Bitdefender vs Emsisoft any good choices out there?

I started using Bitdefender this year 2022. I signed up through Syncro hoping the integration piece would be strong. What I have run into is the integration between Bitdefender and Syncro is weak. Syncro support is trying to come up to speed on Bitdefender but the answers seem to come very slowly and have yet to solve some of the most vexing problems. I had to have Syncro set up a meeting with Bitdefender support as they would not do a zoom meeting and help me without Syncro setting it up as Syncro is the reseller.

I am a single person company with nearly 400 computers I manage. I rolled Bitdefender out to all of them and to this day still don’t have it on all of them. And am still waiting on support to solve the problem for me. I have done everything they have requested and still not done. I had Bitdefender support help me set up my policy and to make sure I was just using the basic $1/month license. I am still being charged additional licenses for 38 computers. Took a while and multiple tries in gravity zone but I got a report this morning of which computers. I have no idea how to remove this as they are set up exactly like other computers and companies. I have reached out to both supports today. I am at the point where I am not sure Bitdefender is the right “solution” for me as it has increased my workload considerably for things I shouldn’t be dealing with. Even when it does its job and says it found malware it’s nearly impossible to get any details. The little report in Syncro and occasionally something in gravity zone don’t shed much light on what’s happening. I implemented this so I could help keep my customers from having to deal with local AV but I get so little from Bitdefender I feel blind.

I am wondering if others have had a similar experience and what you did to resolve it or what you moved on to. Emsisoft seems like the other decent choice within Syncro but I don’t want to jump to something that is just as bad or worse. I would like to hear from others in the community what your results have been and how you are coping with issues.

The integration is not great and they don’t seem to have any interest in improving it. I’ve learned that most integration in general are mediocre and often not worth the effort. If I was starting over I probably wouldn’t even bother with the BD integration as it’s caused as many headaches as time it’s saved. It sounds like you will need to go through the endpoint Reconfigure option to remove the features that have been added which have extra charges. As it sounds like you’ve found there is a module report that will let you find the list of these devices. Keep in mind that when you issue the reconfigure command the machine needs to be online in the next 48 hours or it will fail, a stupid limitation of the platform. As you mention it’s also more annoying that it should be to get infection details, so at least syncro is helpful there. If you want full details on how the infection came in and what all it did, etc you’d need to subscribe to the EDR feature I think. If you have more specific questions I’ll try to answer. I don’t have experience with Emsi to know if it’s better, but I see pretty regular complaints of it popping up licensing errors on customers computers which I have never had with BD and in general I’m happy with it.

Here’s my gathered tips over the years:
-For monitoring I use Monitor - Bitdefender - Pastebin.com Syncro’s BD status usually works fine but it can take hours to figure itself out, so go by GZ or checking the endpoint itself before you assume there’s a problem.
-Make sure you remove any security software, even stuff like Malwarebytes/SuperAntispyware and Trusteer will prevent install. It is supposed to automatically remove some products, but of course that’s not 100% reliable as we all know products don’t always uninstall properly. I’ve got a cleanup script I can pass along. Also ScriptsAndAutomationPolicies/Remove AV Entries in WMI.vbs at master · N-able/ScriptsAndAutomationPolicies · GitHub may help.
-Setting inheritance is either on or off for a policy, there’s no GPO style multilayering going on. So if you want global exclusions you either inherit them and put them all in the main policy or you duplicate them and have to maintain in each policy. What we settled on was most exclusions go in main policy, problematic specific exclusions like network drive letters get their own policy with a copy of the base exclusions (they can be exported/imported or the whole policy cloned). You assign a policy by right-clicking the company or for root, your company. You can apply to only that level, have it inherit from above, or force inheritance to all the children.
-If you choose to install but not enable firewall you’ll get a red x icon, so don’t install modules you aren’t using. You can reconfigure clients later individually or at any level of the Network tree.
-The firewall blocks network printing by default
-Reconfiguring endpoints, moving between companies, etc. create a task in GZ which gives up after 48 hours, so if the machine is off during that you’ll have to go run it again.
-Click your name and My Account to find settings to change timeout, etc.
-Click Configuration on the bottom left (may have to zoom out/scroll the nav) to find the ‘Remember last browsed location in Network Inventory until I log out’ option among others. You can also just open multiple windows so you don’t have to switch back and forth between parts of the UI.
-Under Network if you want to view all the computers at once for selecting/applying, click Filters at the top of the page > Depth > All items recursively
-To get alerts on infections click on bell icon in upper right, then settings gear icon, Malware Outbreak, send per email and set custom threshold to 1%
-There are extra features in GZ that Syncro doesn’t have in its policy. To enable them you’ll have to reconfigure the endpoints.
-For a while Syncro was turning relay on for every endpoint, I think that may be fixed now, but if you run into that, turn off the relay (reconfigure) for all but one machine (a server typically) as it eats like 8GB of storage on the machine. You can control which devices get relay on install using the package settings.
-If a machine doesn’t show as having synced/installed properly from Syncro’s side, check your Network folder, the machines may be there instead of the proper company. You can either move them or uninstall and let Syncro try again. Move requires a reconfigure and caveat above so may be easier to just delete and let it reinstall.
-Another common install problem can be resolved by deleting the installer in C:\ProgramData\Syncro\bin\ and letting it retry (Syncro will do so every 2 hours at least, or you can change the policy back and forth or resave to force a sync)
-If you need to make GravityZone ignore existing/remnants of previous security products:
• Access GravityZone and navigate to Packages. Select the appropriate install package.
• Click on Download and select the Windows Kit (32/64bit)
• Extract the files of the epskit_x64.zip file (or epskit_x32.zip)
• Using 7Zip or a similar utility extract the epskit_x64.exe (or epskit_x32.exe) file
• Navigate to the KitFiles folder and open it
• Delete the file called detection.xml
• Close the utility and exit the editing of the kit
• Run the epskit_x64.exe (or epskit_x32.exe) to initialize the installation

