Bitdefender Install

For those that run non-integrated BD, worked on a script this morning to better deploy.

# Source: https://gist.github.com/chrisisbeef/ac701d471282f8588e969b90887da857
# Insert your company-hash into a Customer Custom Field and add a platform variable called
# CompanyHash pointed to it. When you get the download link, this is the long alpha-numeric string 
# that comes after setupdownloader_ in the filename. 
# Do not include the square brackets (but do include the = if there is one).
$workingdir = "c:\temp"
$BitdefenderURL = "setupdownloader_[$CompanyHash].exe"
$BaseURL = "https://cloud.gravityzone.bitdefender.com/Packages/BSTWIN/0/"
$URL = $BaseURL + $BitdefenderURL
$Destination = "$($workingdir)\setupdownloader.exe"

### Modify below this line at your own risk!

# If it's already installed, just do nothing
$Installed = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" | 
Where-Object { $_.DisplayName -eq "Bitdefender Endpoint Security Tools" }

if ($Installed) {
    Write-Host "Bitdefender already installed. Exiting."
    Exit 0
}

# Test if the CompanyHash has been filled out
if ($CompanyHash -eq "")
{
    Write-Host "CompanyHash is missing"
    Exit 1
}
    
# Test if the working directory exist
    If(!(test-path $workingdir))
{
        New-Item -ItemType Directory -Force -Path $workingdir
 }

# Download
try 
{
    Write-Output "Beginning download of Bitdefender to $Destination"
    Invoke-WebRequest -Uri $URL -OutFile $Destination
}
catch
{
    Write-Host "Error Downloading - $_.Exception.Response.StatusCode.value_"
    Write-Host $_
    Exit 1
}

Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHash].exe"
Write-Host "Download succeeded, beginning install..."
Start-Process -FilePath "$workingdir\$BitdefenderURL" -ArgumentList "/bdparams /silent silent" -Wait -NoNewWindow
Start-Sleep -s 3
Write-Host "Deleting Installer"
Remove-Item -LiteralPath "$workingdir\$BitdefenderURL"

# Wait an additional 30 seconds after the installer process completes to verify installation
Start-Sleep -Seconds 30

$Installed = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" | 
Where-Object { $_.DisplayName -eq "Bitdefender Endpoint Security Tools" }

if ($Installed) {
    Write-Host "Bitdefender successfully installed."
    Exit 0
}
else {
    Write-Host "ERROR: Failed to install Bitdefender"
    Exit 1
}

There was another part in the script that I took out because it was broken as it was because the person didn’t define the variable properly. If you want the script to look for the file name and remove prior to executing so that it doesn’t error out, add this back above the Download section.

# Check if a previous attempt failed, leaving the installer in the temp directory and breaking the script
$FullDestination = "$Workingdir\setupdownloader_[$CompanyHash].exe"
if (Test-Path $FullDestination) {
   Remove-Item -LiteralPath "$FullDestination"
   Write-Host "Removed $FullDestination..."
}

Just curious, why would folks be using BitDefender but not getting it through Syncro?

3 reasons I can think of.

  1. Buying off a local disti increases the relationship with them, which can provide other benefits.
  2. To pay in local currency through a local disti with sales tax instead of buying in USD with no sales tax, only to have to pay the sales tax later at tax time.
  3. Reducing lockin to Syncro in case decide to choose a different RMM.

There is also a little open source utility here that I wrote some time ago.
GitHub - adent/BitDefenderDeploy: Utility for MSPs to deploy Bit Defender silently

There is no lock-in to Syncro. You can take your Gravityzone instance, and your Webroot/Acronis instance too for that matter, with you if you were to leave. They are portable by design.

Sure, but wouldn’t you have to setup arrangements and terms with a local disti?
I guess that is obviously doable, but takes time. Though admittly it is a once off so not a big concern.

The other 2 reasons are more important because they have recurring effects every month.

My reason was just an old relationship really and some reports of lackluster integration, but I did move over today and it was a smooth transition. The integration is basic, but it won’t break anything moving over, so it was a safe move for us. This script is still valid in case you have trouble with Syncro pushing the install.