Skip to content

Instantly share code, notes, and snippets.

Last active July 17, 2024 17:34
Show Gist options
  • Save chrisisbeef/ac701d471282f8588e969b90887da857 to your computer and use it in GitHub Desktop.
Save chrisisbeef/ac701d471282f8588e969b90887da857 to your computer and use it in GitHub Desktop.
Bitdefender GravityZone Remote Installation Scripts (Works with JumpCloud Command-Runner Agent)
# Insert your company-hash here. When you get the download link, this is the long alpha-numeric scring
# that comes after setupdownloader_ in the filename.
# Do not include the square brackets (but do include the = if there is one).
$CompanyHash = ""
### Modify below this line at your own risk!
# If it's already installed, just do nothing
$Installed = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -eq "Bitdefender Endpoint Security Tools" }
if ($Installed) {
Write-Output "Bitdefender already installed. Exiting."
Exit 0
$BitdefenderURL = "setupdownloader_[$CompanyHash].exe"
$BaseURL = ""
$URL = $BaseURL + $BitdefenderURL
$Destination = 'C:\Windows\Temp\setupdownloader.exe'
Write-Output "Beginning download of Bitdefender to $Destination"
Invoke-WebRequest -Uri $URL -OutFile $Destination
Write-Output "Error Downloading - $_.Exception.Response.StatusCode.value_"
Write-Output $_
Exit 1
# Check if a previous attempt failed, leaving the installer in the temp directory and breaking the script
$FullDestination = "$DestinationPath\setupdownloader_[$CompanyHash].exe"
if (Test-Path $FullDestination) {
Remove-Item $FullDestination
Write-Out "Removed $FullDestination..."
Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHash].exe"
Write-Output "Download succeeded, beginning install..."
Start-Process -FilePath "C:\Windows\Temp\$BitdefenderURL" -ArgumentList "/bdparams /silent silent" -Wait -NoNewWindow
# Wait an additional 30 seconds after the installer process completes to verify installation
Start-Sleep -Seconds 30
$Installed = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -eq "Bitdefender Endpoint Security Tools" }
if ($Installed) {
Write-Output "Bitdefender successfully installed."
Exit 0
else {
Write-Output "ERROR: Failed to install Bitdefender"
Exit 1
# Get the download url for the Mac installer from your GravityZone server and put it here
### Modify below this line at your own risk!
# Check if BDLDaemon is already running
count=$(ps aux | grep -v grep | grep -ci $PROCESS)
if [ $count -gt 0 ]; then
echo "Bitdefender is already installed..."
exit 0
# Verify JumpCloud MDM
verify_jc_mdm (){
# Check the system for the following profileIdentifier
check=$(profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}')
if [[ $check == *$mdmID* ]] ; then
echo "ProfileIdentifier: ${mdmID} found on system. MDM Verified"
echo "JumpCloud MDM profile not found on system."
if ! verify_jc_mdm "$":; then
echo "Device is not yet supervised..."
exit 0
# Locate DMG Download Link From URL
if [[ $DownloadUrl =~ $regex ]]; then
echo "URL points to direct DMG download"
echo "Searching headers for download links"
urlHead=$(curl -s --head $DownloadUrl)
locationSearch=$(echo "$urlHead" | grep https:)
if [ -n "$locationSearch" ]; then
locationRaw=$(echo "$locationSearch" | cut -d' ' -f2)
locationFormatted="$(echo "${locationRaw}" | tr -d '[:space:]')"
if [[ $locationFormatted =~ $regex ]]; then
echo "Download link found"
DownloadUrl=$(echo "$locationFormatted")
echo "No https location download link found in headers"
exit 1
echo "No location download link found in headers"
exit 1
#Create Temp Folder
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
mkdir /tmp/$TempFolder
# Navigate to Temp Folder
cd /tmp/$TempFolder
# Download File into Temp Folder
curl -s -O "$DownloadUrl"
# Capture name of Download File
echo "Downloaded $DownloadFile to /tmp/$TempFolder"
# Verifies DMG File
if [[ $DownloadFile =~ $regex ]]; then
DMGFile="$(echo "$DownloadFile")"
echo "DMG File Found: $DMGFile"
echo "File: $DownloadFile is not a DMG"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
# Mount DMG File -nobrowse prevents the volume from popping up in Finder
hdiutilAttach=$(hdiutil attach /tmp/$TempFolder/$DMGFile -nobrowse)
echo "Used hdiutil to mount $DMGFile "
if [ ${err} -ne 0 ]; then
echo "Could not mount $DMGFile Error: ${err}"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
if [[ $hdiutilAttach =~ $regex ]]; then
echo "Located DMG Volume: $DMGVolume"
echo "DMG Volume not found"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
# Identify the mount point for the DMG file
DMGMountPoint="$(hdiutil info | grep "$DMGVolume" | awk '{ print $1 }')"
echo "Located DMG Mount Point: $DMGMountPoint"
# Capture name of App file
cd "$DMGVolume/"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
<string>System Extensions</string>
<string>Bitdefender Vendor Payload</string>
<string>Privacy Preferences Policy Control</string>
<string>Bitdefender Vendor Payload</string>
<string>anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.] /* exists */ or certificate 1[field.1.2.840.113635.] /* exists */ and certificate leaf[field.1.2.840.113635.] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string>
<string>identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.] /* exists */ and certificate leaf[field.1.2.840.113635.] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y</string>
<string>anchor apple generic and identifier "" and (certificate leaf[field.1.2.840.113635.] /* exists */ or certificate 1[field.1.2.840.113635.] /* exists */ and certificate leaf[field.1.2.840.113635.] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string>
<string>Web Content Filter Payload</string>
<string>JAMF Software</string>
<string>Bitdefender GravityZone.</string>
Copy link

