Bitdefender Endpoint Security Tools for VMware Tanzu (Beta)

WARNING! The Bitdefender Endpoint Security Tools for VMware Tanzu tile is currently in beta and is intended for evaluation and test purposes only. Do not use this product in a VMware Tanzu production environment.

This topic describes the Bitdefender® Endpoint Security Tools (BEST) for VMware Tanzu tile.


Bitdefender Endpoint Security Tools for VMware Tanzu allows you to easily deploy Bitdefender GravityZone security agents to the VMs managed by your VMware Tanzu deployment.

Bitdefender Endpoint Security Tools for VMware Tanzu provides an automated way to incorporate award-winning endpoint security into BOSH-built VM instances upon their creation. With secured VMs, customers can achieve the following:

  • Protect datacenter and cloud VMs from advanced cyberattacks with layered next-generation security from Bitdefender, a Forrester® Wave Leader in Endpoint Security Suites and the AV Comparatives® Outstanding Security Product Award winner.

  • Streamline compliance with PCI DSS, HIPAA, Gramm-Leach-Bliley Act (GLBA), GDPR, and other regulatory standards calling for an anti-malware solution.

  • Eliminate the time and effort required to manually deploy the agent and apply security policies after the fact.

Key Features


  • Automatic deployment of Bitdefender Endpoint Security Tools by BOSH at the time of VM instantiation.

  • Single-console, single-pane-of-glass security management, and consistent policy enforcement across heterogeneous datacenter and cloud infrastructure.

  • Automatic application of security policies at scale and security-license recovery from decommissioned VMs in VMware® vSphere, AWS EC2, and Microsoft Azure environments.

  • Compatibility with Splunk and other SIEM platforms (via Syslog) for security-event analysis.


Layered next-generation endpoint security delivering, among others, the following advanced capabilities:

  • Dynamic Machine Learning (Local and Cloud-Based)

Leverages proprietary models trained in URL filtering and file analysis on 500M endpoint-sensors and trillions of samples to maximize efficacy and minimize false positives.

  • HyperDetect Tunable Machine Learning

Allows administrators to adjust threat-detection aggressiveness levels to suit the context and risk profile of their organization to detect high-probability, high-impact attacks while minimizing false positives on lower-risk threats.

  • Process Inspector

Continuously monitors and scores running processes and system events and tags suspicious activities to provide proactive, dynamic detection, and remediation of unknown threats.

  • Anti-Exploit

Detects exploitation methods and protects the memory space of browsers, document viewers, media players, and office applications.

  • Sandbox Analyzer

Automatically submits suspicious files from VMs to a cloud or on-premises-based network sandbox for detonation and behavioral analysis.

  • Application Control

Provides both Allowlisting (“default deny”) and Denylisting capabilities to restrict the range of applications allowed to run in a VM.

  • Integrated Patch Management Add-On

Provides automatic discovery and characterization of vulnerabilities and the widest range of patches for OSs, applications, and golden images.

Product Snapshot

The following table provides version and version-support information about Bitdefender Endpoint Security Tools for VMware Tanzu.

Element Details
Tile version v1.0.38
Release date July 10, 2019
Bitdefender agent version Latest version available in the GravityZone console
Compatible Ops Manager version(s) v2.3.x, v2.4.x, v2.5.x, v2.6.x, v2.7.x, v2.8.x, and v2.9.x
Compatible Tanzu Application Service version(s) v2.3.x, v2.4.x, v2.5.x, v2.6.x, v2.7.x, v2.8.x, and v2.9.x
BOSH stemcell version Ubuntu Xenial, CentOS 7, Windows Server 2012 R2, Windows Server 2016
IaaS support All IaaS
IPsec support Yes


Bitdefender Endpoint Security Tools for VMware Tanzu requires your usage of a Bitdefender GravityZone product.

By downloading the Bitdefender Endpoint Security Tools for VMware Tanzu you acknowledge and agree that the sole purpose of this product is to protect VMware Tanzu deployments, which further implies you acquiring a Bitdefender GravityZone product. It is available as a 30 days free trial. After trial period expires you are subjected to licensing terms and conditions.

You can request a trial license here or by emailing Bitdefender Enterprise Sales.


Bitdefender Endpoint Security Tools for VMware Tanzu has the following requirements and prerequisites:

  • A VMware Tanzu operator with administrative rights.

  • A Bitdefender Endpoint Security Tools installation package configured in the GravityZone console for deployment in the VMware Tanzu environment.

  • To optimize network traffic, install Bitdefender Endpoint Security Tools with the Relay role in your IaaS to have a local distribution mirror for installation files and updates. For more information, see your GravityZone Administrator’s Guide.

  • To use Central Scan, you first must deploy a Security Server in your IaaS. Bitdefender Central Scan engine offloads scanning to a Security Server, a dedicated VM that deduplicates and centralizes most of the anti-malware functionality of anti-malware agents, acting as a scan server. For more information, see your GravityZone Administrator’s Guide.

  • To use on-access scanning on Linux, Fanotify kernel option must be enabled. For more information, see Fanotify man pages.

  • Make sure the protected VMs have connectivity to your GravityZone environment and Bitdefender Cloud services. To ensure Internet connectivity on protected VMs, you can use the public_ip VM extension. For details, see these knownledge base articles:

  • Make sure the protected VMs meet the Bitdefender Endpoint Security Tools system requirements:

    • CPU:

      • Minimum: Intel® Pentium compatible processors, 2.4 GHz.
      • Recommended: Intel® Xeon multi-core CPU, 1.86 GHz or faster.
    • Free RAM Memory at installation: 1024 MB

    • Free disk space required at installation (Antimalware only):

      OS Platform Central Scan Hybrid Scan Local Scan
      Linux 600 MB 1100 MB 1600 MB
      Windows 350 MB 500 MB 1024 MB

      Note: The Linux agent currently installs on the system partition. It is recommended to install Bitdefender Endpoint Security Tools for VMware Tanzu with Central Scan or Hybrid Scan.

      Note: Using fallback engines (such as Central Scan + Local Scan or Central Scan + Hybrid Scan) or installing additional features requires more resources. For detailed information on system requirements, check your GravityZone Installation Guide.

      Note: Actual RAM and disk usage after installation is lower.


      If you have a feature request, questions, or information about a bug, contact Bitdefender Business Support.