Bitdefender

For those of you using the MSPAssist Module, Bitdefender, and struggling to stop the “Unknown AV” alerts on servers.  I have a solution for you.
MSPA does not, by default, check for BD.  While I have the programmer working on an update, he is struggling with a solution because of the way BD reports it’s version/status, etc.This is what I’ve done, and it works quite well:

  1. Under Policy Management -> MSPAssist Monitoring\Global Default Policies\”CORE Global Policy” – Removed the Agent Procedure “AV Master SCRIPT”. (NOTE: Before removing, make note of the Schedule.) Save and Apply.
  2. Created a View called “MSPAssist – STSI – Managed Machines Not Running Bitdefender”.  In this View I used the Applications setting set to “Missing application epag.exe”.  This filters out anything that is running BD.   Since BD isn’t checked in the MSPA logic, there’s no reason to run the AV Master SCRIPT against anything that has BD installed.
  3. In the MSPAssist Monitoring\Global Default Policies container, I created a new policy called “CORE Global Policy – AV Checks”, assigned the newly created View and added in the Agent Procedure “AV Master SCRIPT”.  Making sure to use the same schedule as before.
  4. I then applied the new policy and once the changes have all processed, I stopped getting the bogus Server – Unknown AV messages.  I now only get those alerts if the “epag.exe” file is missing, AND there is no other AV installed.

NOTE: DO NOT use this and expect to be notified if BD is missing from the machine. If there is any other AV installed that is supported in the MSPA scripts, it will check those AV’s to see if they are up to date, and if so, no alert occurs.  It will not tell you BD is not installed.  You’ll need to come up with separate logic for that.As always, TEST this in your environment before deploying.  Just because it works for me, doesn’t guarantee it will be free of defects in your environment.

Here’s the GravityZone Bitdefender Administrators Guide to give you all you need to setup your Bitdefender Modules and Policies.  Enjoy!

Click here to download.

New Bitdefender version

Bitfender has recently released a new VSA module (9.5.1.140) for their integration.
 
Its highly recommended to upload this new version of the VSAZ file to upgrade to the latest version.
 
Take a look at the release notes here.

Get the newest version here!
So you’ve integrated GravityZone …
 
Now what?
Bitdefender’s integration comes with deployment scripts that are used in conjunction with your new module, but what about after that? Wouldn’t it be nice if you could see if Bitdefender was installed on those devices without having to open your GravityZone dashboard?
 

There’s a quick setup you can use.  The cool thing about it is it makes a great example of how the pieces of Kaseya work together.

NOTE: The following setup is only as accurate as the last Audit that was run on the system.

 
Custom Field>View>Procedure>Policy
 
Custom Field
Create a custom field that will be populated by our procedure: CF-BitdefenderStatus.
(CF=Custom Field)
 
[Audit –> View Individual Data –> Machine Summary]=
 
View
Create a view to filter out what machines don’t yet have Bitdefender installed:
 
 
Enable Advanced Filters and enter “Installed” or “Missing” depending on what you want shown.
Enable Advanced Filters and enter “Installed” or “Missing” depending on what you want shown.
Procedure
The procedure needed simply looks for a component of Bitdefender on the end-point machine:
 
The export of the procedure looks like this, and can be copied and pasted as shown. Save as “Bitdefender Install Status.xml” for importing to your VSA. (*until we find/have a suitable repository for file distribution)
 
Click to view:
Import the Procedure under System -> Server Management -> Import Center.
 
Policy
Create a Policy based on the View above so you can schedule the Procedure for existing and new devices alike.
 
Schedule to get response “quicker” than your Latest Audit schedule to create a new listing of devices.

In this image you can see the schedule set that looks for the file on each device. EPAG.EXE is the End Point Agent for Bitdefender, and will be present after a successful installation.

Remember to Save and Apply your changes for the policy so that it will be able to be distributed.  If the Policy you’ve set is already Assigned to a group or devices, please “Allow the Scheduler to apply” the changes over a distribution window.