aimaq2020 commented Jan 5, 2023

Hi @chrisisbeef,
Thanks for the script it is very helpful. I used for remote deployment of Bitdefender through JumpCloud which nicely worked on Mac devices but on windows machines, the download part is success but failing install and I am getting the following error message:
ERROR: Failed to install Bitdefender
Rename-Item : Cannot create a file when that file already exists.
At line:35 char:1

  • Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHas ...

I'm not good at scripting, can you help me please to troubleshoot this error? Much appreciated

Copy link

Hi @chrisisbeef, Thanks for the script it is very helpful. I used for remote deployment of Bitdefender through JumpCloud which nicely worked on Mac devices but on windows machines, the download part is success but failing install and I am getting the following error message: ERROR: Failed to install Bitdefender Rename-Item : Cannot create a file when that file already exists. At line:35 char:1

  • Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHas ...

I'm not good at scripting, can you help me please to troubleshoot this error? Much appreciated

Hi @aimaq2020 - I unfortunately don't have a way to test this script anymore as I am no longer with the company I was working with and thus no access to a BitDefender account to test with, however I'd guess that it is most likely a permissions issue, check which user is running the script in the command on the jumpcloud side if you're running it using JumpCloud commands and make sure that user has rights to write to C:\Windows\Temp directory. You can also check on one of the workstations you're deploying to and see if the files are being written in that directory to help debug a bit

Copy link

Hi @chrisisbeef appreciate that you replied back. I figured out, the issue was with the Bitdefender URL hash, in my case replaced Invoke-WebRequest with Start-BitsTransfer which worked to download the file, now I am struggling with the second part, installing the downloaded file which isn't working and neither giving any error log details. Thanks

Copy link

davidshbroussard commented May 3, 2023

Hi @chrisisbeef, Thanks for the script it is very helpful. I used for remote deployment of Bitdefender through JumpCloud which nicely worked on Mac devices but on windows machines, the download part is success but failing install and I am getting the following error message: ERROR: Failed to install Bitdefender Rename-Item : Cannot create a file when that file already exists. At line:35 char:1

  • Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHas ...

I'm not good at scripting, can you help me please to troubleshoot this error? Much appreciated

@aimaq2020 What did you do to get it to install on the Macs? I was able to get it working for PC, but am having trouble with the Mac install. I put the part labeled in the command, but not sure what to do with best_unsigned.mobileconfig. When I run the command, I can see it on the dock and it shows SetupDownloader, but it never installs and I can hear the fan running making me think that it is trying to do the silent install, but is needing security settings to be accepted. I am assuming that the .mobileconfig has something to do with that, but not sure what to do with it.

