From 861893dc33872d2469a41024f3b2cac019b4b3e1 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Sun, 21 Jun 2026 12:59:30 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-21 12:58:42 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-21 12:58:42 --- ...feedback_bitdefender_unattended_install.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .claude/memory/feedback_bitdefender_unattended_install.md diff --git a/.claude/memory/feedback_bitdefender_unattended_install.md b/.claude/memory/feedback_bitdefender_unattended_install.md new file mode 100644 index 00000000..535c24d1 --- /dev/null +++ b/.claude/memory/feedback_bitdefender_unattended_install.md @@ -0,0 +1,25 @@ +--- +name: feedback_bitdefender_unattended_install +description: Bitdefender unattended RMM install must use the FULL KIT as SYSTEM (silent, no UAC) — the downloader stub fails headless and triggers UAC +metadata: + type: feedback +--- + +Deploying Bitdefender (GravityZone) via an RMM/automation MUST be fully silent +with NO UAC prompt and NO end-user interaction. Howard hard-stopped a deploy +when a UAC prompt appeared on the user's screen (2026-06-21). + +**Why:** the lightweight **setupdownloader stub** (`setupdownloader_[hash].exe`, +the `installLinkWindows` URL) is the WRONG tool for unattended deploy: +- Run as SYSTEM (no UAC) it exits **3** and never installs (0-byte installer.xml; + needs an interactive/elevated session). +- Run in `context: user_session` it triggers a **UAC prompt** (WTS-impersonated + admin token isn't auto-elevated) — unacceptable for end users. + +**How to apply:** use the **FULL KIT** (`fullKitWindowsX64`, ~696MB +`epskit_x64_*.zip`; downloads with the GZ API key as HTTP Basic auth) and run its +installer as SYSTEM with `/bdparams /silent`. SYSTEM is already elevated (no UAC) +and the kit is self-contained (no CDN fetch → no exit 3). This is how Syncro / +proper RMM BD deployments work. To avoid the API key on the endpoint, stage the +kit on an internal HTTP host (e.g. GuruRMM downloads server) for anonymous pull. +See [[reference_gravityzone_support]] and the `bitdefender` skill.