You can take this a step further by creating a 2nd View to use in the “Manage Agents” view.  This view would be for people who don’t create or apply policies, and thus shouldn’t be editing a view with a “Policy – xxxxx” name / prefix.  This is totally up to you, of course.

Questions? Comments? Help? Contact us at service@techstogether.com.

Bitdefender Integration instructions*

This article assumes you have an account for both Kaseya and Bitdefender-GravityZone. And you are familiar with the Bitdefender GravityZone interface and the VSA dashboard. For more information, reach out to Techs+Together.

PLEASE NOTE: If you have already configured Bitdefender Gravity Zone with your VSA account using a procedure method, please refer to the ADDENDUM for more information.

Install the Bitdefender Connector

  1. Log in to a computer with access to Kaseya resources.
  2. Download Bitdefender Connector here:
    https://download.bitdefender.com/SMB/Kaseya9.5/Plugin/Bitdefender.vsaz
  3. Log in to Kaseya VSA.
  4. Navigate to System > Server Management > License Manager  – If you do not see this option, log in as a user with SYSTEM-level access.
  5. Select the Third-Party tab. If this tab is not present, you can enable it under System > Server Management > Configure  and check the box labeled Enable Third Party App Installation Globally.
  6. Click Install.
  7. Locate the Bitdefender Connector you downloaded in step 2. It will have the file extension vsaz.
  8. Follow the on-screen instructions to install the package.
  9. You can see a new entry for Bitdefender in the Navigation Panel.

 

Note:

When needed, you can install the same version of the Bitdefender Connector without uninstalling the existing one. This solution is recommended in case of issues with Kaseya Agent Procedures (they have been deleted or they do not appear anymore for some reason).

Configure Integration

Kaseya VSA needs to access Gravity Zone services.   To authorize access, you need to generate an API key and configure the integration.

Generate API Key

  1. Log in to Gravity Zone web console.
  2. Click your username in the upper-right hand corner and select My Account.
  3. Go to the API keys section and click Add at the top of the table
  4. Enable ALL listed APIs (this list is subject to change, always choose all listed): 

Figure 1 – Gravity Zone API key dialogue

  1. Click Save
    An API key is generated. To prevent the leaking of sensitive information, do not share or distribute your own API keys.
  2. Cop the Access URL from the Control Center API section.
  3. Log in to Kaseya VSA and follow the next steps to configure the integration & synchronize inventory.

 

Integrate Kaseya VSA with Gravity Zone

  1. Log in to Kaseya VSA
  2. Click Bitdefender module (at the bottom) in the Navigation panel
  3. From Settings – select Configuration
    1. When you first open Configuration, you’ll be prompted to allow access for the 3rd-party module:
  4. Enter the API & API Access URL from the previous section.


Figure 2 – Gravity Zone integration configuration

  • Click Save

 

Synchronize Kaseya Inventory

The synchronization mirrors your managed inventory in VSA (Assets) to the Gravity Zone Control Center.

Inventory Synchronization Task

See figure 3

  1. Log in to Kaseya VSA via web browser.
  2. Click Bitdefender in the Navigation Panel.
  3. From the Settings menu, select Configuration.
  4. Enter the generated API key and API Access URL in the General Settings section.
  5. Enable Automatic Sync and Automatic Deploy if needed.

    For more information, see the section Manual Synchronization.

 

Note

The synchronization task runs hourly. This will automatically synchronize your existing Inventory according to its hierarchical structure, and it will deploy the security agent on your endpoints.

  1. Set a prefix for creating new organizations or associating existing organizations during the synchronization.
    For more information, see the section on Setting a Prefix.

 

Note

Setting a prefix will ensure that your organization names in Gravity Zone are unique.  It is required that you use a prefix to avoid conflicts with other tenants.

  1. Configure your event settings for Automatic or Manual.
    For more information, see the Event Handling Settings section.

 

Note

It’s highly recommended to set these items to automatic synchronization for the most trouble-free implementation. If there are any issues, please contact service@techstogether.com.

