BitDefender Won't Install

Hello,

I have Windows Defender turned off on an endpoint, even went as far to do it at the GP level, Syncro still detects it as active even thought it is not. BD will not install. Not sure what else to try, I’ve been through the loop of moving from policy’s and waiting 15m then adding it back to a BD enabled policy, no luck.

Anyone else out there been through this? Have a “fix”? (grumbles in german)

Does the Asset at least say Bitdefender install pending? It might need a reboot to kick it. I just purged a couple of stubborn Webroot installs and this is what it looks like while waiting for Bitdefender to be installed.

image

Hi Shucky, which asset are you experiencing this with? You may want to give it longer than 15mins though it should generally install quickly.

1 Like

It does, reboot doesn’t make a difference. Thank you.

Hello,

I have an open ticket with support, they say the agent is not calling on bitdefender for the install. I was just reaching out here to see if I can find assistance.

1 Like

Do you have any other conflicting AV installed? If there are any remnants of other 3rd party anti-virus software installations, it will refuse to install.

Try running this to see if it returns anything other than Defender:

Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct
1 Like

Run the installer from c:\Programdata\Syncro\Bin and see what you get. If it doesn’t work, delete the exe and let Syncro redownload it (2hour sync unless you force it). Often that clears things up. Otherwise yes, may be AV remnants you need to remove. Here’s a script for that:


Import-Module $env:SyncroModule -DisableNameChecking

taskkill /IM explorer.exe /F

# AVG
reg delete "HKLM\SOFTWARE\AVG" /f

# Norton/Symantec
reg delete "HKLM\SOFTWARE\Symantec" /f
Remove-Item -Recurse -Force "C:\ProgramData\Norton"
Remove-Item -Recurse -Force "C:\ProgramData\NortonInstaller"
Remove-Item -Recurse -Force "C:\Program Files\NortonInstaller"

# ESET
reg delete "HKLM\SOFTWARE\ESET" /f
Remove-Item -Recurse -Force "C:\Program Files\ESET"

# TeamViewer's ITbrain Anti-Malware
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ITbrain Anti-Malware" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ITbrain Monitoring" /f
Remove-Item -Recurse -Force "C:\Program Files\ITbrain"

# Malwarebytes
reg delete "HKLM\SOFTWARE\Malwarebytes " /f

# McAfee
reg delete "HKLM\SOFTWARE\Mcafee" /f
reg delete "HKLM\SOFTWARE\McAfee.com" /f
reg delete "HKLM\SOFTWARE\mcafeeupdater" /f
reg delete "HKLM\SOFTWARE\mcafeeupdater.com" /f
Remove-Item -Recurse -Force "C:\Program Files\Common Files\McAfee" /s /q

# SolarWinds AV Defender stuff
reg delete "HKLM\SOFTWARE\AVDefender" /f
reg delete "HKLM\SOFTWARE\N-Able Technologies\AVDefender" /f
Remove-Item -Recurse -Force "C:\Program Files(x86)\N-able Technologies\Windows Agent\AVDefender"
Remove-Item -Recurse -Force "C:\Program Files\N-able Technologies\AVDefender"
Remove-Item -Recurse -Force "C:\Program Data\N-Able Technologies"
Remove-Item -Force "C:\Program Files(x86)\N-Able Technologies\Windows Agent\config\AVDefender\Config.xml"
Remove-Item -Force "C:\Program Files(x86)\N-Able Technologies\Windows Agent\config\AVDefender\ErrorManager.xml"

# SolarWinds/LogicNow/Managed AV stuff
reg delete "HKCU\Software\Microsoft\Installer\Features\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKCU\Software\Microsoft\Installer\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKEY_CLASSES_ROOT\Installer\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKEY_CLASSES_ROOT\Installer\Products\4CD5C3BD0A7A09843BC123024BB352CE" /f
reg delete "HKLM\SOFTWARE\LogicNow" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4CD5C3BD0A7A09843BC123024BB352CE" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2465414843-2580454656-430099928-1115\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2535107696-3196376973-1651308919-1001\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22B6DCC1-704A-4763-A475-A13EB499D08E}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB3C5DC4-A7A0-4890-B31C-3220B43B25EC}" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\WebProtectionDriver1.2" /f
reg delete "HKLM\SYSTEM\ControlSet002\Services\WebProtectionDriver1.2" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\Advanced Monitoring Agent" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\ManagedAntivirus" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\NetworkManagement" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\UpdateService" /f
Remove-Item -Recurse -Force "C:\Program Files\Managed Antivirus"
Remove-Item -Recurse -Force "C:\ProgramData\ManagedAntivirus"

# Bitdefender
reg delete "HKLM\SOFTWARE\Bitdefender" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\epag" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPIntegrationService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPProtectedService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPRedline" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPRedlineFiles" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPSecurityService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPUpdateService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Ignis" /f
Remove-Item -Force "C:\ProgramData\*.bdinstall.*"
Remove-Item -Force "C:\ProgramData\Syncro\bin\setupdownloader_[*"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Bitdefender"
Remove-Item -Recurse -Force "C:\Program Files\Bitdefender"
Remove-Item -Recurse -Force "C:\Program Files\Bitdefender Agent"
Remove-Item -Recurse -Force "C:\Program Files\Common Files\Bitdefender"
Remove-Item -Recurse -Force "C:\ProgramData\Bitdefender"
Remove-Item -Recurse -Force "C:\ProgramData\bdkitinstaller"
Remove-Item -Recurse -Force "C:\ProgramData\bdlogging"
Remove-Item -Recurse -Force "C:\ProgramData\bduninstalltool"

shutdown /r /f

Thanks, I’ll try this.

There is no install file in that location, I will try the script as well.

But we also have this in GZ, it would appear that Syncro and GZ are not talking? The API has all permissions, we even tried removing it and adding it back.

Hi Shucky, I was able to check in on your ticket and we don’t see that the GravityZone account exists yet. We sent some follow-up steps to you so just let us know if you have further trouble after that. We’ll keep working with you on your ticket since this one is going to be specific to your account.

Hello,

We linked our old account that we had before. Is there any merit in just removing the integration and starting from scratch?

We’ll keep working on it with you through your ticket. Removing the integration is better for new accounts that don’t have anything in GravityZone yet as removing it also removes the GZ profile but it is an option.

Integration is now working, thank you for your help.

1 Like