Avoid Bitdefender Email Security Like The Plague

Just wanted to give a quick PSA to everyone to avoid using Bitdefender Email Security. We use them for our Endpoint Protection and with our old email security being decommissioned, figured we would give them a try. The entire process has been horrible. Random settings enabling themselves for certain clients. Spam getting through and non-spam being caught in the quarantine. Two weeks ago we had no access to the Quarantine Portal where you can preview the caught emails and release multiple at once. Never got any response from them on this, but eventually it started working again. Then last week the users were no longer able to release spam from their quarantine emails or the quarantine portal and it had to be done from the admin level, also they completely removed the Portal Login option from the quarantine emails. It took them 3 days to finally fix it to allow users to release spam email again, and we got almost no communication through the entire thing. We sent multiple follow up emails and phone calls, and would just get an email once every morning saying, our engineers are looking at it. Once it finally started working, the portal login was still missing, and they said they removed it to harden their portal. I’ve sent 3 emails asking for a reason and all they said was users can release emails from the quarantine report. Only in the portal can they preview it and release multiple so this is unacceptable.

TLDR: Problem after problem during and after implementation with Bitdefender Email Security. Their tech support and customer service is by far the worst I’ve ever worked with by any vendor by miles.

Are you direct though Bitdefender or working through a reseller like Pax8?

​

We don’t use the email security, but sounds like it is a hot mess.

I want to suggest looking at policy inheritance for possible causes of users losing access to portals/features, but your issues sound like chaotic back end troubles.

Guessing most new systems will take a bit to train on spam for users, but sounds like yours might be above and beyond.

Wish I could be of more help.

10000% agree - Implemented Bitdefender’s Gravity zone EMS in February of this year and has been an absolute disaster since. The support we received is without a doubt the worst I have seen in my 15 years in the industry. And the product is unstable and very unreliable.

Yes sir. The XDR/EDR is fantastic, but the email security platform is rough. We were originally told the email security platform integrates into the XDR platform, but it does not. The email platform is actually NOT a Bitdefender product, but a third-party SEG from somewhere in Europe (Ireland, Scottland). Bitdefender support only does BASIC work on the email security platform. All other inquiries go to this third party, hence, a 24 hour delay for response. We experienced the Spam Digest not working one day, then working again, then not work, then off. It took a week to get them to turn it back for our company which is a “custom” request. Since then it has worked. This third party would make changes to the platform and not inform anyone. One day mail flows, the next, it doesn’t. Once they re-wrote how the rules were interpreted which invalidated some 10k entries we have. Talk about a bad day re-writting all rules!

We still have the email security in place but are now only using it for the 1st line of defense, country control, virus scanning, etc. We have Abnormal and what a breath of fresh air. Using both of these products, Bitdefender email security as the SEG and Abnormal for API then Microsoft, we have finally got everything under control. Unfortunately we are in contract on the email security platform, but when that comes up, we will be switching SEG’s. Here are some tidbits on Bitdefender Email Security:

• The product is a SEG and Rule based. No advanced AI, etc. All manual rules…

• All rules are written in RegEx. Seriously…

• The rules are broken into two choices, RuleData or RegEx. Both are still written in RegEx, but RuleData is like a hybrid format.

• We use RuleData for all entries to make it readable. No need to have delimiters for new lines, or multiple entries using a pipe | etc.

• Enter all emails in parentheses. Example: (testemail@example\.com)

• Make sure no entry has a space at the end or else the rule is skipped. There is no validation or checking through their portal. Copy all entries, throw in Excel and TRIM, then re-paste.

• Using RegEx, the backslash character (\) means the next character is literal. In traditional RegEx, you need to make special characts literal (_ or = or ^ etc). Using Rule Data, only use \ on +'s or .'s (plus or period).

• You can wildcard but be careful. Always put your wildcard in parantheses. Example email received: [email protected] This translates to (Toms_email\+subdomain\.com=example\.com)

• A wildcard of that entry for any subdomain is (Toms_email\+(.*)\.com=example\.com)

• To match a subject line verbatum, use the following: (?:Your invoice is due) This matches the phrase: Your Invoice is due. It does not match: your Invoice is Due. To match that, use the following: (?:[yY]our [iI]nvoice is [dD]ue)

• The Rule Data tables only allow 10,000 characters. Learned this the hard way. Break up your allowed email lists or blocked email lists in seperate lists. Blocked_Emails_A-K and Blocked_Emails_L-Z

• Always test the entry before putting it in a list. Use https://regex101.com/ to test.

Good Luck!

Time to look at Securence from US Internet. Flexible billing options and unbeatable prices.

Agree 100% that why we moved all our clients last year to Perception Point highly recommended

Proofpoint is amazing, etp from trellix will work too

Tryout MESH. Its a smaller company but weve been unbelievably happy with them. Best email security ive worked with and amazing for msps

Avoid proofpoint like the plague. Outdated product. The new contenders on the block Sublime and Abnormal, that’s where you want to be at.

Do you have a link for the company you are referencing? I see a few companies named MESH and offering email security platforms.

Thank you