  1. Click Save to start synchronization. This may take a few moments.

Figure 3 – Gravity Zone VSA Configuration

 

Deploy a Security Agent

After you integrate Kaseya VSA with Gravity Zone, a default agent installation package is created in Control Center. Bitdefender’s security agent for Windows is titled Bitdefender Endpoint Security Agent (BEST). It is recommended not to delete the package.

 

Create Package in Gravity Zone

Installation packages are visible in Control Center only for the user that created them.  To view the default package:

See figure 4

  1. Log in to Gravity Zone Control Center.
  2. Go to the Network Packages page.

    You can see the default package named KASEYA_Connector_Default.
    Click to edit.

Figure 4 – Bitdefender default endpoint package dialogue

 

Note:

If you would like to give your end-users the ability to pause or cancel scans, you will need to install the Power User module as well. The cancel a scan, you must enter Power User Mode from the System Tray icon. 

  • Click  Add in the upper side of the table to configure a new installation package.

 

More information

Other information beyond the basic instructions.

 

Set a Prefix

In Settings > Configuration, you need to configure a prefix for creating or associating organizations from the source inventory (Kaseya VSA) and the destination inventory (Gravity Zone) during the synchronization task. The necessary for better management of the organizations within the network inventory. This is how you set a prefix in Kaseya VSA:

  1. Enter a name in the Prefix field. The prefix can have up to 20 characters and it can represent any relevant name you choose. (Recommend setting it to something identifiable to you, IE, Company initials or short name.
  2. Select one of the following options, or both:
  • Use prefix for creation – create in the Gravity Zone inventory an organization having the configured prefix by using the name of an organization from Kaseya VSA preceded by the prefix. 

Example: the organization “Company” from Kaseya VSA with the prefix “[Acme]” becomes “[Acme] Company” in the Gravity Zone inventory.

  • Use prefix for association – search for organizations in the Gravity Zone inventory by using the configured prefix to associate them with organizations from Kaseya VSA. 

Example: if there is an organization “Company” in Kaseya VSA and an organization “[Acme]Old Company” in Gravity Zone, at the same hierarchical level, an event of Missing prefix-based association found is generated. In this case, you can associate both organizations, rename the organization from Gravity Zone, or to ignore the event.

For details about events, refer to Event Handling Settings.

You cannot use the prefix for machine groups.

 

Event Handling Settings

During the synchronization task, the differences between inventories generate certain events. Choose to handle these events either automatically or manually under the Event Handling Settings section. 

The automatic actions taken on the synchronization events are described below:

Event Type

Automatic Action

Destination Moved

Move an item in destination inventory (Gravity Zone) to match the source inventory location (Kaseya).

Destination Deleted

Copy an item from the source inventory (Gravity Zone) to the destination inventory (Kaseya).

Association Missing

Create a link between items that have the same name and location in both inventories.

Prefix-based Association Missing

Create the link between items with the same name and location in both inventories, considering the destination contains the prefix set in Prefix Settings.

Source Deleted

Delete an item in destination inventory (Gravity Zone) if its corresponding item from the source inventory (Kaseya) no longer exists.

Note

It’s recommended to set these items to automatic synchronization for the most trouble-free implementation. If there are any issues, please contact service@techstogether.com.

Manual Inventory Synchronization and Exclusions

  1. In Kaseya VSA Navigation Panel, click Bitdefender.
  2. From the Operations menu, select Inventory.
  3. Right-click on any organization tree and select from:

Synchronize Inventory

Synchronizes your Kaseya VSA inventory structure with Gravity Zone Control Center. Choose this option to view and manage your inventory structure in Gravity Zone Control Center.

  •  Exclude from inventory Synchronization

Excludes from synchronization the entity you have selected. An excluded entity will display this icon and it will not generate synchronization events. An excluded entity will disappear from the GravityZone inventory. To include back the entity for synchronization, right-click it and select Include for Inventory Synchronization.

  • Synchronize Agents

Deploys the security agent across your inventory structure. Choose this option to deploy the security agent from Kaseya VSA.

  • Exclude from agents Synchronization

Excludes from deployment the entity you have selected.  An excluded entity will display this icon and it will not generate synchronization events. To include back the entity for installation, right-click it and select Include for agents synchronization.

