1.4 KiB
name, description, metadata
| name | description | metadata | ||
|---|---|---|---|---|
| feedback_bitdefender_unattended_install | Bitdefender unattended RMM install must use the FULL KIT as SYSTEM (silent, no UAC) — the downloader stub fails headless and triggers UAC |
|
Deploying Bitdefender (GravityZone) via an RMM/automation MUST be fully silent with NO UAC prompt and NO end-user interaction. Howard hard-stopped a deploy when a UAC prompt appeared on the user's screen (2026-06-21).
Why: the lightweight setupdownloader stub (setupdownloader_[hash].exe,
the installLinkWindows URL) is the WRONG tool for unattended deploy:
- Run as SYSTEM (no UAC) it exits 3 and never installs (0-byte installer.xml; needs an interactive/elevated session).
- Run in
context: user_sessionit triggers a UAC prompt (WTS-impersonated admin token isn't auto-elevated) — unacceptable for end users.
How to apply: use the FULL KIT (fullKitWindowsX64, ~696MB
epskit_x64_*.zip; downloads with the GZ API key as HTTP Basic auth) and run its
installer as SYSTEM with /bdparams /silent. SYSTEM is already elevated (no UAC)
and the kit is self-contained (no CDN fetch → no exit 3). This is how Syncro /
proper RMM BD deployments work. To avoid the API key on the endpoint, stage the
kit on an internal HTTP host (e.g. GuruRMM downloads server) for anonymous pull.
See reference_gravityzone_support and the bitdefender skill.