting
– Web Access Control
– Antiphishing
● Device Control - informs you if the module is enabled (On) or disabled (Off).
Note
The Content Control and Device Control modules are available starting with OS
X El Capitan (10.11). These functionalities rely on a macOS kernel extension. The
installation of kernel extensions requires your approval on macOS High Sierra
(10.13.x) and later.
● Encryption – provides the encryption status for each disk (Encrypted, Encryption
in progress, Decryption in progress, Not encrypted, Locked or Paused) if a
GravityZone encryption policy is applied on your computer.
Under the scan buttons, an additional option is available:
● Web protection - filters all web traffic and blocks any malicious content to secure
your web browsing experience. For more information, refer to Web protection
(p. 12).
Note
Web protection is available on OS X Mavericks (10.9) and OS X Yosemite (10.10).
Starting with OS X El Capitan (10.11), this feature is replaced with Content Control.
Getting Started 3
At the bottom of the window, by clicking the View history button you are opening
a detailed log of events concerning the Endpoint Security for Mac activity on your
computer. For details, refer to History (p. 20).
Dock Icon
Getting Started 4
2. PROTECTING AGAINST MALWARE
This chapter includes the following topics:
● Best Practices
● Scanning Your Mac
● Scan Wizard
● Fixing Issues
● Quarantine
● Content Control
● Device Control
● Web protection
● Updates
Note
– Depending on the size of your hard disk, scanning the entire system may
take a while (up to an hour or even more). For improved performance, it
is recommended not to run this task while performing other
resource-intensive tasks (such as video editing).
– You can also run a quick scan or a full scan by using the
productConfigurationTool interface. For details, refer to Using the
Command Line Tool (p. 22).
● Custom Scan - helps you check specific files, folders or volumes for malware.
You can see real-time information about the scan, such as the number of detected
threats and the number of resolved issues.
Wait for Endpoint Security for Mac to finish scanning.
Note
The scanning process may take a while, depending on the complexity of the scan.
Some issues may require your network administrator to solve them from the
management console, such as:
● Enabling the On-Access module via security policy.
● Renewing the expired license.
2.5. Quarantine
Endpoint Security for Mac allows isolating the infected or suspicious files in a
secure area, named quarantine. When a malicious app is in quarantine it cannot
do any harm because it cannot be executed or read.
To view and manage the quarantined files, open the Quarantine window:
1. Right-click the Bitdefender icon in the menu bar.
2. Choose Preferences from the options list. A window will be displayed.
3. Choose the View Quarantine tab.
The Quarantine section displays all the files currently isolated in the Quarantine
folder.
To delete a file from quarantine, select it and click Delete. If you want to restore a
quarantined file to its original location, select it and click Restore.
Note
Content Control is available starting with OS X El Capitan (10.11). This functionality
relies on a macOS kernel extension. The installation of kernel extensions requires
your approval on macOS High Sierra (10.13.x). The system notifies you that a system
extension from Bitdefender was blocked and to allow it from Security & Privacy
preferences. Until you approve the Bitdefender system extension, this module will
not work and the Endpoint Security for Mac user interface will show a critical issue
prompting you for approval.
Note
Device Control is available starting with OS X El Capitan (10.11). This functionality
relies on a macOS kernel extension. The installation of kernel extensions requires
your approval on macOS High Sierra (10.13.x). The system notifies you that a system
extension from Bitdefender was blocked and to allow it from Security & Privacy
preferences. Until you approve the Bitdefender system extension, this module will
not work and the Endpoint Security for Mac user interface will show a critical issue
prompting you for approval.
Note
This feature is available on OS X Mavericks (10.9) and OS X Yosemite (10.10). Starting
with OS X El Capitan (10.11), Web protection is replaced with Content Control.
A series of features is available to protect you from all kinds of threats you may
encounter while web browsing:
● Advanced Phishing Filter - prevents you from accessing websites used for
phishing attacks.
● Malware Filter - blocks any malware you come in contact with while browsing
the Internet.
● Search Results Analyzer - provides advance warning of risky websites within
your search results.
● Antifraud Filter - provides protection against fraudulent websites while browsing
the Internet.