Note:

  • For an excluded entity, synchronization and deployment can run only manually, by selecting  Synchronize Inventory and Synchronize Agents from the contextual menu for that entity. If you select these options from a parent node, they will not affect the excluded entity.
  • If an entity is deleted from Kaseya, the exclusions will be ignored and there will be generated Source Deleted events instead.
  • If there are unhandled events from the last synchronization, a pop-up window will inform you about them each time you access the Inventory page.

 

Questions, problems and troubleshooting

For more information or problems with your integration and deployment, please contact service@techstogether.com.

 

Addendum – moving Prior Integration(s)

Refer to Figure 3

  1. You can remove or disable any previously created procedures (or policies containing them) from devices in the VSA.
  2. Disregard any files you have for Bitdefender under Procedures > Manage Files. They will no longer be used.
  3. Install the new Bitdefender module according to Techs+Together instructions.  
    1. In the section regarding Prefixes, we recommend the entry in the new module matches the prefix previously used in integration. Be sure to select the Use prefix for association to have previous agents remain in their appropriate location.
    2. Select the Use prefix for creation to allow the plugin to continue to create new companies in GravityZone.
  4. Bitdefender will deploy new Procedures in your VSA.  Three will help detect if devices already have Bitdefender installed, the other will deploy the agent.  There isn’t any reason to edit them. If you do edit the deployment procedure, do not remove any of the default code.
  5. Let the new module synch.  Be aware of any error (red icons on the organization icons in Bitdefender module) and correct them.
  6. Create your agent deployment in the Bitdefender module.


DONE.

 

Note:

Already existing endpoints will not be affected. If they report to the correct company they will be left alone. If you run install on them the plug-in will detect that the BD client already runs on them and leave them as they are. A future release will bring more functionality on the endpoint management where it will pull more endpoint data from GZ and show it in the plug-in.

 

Problem: There are many machines showing as un-managed, but the Bitdefender interface on the machine shows you are protected. 

Answer:

This situation is usually seen when UAC is enabled at some level on the endpoint computer.  In order to correct the situation, 

  • uninstall the Bitdefender agent
  • Disable UAC completely
  • Reboot the computer
  • Reinstall Bitdefender

Good news is, disabling UAC (and re-enabling it if necessary) can be accomplished with a VSA procedure.  It’s recommended to create/use a procedure for UAC control separately. Do not write it into the BD deployment procedure.  

UAC procedures found at Automation Exchange: https://automationexchange.kaseya.com/products/56  

If you are purchasing Kaseya VSA through Techs+Together, you are also receiving Gravity Zone Bitdefender at no charge to you.

As a new customer, you will need to integrate your Bitdefender with VSA by following the instructions here: http://allthings.techstogether.com/2018/08/gravityzone-for-kaseya-r95.html

If you already have a Gravity Zone account, you will need to migrate it to Techs+Together by following these steps:

– Log into your existing GZ account.

– Click on your account name in the upper right corner

– Scroll down and Change your Bitdefender Partner ID to us. 

Enter ID:

If you are on the EU server: 57f5d106d71aeab820e38caa4324bb9f

If you are on the US server: a3e1b24f8330f85418363031e8f26b1d

Once this is complete, let us know so we can make sure the proper license is assigned to you

Your existing agents will slowly start obtaining the new license key as they check in.

Recently, we are receiving many reports from our tenants about them having issues with the Bitdefender VSA Integration. 

Please be aware that due to an issue in the last VSA patch update, the Bitdefender module might display a blank screen. Kaseya is aware of the problem and working on a fix. In the meantime, to work around the issue, please access the VSA using one of the following URLs:

MyRMM – https://storedtech.myrmm.com

TT US – https://serverus01.techstogether.com 

TT EU – https://servereu01.techstogether.com 

Also, please make sure you are using an up-to-date browser (preferably Chrome) and be sure to clean out your browser cache and cookies.

If you continue to have issues after following these steps, please do not hesitate to reach out to us at service@techstogether.com

– Your T+T Team