Bitdefender Scan Engines

Bitdefender GravityZone is an enterprise security solution that helps organizations to achieve the best protection and performance for their business needs. Control Center, a centralized security management console, allows administrators to remotely install and manage security for any endpoint, in any location and environment. A local application called Bitdefender Endpoint Security Tools is installed on each endpoint to protect your network.

The Scan Engine

One of the main lines of defense used by Bitdefender to counter digital threats is the scan engine. The scan engine features a set of routines designed to scan file segments and processes. To provide a great level of protection and reduce the rate of false positives, our heuristic detections and machine learning algorithms are updated according to the latest emerging threats. Internet access is key for this process, however updates can be distributed via a Local Update Server or through a Relay, for virtualized environments.
An additional security layer, called Hyper Detect blocks advanced attacks at the pre-execution stage.

There are two scan modes to choose from Automatic and Custom.

In the Automatic Mode the scan engines are automatically set during the endpoint package installation. At this stage the endpoint agent detects the machine's configuration, adjusting the scan technology accordingly.

The scan type is determined by a set of rule validations applied on each endpoint.

The four types of validation rules are established dynamically at runtime, based on their order and specific configuration set for the endpoint in question. This allows the security solution to detect if the endpoint is found in a virtual environment, a server operating system, a slow system (specifications lower than 1.5GHz for the CPU and 1GB for the RAM memory) or in an Amazon environment.

If either of the above conditions is met, the processing task ends at the first valid rule, followed by the appropriate scan type. Otherwise, if none of the above conditions are met, locally stored default scanning settings will be used.

As for the Custom Mode, an administrator will manually choose the right scanning approach when a new endpoint package is created.

The following scanning modes are available:

Local Scan• Local Scan, when scanning is performed on the local endpoint. This scanning mode is suited for high-performance computers, having all heuristic based definitions and engines stored locally.


Hybrid Scan• Hybrid Scan, when the scanning is done using in-the-cloud scanning coupled with locally stored heuristic-based definitions. This medium footprint scanning mode brings the benefit of better resource consumption, while involving off-premises scanning.


Central Scan• Central Scan (virtualized environments), when the scanning is performed by the Security Server, a dedicated virtual appliance for several virtualized environments (VMware NSX, Citrix XenServer Microsoft Hyper-V). With a small footprint, this mode will offload the scanning, pattern-matching, removal and other antimalware processes to the Security Server, with some CPU usage.

The Local and Hybrid Scan can be used as fallback in case of a Security Server task failure or a connectivity issue.


Disk and memory usage for Windows

Scan TypeDisk(MB)Memory(MB)
  Usage Required Recommended Usage Required Recommended
Local 410 820 1024 75 512 1024
Hybrid 190 380 500 55 256 512
Central 140 280 350 30 128 25

For virtualized environments, the Central Scan performs this task in an effective manner. Its lite agent and cloud capabilities ensure an efficient resource consumption.

Complementary to its effective scanning engine, Bitdefender increases the detection rate of malware with the Active Threat Control. You can learn more about this protection layer in the Active Threat Control Solution Paper.

Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.