26 lines
1.4 KiB
Markdown
26 lines
1.4 KiB
Markdown
---
|
|
name: feedback_bitdefender_unattended_install
|
|
description: Bitdefender unattended RMM install must use the FULL KIT as SYSTEM (silent, no UAC) — the downloader stub fails headless and triggers UAC
|
|
metadata:
|
|
type: feedback
|
|
---
|
|
|
|
Deploying Bitdefender (GravityZone) via an RMM/automation MUST be fully silent
|
|
with NO UAC prompt and NO end-user interaction. Howard hard-stopped a deploy
|
|
when a UAC prompt appeared on the user's screen (2026-06-21).
|
|
|
|
**Why:** the lightweight **setupdownloader stub** (`setupdownloader_[hash].exe`,
|
|
the `installLinkWindows` URL) is the WRONG tool for unattended deploy:
|
|
- Run as SYSTEM (no UAC) it exits **3** and never installs (0-byte installer.xml;
|
|
needs an interactive/elevated session).
|
|
- Run in `context: user_session` it triggers a **UAC prompt** (WTS-impersonated
|
|
admin token isn't auto-elevated) — unacceptable for end users.
|
|
|
|
**How to apply:** use the **FULL KIT** (`fullKitWindowsX64`, ~696MB
|
|
`epskit_x64_*.zip`; downloads with the GZ API key as HTTP Basic auth) and run its
|
|
installer as SYSTEM with `/bdparams /silent`. SYSTEM is already elevated (no UAC)
|
|
and the kit is self-contained (no CDN fetch → no exit 3). This is how Syncro /
|
|
proper RMM BD deployments work. To avoid the API key on the endpoint, stage the
|
|
kit on an internal HTTP host (e.g. GuruRMM downloads server) for anonymous pull.
|
|
See [[reference_gravityzone_support]] and the `bitdefender` skill.
|