● Tracker Notification - detects trackers on the visited web pages protecting your
online privacy.
2.9. Updates
New malware is found and identified every day. This is why it is very important to
keep Endpoint Security for Mac up to date with the latest malware signatures.
While the On-Access Scanning is enabled, the malware signatures and product
updates are automatically downloaded on your system. If your network
administrator disables the On-Access module via policy, you will have to manually
request an update for your Endpoint Security for Mac app.
The malware signatures update is performed on the fly, meaning that the files to
be updated are replaced progressively. This way, the update will not affect the
product operation and, at the same time, any vulnerability will be excluded.
Using Encryption 15
– If you have a Mac running an operating system version older than macOS
Catalina (10.15), the encryption process starts immediately.
– If you have a Mac running macOS Catalina (10.15), Endpoint Security for
Mac ("fdesetup") will require, in an additional window, your approval for
enabling FileVault. Click the OK button to start encryption. If clicking
Don't Allow, Endpoint Security for Mac will not start encryption and it will
ask you for approval every couple of minutes.
Note
In case of dual-boot systems, the other boot volume will not be encrypted.
Using Encryption 16
If the Mac has more than one drive, the dialog windows for encryption for all drives
will appear at the same time.
Using Encryption 17
The option to change the recovery key is only available if an encryption policy is
applied to your Mac.
In case you change the system password, the encrypted boot drive remains as it
is, with no action from you required.
Using Encryption 18
The option to change the encryption password is only available if an encryption
policy is applied to your Mac.
Using Encryption 19
4. CONFIGURING PREFERENCES
The Endpoint Security for Mac offers a minimum set of options for the user to
configure, as it is managed by the network administrator through the assigned
policy.
This chapter includes the following topics:
● Accessing Preferences
● Quarantine
● History
● Scanner Preferences
4.2. Quarantine
The Quarantine section displays all the files currently isolated in the Quarantine
folder on your local computer.
To delete a file from quarantine, select it and click Delete. If you want to restore a
quarantined file to its original location, select it and click Restore.
4.3. History
Endpoint Security for Mac keeps a detailed log of events concerning its activity on
your computer. Whenever something relevant to the security of your system or
data happens, a new message is added to the Endpoint Security for Mac History.
Events are a very important tool in monitoring and managing your computer
Configuring Preferences 20
protection. For instance, you can easily check if the update was successfully
performed, if malware was found on your computer, etc.
Whenever you want to delete the history log, click the Clear History button. The
Copy button gives you the possibility to copy this information on clipboard.
Configuring Preferences 21
5. USING THE COMMAND LINE TOOL
Endpoint Security for Mac allows you to perform certain tasks by using a command
line tool named productConfigurationTool. Specifically, you can retrieve information
about the product status and run quick and full system scans.
To use productConfigurationTool:
1. Open Terminal on your computer.
2. Change the working directory by using the following command:
cd /Library/Bitdefender/AVP/enterprise.bundle/
{
"error" : 0,
"stdout" : {
"avEnabled" : "YES",
"avSignaturesVersion" : "69440",
"productVersion" : "4.0.0.175873",
"lastUpdateTime" : 1507185205
}
}
"error" : 100
asksForAScanToRun
Starts a scanning task, providing after completion details about the process:
total scanned items, scan duration, log path and whether infections occurred
or not.
This command is followed by an identifier predefined for each scanning task
type:
● Quick Scan (ID: da29f7c8-23b1-4974-8d11-209959ac694b) – this
task is configured for basic security and low usage of the resources. The
main scanning targets are running processes and some vulnerable locations.
Only one instance of this task can be running at a specific time.
How to perform a quick scan:
{
"error" : 0,
"stdout" : {
"scanDuration" : 13,
"logfilepath" : "\/Library\/Application Support\
/Antivirus for Mac\/Logs\
/da29f7c8-23b1-4974-8d11-209959ac694b.xml",
"totalScanned" : 6158,
"infection" : "NO"
}
}
"error" : 95
Note
● You cannot run a custom scan by using productConfigurationTool.
● Some scanning tasks may take a long time to finish. For example, a full scan
may run for more than 20 minutes.
Note
As a temporary measure, the authToken parameter requires a password that you
can obtain by contacting Bitdefender Business Support.
