Serving clients across all sorts of industries, we’re exposed to a wide range of products and services. It’s extremely rare that we run into a product that consistently wins our recommendation when we’re evaluating options to meet a particular client’s needs. Bitdefender’s lineup of cloud-based and on-premise security products, and flexible licensing models, ensure there’s always a good fit for all kinds of clients of all sizes. Between the aggressive pricing and top-tier protection features, Bitdefender has become our go-to for practically all antivirus and security needs.

Gravityzone Console

Whether you choose to use cloud management or an on-premise deployment, the Gravityzone console provides a single pane of glass to monitor, analyze, and configure security for your entire environment. With a simple layout and consistent design language, the console is intuitive to navigate but still allows for detailed investigation of incidents.

Since the introduction of A-la-carte, all GravityZone bundles allow use of either the cloud-based or on-premise consoles under the same license. While the decision of which console to use is dependent on many factors and unique to every customer, all licenses include both consoles and allow switching between them at will.

Bitdefender GravityZone console


Bitdefender offers substantial discounts on already low pricing for multi-year licenses when paid up-front. Licenses are sold with 1, 2, or 3-year durations, with longer terms delivering even better value. The original license purchase date determines your expiration/renewal date; if you need to add additional endpoints or features during the license term, this date won’t change. Changes during the license term are prorated monthly with the same expiration date, allowing for a single streamlined renewal. A word to the wise: adding licenses isn’t instant, so we recommend keeping a few extras on hand if you’re expecting to grow.

For clients with server infrastructure of their own, it’s worth pointing out the server limitations in the product bundles: with Business Security, up to 30% of your licensed endpoints can be servers; with any other bundle, that increases to 35%. When servers make up a high percentage of the expected endpoint count–or even the entirety of it–we typically recommend A-la-carte licensing, where we can assemble custom licenses tailored to each environment. A-la-carte licenses are per virtual server, physical server, virtual workstation, physical workstation, mobile device, or hypervisor CPU, and these can be mixed and matched in practically any combination.

GravityZone features comparison – click here for additional details

Managed Detection and Response (MDR)

Most businesses don’t have dedicated security staff–or the budget to hire them. But that doesn’t mean they don’t have compliance requirements or genuine security concerns. Bitdefender’s MDR services offer a solution to that problem: the GravityZone Enterprise bundle, managed by Bitdefender’s own Security Operations Center (SOC). The SOC is staffed by certified security professionals and operates 24x7x365, keeping multiple watchful eyes on your entire digital footprint, and actively hunting for threats both on your network and elsewhere on the Internet. Click here to read more about the MDR offering, or get in touch for a demo or quote.


When you purchase Bitdefender licenses through Dreadnought, not only are you getting aggressive pricing; we’re also your first point of contact for support throughout your entire license term. If you have a support request, fill out the form below and we’ll get back to you shortly. If you’re in a rush, we’ve included answers to some of the most common questions below, and we do our best to keep this section up to date as the products and security landscape evolve.

FAQs / Common Troubleshooting

Which tier / licensing model is right for my company?

This is a complicated question with no universal answer. For clients with compliance obligations like HIPAA or SOC 2, we typically recommend Enterprise plus the Full Disk Encryption and Email Security add-ons. If you want an (X)EDR solution for any other reasons (like getting a discount on a cyber insurance policy), or just want top-tier protection, Enterprise is still the way to go, but the add-ons may or may not be necessary. If the last sentence about top-tier protection sounded great, but you don’t know (or want to learn) what EDR means, or prefer something you can set and forget, Premium is a great option offering most of the same protection layers.

If you have a significant number of servers or are interested in an on-premise solution, A-la-carte is most likely the right approach. This model lets us fine-tune the license to the makeup of your environment.

Still not sure? Let us know what you’re looking to protect in the contact form below, and we’ll be happy to help find the best fit.

Where can I download the software?

The first time you log into the GravityZone console, you’ll be presented with download links for BEST (Bitdefender Endpoint Security Tools). If you’ve checked the “don’t show again” box on that popup and instead see the Executive Summary after logging in, you’ll need to configure and download a Package.

On the left-hand sidebar, click Packages (under the Network header). If you already see a package, great; you can download BEST by clicking the checkbox next to it then clicking Download at the top of the screen. The various “Downloader” options are small files that will automatically download the latest version of BEST appropriate for the platform it’s being installed on. We don’t recommend using the “kit” options unless you have a compelling reason.

If you don’t have a package, creating one is simple. Click Add at the top of the screen, enter a meaningful name, then arrange the sliders for the various Modules as desired. The icons to the right of each module indicate which operating systems support that feature. Don’t worry if a feature isn’t available on some of your endpoints; the BEST installer will automatically skip those. If you don’t know what you need, turning on all the modules, and leaving the roles and remove competitors as they are is usually a safe bet. There’s an option below Settings to set an uninstall password, which we do recommend, but that password should be set in the Policy instead. Click Save then follow the steps above to download the installer using the package you just created.

I don’t understand all these settings. How should I configure my policy?

These are our recommendations based on numerous deployments across a wide array of customer environments. As with any security effort, you should seek professional advice to ensure you’re properly protected.