3 Likes

Wow, thanks for the detailed feedback. I’ll go through your tips closely when I get a chance.

Kent

BitDefender regularly ranks as one of the top AV engines in AV tests, but the GZ portal is bad, and Syncro’s integration does nothing for it. I have a few bigger fish to fry this winter/spring but I’m hoping to trial some other options this year as we have a few clients that require EDR and BD EDR is pretty expensive relative to other options out there. Top on my list are SentinelOne, and Microsoft Defender for Business (as many of our clients have M365 Business Premium licensing).

I have no Emsi experience, it’s built off the BD engine with a little Emsi magic ontop, so you know that is solid. The BD portal is so bad I find it hard to believe the Emsi portal would be worse. But like Isaac said, there does seem to be a steady stream of complaints about Emsi licensing breaking. I don’t know if this is a Emsi problem or a problem with Syncro’s integration but either way the reports are that customers are calling up because they are getting popups about AV being disabled/unlicensed so not a good look.

Not much to add to the Bitdefender discussion.

I use Emsisoft for residentials and SOHO businesses. I have an MSP account with them. Their portal UI is very good. Their detection is good. Their support is good and almost always immediate.
The issue you’ve seen on Syncro lists has to do with licensing integration between SyncroMSP and Emsisoft if you use Syncro for the licensing. That’s really the only issue I’ve had. Davlat Aminov is on the Facebook group and has been very helpful along with Doug (SyncroMSP Support Agent). But yea, it can be a PITA,
Suggestions to make it less painful.
Make the installation token as shown in this pic:
Emsi1
Create a customer custom field to hold the Token and customize the script from the Syncro docs (as shown in pic). Then use the script to apply it to all endpoints at once. You can include this script as part of your MAV - EAM Policy with the script running about an hour or so after you apply the policy (so you have time to do everything). Once the script runs all endpoints will show as (protected) in the EAM Portal for the Customer.

Yea, this could be made easier and Davlot says they’re trying to make it so.

  1. Create the customer workspace in EAM Portal automatically based on Syncro Customer name
  2. Get the licensing process cleaner.
  3. If a customer isn’t assigned EAM for a month the license expires. If you add them back into an EAM Policy the same license is listed and we have to ask support to assign a new license for us. Then Emsi support has to clear the old license for us. So, don’t do a lot of switching until this is fixed.
    All in all minor if you just leave it alone.
1 Like

I use BitDefender GravityZone without integration.

Recommend looking at the Elite version of GravityZone

Elite is a version for SMBs, you want GravityZone for MSPs, then addon the features you desire.

Cannot stand BitDefender and its integration is beyond horrible. I tried it out and did not make it past two weeks before I dropped it.

Using Emsisoft with Syncro as my base AV for run of the mill devices that just need AV and other than Syncro not having the ability to control settings like whitelist/exclusions with a profile its been good.
If you have old servers or computers like Windows 2008 r2 still in use with any clients you need to manually install the legacyAV installer as Syncro won’t install it but it will auto license it after a couple hours.

The only thing I wish Emsisoft would have is an uninstall password that you could set as a little extra security so that power users or threat actors can not just have it uninstall using windows uninstaller.

I am now rolling out SentinalOne as my primary endpoint security as its a much better product than both and with ransomware being such a big issue now and impersonation email attacks it has much defense.

Throwing my voice in voting for better bitdefender integration. I used Bitdefender Gravityzone
for years before going with syncro - one reason I went with Syncro was I could get it cheaper than I was at the time. Bitdefender is a good product, but it is cumbersome to use and administer with the gravityzone site.

Emsisoft has an uninstall password configuration but is only limited to Administrators. That is why we do not allow any users to be administrator via the permission policies. It would be nicer if it were separate like BD does, though.