| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:services:it_security:virus_protection:start [2023/08/18 13:32] – [Bitdefender Service of the GWDG] pernst1 | en:services:it_security:virus_protection:start [2023/11/09 12:23] (current) – [Information for IT Managers] pernst1 |
|---|
| The GWDG operates a Gravity Zone Appliance from the manufacturer "Bitdefender" for the Georg-August-Universität Göttingen. As an administrator, you can manage the computers of your institute via a web console and configure the malware protection. | The GWDG operates a Gravity Zone Appliance from the manufacturer "Bitdefender" for the Georg-August-Universität Göttingen. As an administrator, you can manage the computers of your institute via a web console and configure the malware protection. |
| |
| The use of Bitdefender requires a central administration; a local configuration of clients is not possible. For this reason, your institute's IT managers are responsible for installation and administration. For computers that are not managed by your institute, it is possible to perform an installation with our default settings. In this case, however, you will have to do without your own configuration options. | **The use of Bitdefender requires a central administration - a local configuration of clients is not possible.** |
| |
| The software may only be used on service devices of employees of the Georg-August-University. Unfortunately, use by students is not possible. For the protection of private devices, Microsoft Defender, which is integrated in current Windows operating systems, is always available in addition to various purchasable software. | For this reason, the IT managers at your institute are responsible for installation and administration. Installation by IT users on self-administered workstations is generally not advisable, as in this case no adjustments can be made and administrators cannot be notified if malware is found. |
| | |
| | The software may only be installed on computers owned by the Georg-August University; it may not be used on private devices used for work purposes. |
| | |
| | Unfortunately, no successor product to Sophos can be offered to students at this time. For the protection of private devices, however, Microsoft Defender, which is integrated into current Windows operating systems, is always available in addition to various commercial software. |
| |
| **Contact:** You can reach us by email at epp@gwdg or on the Rocketchat channel [[https://chat.gwdg.de/invite/i8htpd| #gwdg-epp]]. | **Contact:** You can reach us by email at epp@gwdg or on the Rocketchat channel [[https://chat.gwdg.de/invite/i8htpd| #gwdg-epp]]. |
| **Info-Pad:** Our [[https://pad.gwdg.de/s/FwPBwkTJA|Info-Pad]] (in German) provides up-to-date information and guides concerning installation, administration and troubleshooting. | **Info-Pad:** Our [[https://pad.gwdg.de/s/FwPBwkTJA|Info-Pad]] (in German) provides up-to-date information and guides concerning installation, administration and troubleshooting. |
| |
| ===== Installation ===== | ===== Information for IT Managers ===== |
| | |
| Prerequisite for using our Bitdefender servers is that clients can reach the network 134.76.203.96/28 via ports 443, 7074, 7081, 7083, 8080, 8443, 8444. | |
| | |
| A group policy (GPO) is available for installing the Bitdefender client ("Bitdefender Endpoint Security Tools", BEST for short) on systems in Active Directory. The data centers or owners of domains that are not managed by the GWDG can independently control the distribution of the software by assigning it to their organizational units in the AD. Please use the GPO "GWD Bitdefender Deploy" from the domain top.gwdg.de or create and use a copy of the GPO in your AD domain. | |
| | |
| ===== Administration ===== | |
| | |
| In order to administer your Endpoint Protection (EPP) clients in the Bitdefender console, you need to send us an email to epp@gwdg.de. This should contain your administrative null account and the names of the AD environments you are responsible for. We have decided not to include the access rights from the Sophos console, as there are too many, out-of-date, access rights entered here. | |
| | |
| Your AD clients are supplied with the GWDG default policy by default. This corresponds to the Bitdefender default settings without the cloud features. If it turns out that individual settings from the policy lead to frequent problems, we reserve the right to adjust them. | |
| | |
| However, you should take the opportunity to create policies for your clients yourself, especially to perform regular on-demand scans. | |
| |
| You can find more information in our Info Pad. | To be able to administer your clients in the Bitdefender console, you must first send us an email to epp@gwdg.de containing your administrative "0 ID". |
| |
| ===== Clients outside Active Directory ===== | If you want to manage Active Directory (AD) clients, please also let us know the domain and the organizational units (OUs) for which you are responsible. |
| |
| To manage non-Active Directory computers in the web console, you will need to create a custom installation package in the web console. Please contact us if needed so we can create a custom group for the non-Active Directory clients at your institution. The process is described in more detail in our Info Pad. | If you want to manage clients that are not in AD, we must first create a Custom Group in the console. Please let us know what name this should be given (e.g. your institute abbreviation). You must then create your own installation package so that your clients are added to the correct group after installation. You can find instructions on how to do this in the Info Pad. |
| |
| If you want to install Bitdefender but do not want to manage the client in the webconsole, you can use the installation packages provided by the GWDG. These can be obtained for current versions of Windows, macOS (from 10.14 Mojave) and Linux here: https://antivir.gwdg.de/bitdefender/. You can log in with your GWDG account. | As soon as we have set up your account, you can access the web console at https://bitdefender.epp.gwdg.de and log in with domain\adminID and password. You can now configure your own policies and assign them to your environment - or use the GWDG's default policy, which is assigned automatically. You also have the option of configuring email notifications for malware incidents in your environment and defining exceptions for scans. Instructions can be found in the Info Pad. |
| |
| Please note that you can only receive malware notifications for clients that you see in the web console. | For the initial installation, your device must be connected to the GÖNET, either via the university network or via VPN. You can then configure your policy so that your client can connect from anywhere via our Internet Relay (already set if you are using the GWDG's standard policy). |
| | ===== Information for IT users ===== |
| |
| | If there is no person responsible for IT in your institute, we can provide packages for installation on self-managed workstations on an individual basis. Please contact us by email at epp@gwdg.de. Please note that in these cases it is not possible to customize scans or configure exceptions for blocked software and files on your computer. |