Starting from the Default Policy, here’s what we suggest changing. Log into the GravityZone console, click Policies on the left, check the box next to Default Policy, then click Clone Policy at the top of the screen. In order to save space and make this section easier to follow, the steps below are only changes from the default settings, not the full policy. If your console is linked to ours (which it will be if we set up your trial), we can also apply our recommended policy for you.

  • General
    • Details
      • Change the name to something short but meaningful. We typically abbreviate the company name and specify which users the policy applies to, or if it’s the global default for that company.
      • Check the Allow other users to change this policy box.
    • Notifications
      • Check the Endpoint Restart Notification box.
    • Settings
      • Choose Set uninstall password and enter a secure password to ensure the software can only be removed by authorized individuals.
      • Check the Power User box and enter a secure password to allow quick and easy access to security settings on individual computers without making changes to the overall policy. Don’t reuse the uninstall password you just set!
      • Check Allow endpoints to send user login data to GravityZone to help keep track of your endpoints in the Network view.
    • Update
      • Check If needed, reboot after installing updates every and choose a time of day that accommodates your business needs.
  • Antimalware
    • On-Access
      • Check the Ransomware Vaccine box.
    • On-Execute
      • Check the Ransomware Mitigation box. We strongly recommend leaving Recover set to On Demand.
    • On-Demand
      • Click Add > Full Scan, enter a name like “Weekly Full Scan”, then check the “Run the task with low priority” box to avoid excessively slowing down computers during scans. Next, configure the Recurrence to match the name, and check the If scheduled run time is missed, run task as soon as possible box. We typically enable Skip if next scheduled scan is due to start in less than with the default 1 day period. This will help prevent alerts on endpoints that a full scan has not been conducted in over a week.
  • Sandbox Analyzer (Premium, Enterprise, and A-la-carte with Sandbox Analyzer add-on licenses only)
    • Check Automatic sample submission from managed endpoints.
  • Firewall
    • General
      • Check Monitor Wi-Fi connections.
    • Rules
      • Change Network Printing to Allow by clicking on the Deny drop-down.
  • Network Protection
    • General
      • Check Intercept Encrypted Traffic and Scan HTTPS, then uncheck Browser Search Advisor (legacy).
  • Device Control
    • Check the Device Control box, then click each of the below Device Classes and change them to Blocked unless your business uses them:
      • Floppy Disk Drive
      • IEEE 1284.4
      • IEEE 1394
      • Modem
      • Tape Drive
      • Windows Portable
      • SCSI RAID
    • Also consider disabling COM/LPT Ports and External Storage unless you know you need them.
  • Risk Management
    • Check the Risk Management box at the top, and check the If scheduled run time is missed box at the bottom. Optionally, you can change the task interval or timing, but this is not necessary.

You’re almost done! Click the blue Save button at the bottom. Check the box next to your newly-created policy then click Set as default at the top of the screen. Leave Keep the current policy assignment unchecked if you’re switching from the original Default Policy, then click OK.

Why can’t I see the logged-in users on any of my protected endpoints?

Collecting logged-in user data is disabled in the Default Policy. If you haven’t already, consider reading and applying our recommended policy settings above.

To enable just this feature, log into the GravityZone console, click Policies on the left, select your policy, then click Settings under the “General” header. At the bottom of the main panel, under the “Options” header, check the Allow endpoints to send user login data to GravityZone box, then click Save at the bottom of the screen.

I turned on encryption in my policy; why are none of my computers encrypted?

This is usually one of two things: the operating system on your endpoints doesn’t natively support encryption (such as Home editions of Windows), or you don’t have the Full Disk Encryption add-on. We’d be happy to help you with either license; contact us here to let us know what you need.

I’m having issues with Google Drive sync after installing Bitdefender; how can I fix it?

First, add the following exclusions as Folders under Policies > (your policy) > Antimalware > Settings > Custom Exclusions:

  • MacOS:
    • /Volumes/GoogleDrive/
    • ~/Library/Application Support/Google/DriveFS/
    • /Applications/Google Drive File Drive File Stream
  • Windows:
    • G:\
    • %LOCALAPPDATA%\Google\DriveFS

For consistency, you may also want to set up forced drive letters on Windows per Google’s documentation.

You might also want to disable Device Scanning (or at least the USB storage devices subtype) under Antimalware > On-Demand. Per Bitdefender, as long as On-Access Scanning is still active this doesn’t really pose a security risk, but it should prevent the entire G:\ drive getting scanned when the drive is “plugged in” (i.e. when the Drive sync app comes online). You could also enable Do not scan devices with stored data more than (MB) and set a threshold below your Google Drive volume size.

Lastly, if you’re using Device Control to block external/portable drives, you would need to set External Storage to Custom and change the Other type at the bottom to Allow.

Additional Help

Bitdefender Getting Started

Bitdefender GravityZone Installation Guide

Bitdefender GravityZone Administrator’s Guide

Deploy and set up GravityZone Virtual Appliance (for on-premise deployments)

GravityZone Virtual Appliance (on-premise) download links

GravityZone API documentation (for nerds)

Still have questions?

    Shopping Cart