Error Description
100 The productConfigurationTool parameters are not correct.
99 The tool is not running with administrator privileges.
98 "/Library/Bitdefender/AVP/enterprise.bundle/epsdk.dylib"
was not found. Update the product.
97 Failed to load f_EPSDK_GetInstance and f_EPSDK_ReleaseInstance
type functions from the library. Update the product.
96 The .json response lacks some expected fields or it has a different format
than expected. Update the product.
95 A certain query requires events to get all relevant data, but not all events are
caught. Update the product. If this error persists, contact Bitdefender
Business Support.
94 "/Library/Bitdefender/AVP/EndpointSecurityforMac.app
/Contents/Info.plist" was not found or "CFBundleVersion" was
not found in the .plist file. Update the product.
93 productConfigurationTool is not supported on this version of Endpoint
Security for Mac. Update the product.
92 The supplied authToken password does not match the expected value.
0 The command has been executed successfully.
Note
Restricted access files means files Endpoint Security for Mac can only open,
but it cannot modify them.
Getting Help 28
Types of Malicious Software
Adware
Adware is often combined with a host application that is provided at no charge
as long as the user agrees to accept the adware. Because adware applications
are usually installed after the user has agreed to a licensing agreement that
states the purpose of the application, no offense is committed.
However, pop-up advertisements can become an annoyance, and in some
cases degrade system performance. Also, the information that some of these
applications collect may cause privacy concerns for users who were not fully
aware of the terms in the license agreement.
Keylogger
A keylogger is an application that logs anything you type.
Keyloggers are not malicious in nature. They can be used for legitimate
purposes, such as monitoring employees or children activity. However, they
are increasingly being used by cyber-criminals for malicious purposes (for
example, to collect private data, such as login credentials and social security
numbers).
Polymorphic virus
A virus that changes its form with each file it infects. Since they have no
consistent binary pattern, such viruses are hard to identify.
Rootkit
A rootkit is a set of software tools which offer administrator-level access to a
system. The term was first used for the UNIX operating systems and it referred
to recompiled tools which provided intruders administrative rights, allowing
them to conceal their presence so as not to be seen by the system
administrators.
The main role of rootkits is to hide processes, files, logins and logs. They may
also intercept data from terminals, network connections or peripherals, if they
incorporate the appropriate software.
Rootkits are not malicious in nature. For example, systems and even some
applications hide critical files using rootkits. However, they are mostly used
to hide malware or to conceal the presence of an intruder into the system.
When combined with malware, rootkits pose a great threat to the integrity and
Spyware
Any software that covertly gathers user information through the user's Internet
connection without his or her knowledge, usually for advertising purposes.
Spyware applications are typically bundled as a hidden component of freeware
or shareware programs that can be downloaded from the Internet; however, it
should be noted that the majority of shareware and freeware applications do
not come with spyware. Once installed, the spyware monitors user activity on
the Internet and transmits that information in the background to someone else.
Spyware can also gather information about e-mail addresses and even
passwords and credit card numbers.
Spyware's similarity to a Trojan horse is the fact that users unwittingly install
the product when they install something else. A common way to become a
victim of spyware is to download certain peer-to-peer file swapping products
that are available today.
Aside from the questions of ethics and privacy, spyware steals from the user
by using the computer's memory resources and also by eating bandwidth as
it sends information back to the spyware's home base via the user's Internet
connection. Because spyware is using memory and system resources, the
applications running in the background can lead to system crashes or general
system instability.
Trojan
A destructive program that masquerades as a benign application. Unlike viruses,
Trojan horses do not replicate themselves but they can be just as destructive.
One of the most insidious types of Trojan horse is a program that claims to rid
your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant
wooden horse to their foes, the Trojans, ostensibly as a peace offering. But
after the Trojans drag the horse inside their city walls, Greek soldiers sneak
out of the horse's hollow belly and open the city gates, allowing their
compatriots to pour in and capture Troy.
Virus
A program or piece of code that is loaded onto your computer without your
knowledge and runs against your will. Most viruses can also replicate
Worm
A program that propagates itself over a network, reproducing itself as it goes.
It cannot attach itself to other programs.