Copy link

Hi @chrisisbeef, Thanks for the script it is very helpful. I used for remote deployment of Bitdefender through JumpCloud which nicely worked on Mac devices but on windows machines, the download part is success but failing install and I am getting the following error message: ERROR: Failed to install Bitdefender Rename-Item : Cannot create a file when that file already exists. At line:35 char:1

  • Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHas ...

I'm not good at scripting, can you help me please to troubleshoot this error? Much appreciated

@aimaq2020 What did you do to get it to install on the Macs? I was able to get it working for PC, but am having trouble with the Mac install. I put the part labeled in the command, but not sure what to do with best_unsigned.mobileconfig. When I run the command, I can see it on the dock and it shows SetupDownloader, but it never installs and I can hear the fan running making me think that it is trying to do the silent install, but is needing security settings to be accepted. I am assuming that the .mobileconfig has something to do with that, but not sure what to do with it.

Hi @davidshbroussard - you have to push the .mobileconfig as a policy to your macs before the command will work. You can add the custom policy by going to Policy Management in the admin console, and searching for "Mac - MDM Custom Configuration Profile Policy" then attach the .mobileconfig file to that policy and select the devices or device groups to push the policy to.

Copy link

Hi @chrisisbeef, Thanks for the script it is very helpful. I used for remote deployment of Bitdefender through JumpCloud which nicely worked on Mac devices but on windows machines, the download part is success but failing install and I am getting the following error message: ERROR: Failed to install Bitdefender Rename-Item : Cannot create a file when that file already exists. At line:35 char:1

  • Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHas ...

I'm not good at scripting, can you help me please to troubleshoot this error? Much appreciated

@aimaq2020 What did you do to get it to install on the Macs? I was able to get it working for PC, but am having trouble with the Mac install. I put the part labeled in the command, but not sure what to do with best_unsigned.mobileconfig. When I run the command, I can see it on the dock and it shows SetupDownloader, but it never installs and I can hear the fan running making me think that it is trying to do the silent install, but is needing security settings to be accepted. I am assuming that the .mobileconfig has something to do with that, but not sure what to do with it.

Hi @davidshbroussard - you have to push the .mobileconfig as a policy to your macs before the command will work. You can add the custom policy by going to Policy Management in the admin console, and searching for "Mac - MDM Custom Configuration Profile Policy" then attach the .mobileconfig file to that policy and select the devices or device groups to push the policy to.

@chrisisbeef Thanks for that reply. I was not sure how it got pushed as I am newly getting into JumpCloud with policies. I appreciate it. Once it was on, it installed. This will make it much easier for installation! I appreciate it.

Copy link

If I am not mistaken at line 35 $DestinationPath is never filled so it will not find that file. I guess it needs to be $Destination

Copy link

42leaks commented Nov 2, 2023

thank you for the script.
How did you générate a mobilconfigfile ?
how did you find <key>PayloadIdentifier</key> <string>8758FD71-64D2-4739-8836-7838BE671CCE</string> and <key>GUNFMW623Y</key> all all others id ?

Copy link

Do you know if the GZ silent installation process can remove previous antivirus installs? We have a number of Windows systems that either have a small office install of BitDefender or Mcafee, and I’m trying to figure out if I can do the whole process remotely via JumpCloud.

Copy link

I'm trying this script with Windows Powershell and getting the following error without any real details as to what is failing:

Beginning download of Bitdefender to C:\Windows\Temp\setupdownloader.exe
Download succeeded, beginning install...
ERROR: Failed to install Bitdefender

So it looks like it's downloaded the file successfully but not installing. Any troubleshooting suggestions?

Copy link

I'm trying this script with Windows Powershell and getting the following error without any real details as to what is failing:

Beginning download of Bitdefender to C:\Windows\Temp\setupdownloader.exe
Download succeeded, beginning install...
ERROR: Failed to install Bitdefender

So it looks like it's downloaded the file successfully but not installing. Any troubleshooting suggestions?

I'd guess its because you are not running it elevated. I have a machine that has a local admin account, i'm kicking off the script with my rmm software, however i don't have the local admin account creds yet, and I get the same thing. Are you pushing it out or running it locally? If you are running it locally, click powershell, and run as administrator, then try it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment