MSPAssist & Bitdefender Causing Erroneous "Unknown AV" Alerts on Server OS

For those of you using the MSPAssist Module, Bitdefender, and struggling to stop the "Unknown AV" alerts on servers.  I have a solution for you.
MSPA does not, by default, check for BD.  While I have the programmer working on an update, he is struggling with a solution because of the way BD reports it's version/status, etc.This is what I've done, and it works quite well:

1. Under Policy Management -> MSPAssist Monitoring\Global Default Policies\"CORE Global Policy" - Removed the Agent Procedure "AV Master SCRIPT". (NOTE: Before removing, make note of the Schedule.) Save and Apply.
2. Created a View called "MSPAssist - STSI - Managed Machines Not Running Bitdefender".  In this View I used the Applications setting set to "Missing application epag.exe".  This filters out anything that is running BD.   Since BD isn't checked in the MSPA logic, there's no reason to run the AV Master SCRIPT against anything that has BD installed.
3. In the MSPAssist Monitoring\Global Default Policies container, I created a new policy called "CORE Global Policy - AV Checks", assigned the newly created View and added in the Agent Procedure "AV Master SCRIPT".  Making sure to use the same schedule as before.
4. I then applied the new policy and once the changes have all processed, I stopped getting the bogus Server - Unknown AV messages.  I now only get those alerts if the "epag.exe" file is missing, AND there is no other AV installed.

NOTE: DO NOT use this and expect to be notified if BD is missing from the machine. If there is any other AV installed that is supported in the MSPA scripts, it will check those AV's to see if they are up to date, and if so, no alert occurs.  It will not tell you BD is not installed.  You'll need to come up with separate logic for that.As always, TEST this in your environment before deploying.  Just because it works for me, doesn't guarantee it will be free of defects in your environment.

Kaseya Agent Install in GPO Domains creation of a MSI file

Domain watch for Kaseya agent install has issues both in the deployment and scalability.

Here is an alternative option for deploying Kaseya through AD Group policy using a msi package file created with a free tool.

MSI Wrapper (free version) by https://www.exemsi.com/

1. Download and install MSI wrapper
2. Download the latest Kaseya Agent generic installer exe : KcsSetup.exe
3. Unblock the executable:

4. Run MSI Wrapper:

5. Add the path to the Kaseya setup exe:

6. Set to Windows Installer:

7. Makeup your own Application ID and generate new upgrade code:

8. Accept Defaults:

9. Leave Blank:

10. Add install arguments:  /e /c /g=v200.hybrid.acme /j /s

g= is the group in Kaseya agents will place themselves in when they check-in.

Add /v in VDI environments to reuse the computer account in Kaseya so duplicates are not created.

11. Next, Next Build.

12. Place the MSI into a network share with domain read only permissions to the new msi file.

13. Create a new group policy in AD: Create a new package, browse to the share and select the new msi file.

Profit! You now have an automated way of pushing the Kaseya agent into an AD Domain without Domain Watch and vbs scripts

Bitdefender Administrator's Guide

Here's the GravityZone Bitdefender Administrators Guide to give you all you need to setup your Bitdefender Modules and Policies.  Enjoy!

Click here to download the guide.

UPDATED Bitdefender Module

New Bitdefender Version

Bitfender has recently released a new VSA module (9.5.1.126) for their integration.

Its highly recommended to upload this new version of the VSAZ file to upgrade to the latest version.

Take a look at the release notes here.

Get the newest version here!

VSA Antivirus Exclusion List

Make sure your Anti-Virus doesn't mess with your VSA agents.  Here's the link to the Kaseya KB article with regards to exclusions:

https://helpdesk.kaseya.com/hc/en-gb/articles/229014948-Anti-Virus-Exclusions-Trusted-Apps

Using Live Connect on Demand

One of the most important things in today's IT support world is remote access.  I mean, hardly anyone even knows what "rolling trucks" means nowadays, am I right? (Showing my age even saying that, I know.)

We all know that there's some way to get "there" ... but which way should we use?   Oh, and sure, this whole remote monitoring thing is great, but how do we get remote access to a device to install a remote monitoring agent that ... has our remote access service?!?



Hello, Chicken?
I'd like you to meet the Egg?

Enter: Live Connect on Demand

Protracted Reboot

Sometimes it's nice to be nice ...

Yes, we can just plain old REBOOT a computer with a 5 minute timer.  Five minutes is more than enough time to save a file, then walk away and get a cup of coffee, take a bio-break, whatever -- right?

Wait -

right?