--- name: feedback_bitdefender_unattended_install description: Bitdefender unattended RMM install must use the FULL KIT as SYSTEM (silent, no UAC) — the downloader stub fails headless and triggers UAC metadata: type: feedback --- Deploying Bitdefender (GravityZone) via an RMM/automation MUST be fully silent with NO UAC prompt and NO end-user interaction. Howard hard-stopped a deploy when a UAC prompt appeared on the user's screen (2026-06-21). **Why:** the lightweight **setupdownloader stub** (`setupdownloader_[hash].exe`, the `installLinkWindows` URL) is the WRONG tool for unattended deploy: - Run as SYSTEM (no UAC) it exits **3** and never installs (0-byte installer.xml; needs an interactive/elevated session). - Run in `context: user_session` it triggers a **UAC prompt** (WTS-impersonated admin token isn't auto-elevated) — unacceptable for end users. **How to apply:** use the **FULL KIT** (`fullKitWindowsX64`, ~696MB `epskit_x64_*.zip`; downloads with the GZ API key as HTTP Basic auth) and run its installer as SYSTEM with `/bdparams /silent`. SYSTEM is already elevated (no UAC) and the kit is self-contained (no CDN fetch → no exit 3). This is how Syncro / proper RMM BD deployments work. To avoid the API key on the endpoint, stage the kit on an internal HTTP host (e.g. GuruRMM downloads server) for anonymous pull. See [[reference_gravityzone_support]] and the `bitdefender` skill.