Skip to content

Instantly share code, notes, and snippets.

@britannic

britannic/best.ps1

Forked from chrisisbeef/best.ps1
Created April 5, 2024 20:35
Show Gist options
  • Save britannic/1dd1a48424abf80e0f7e074c11c6bf4c to your computer and use it in GitHub Desktop.
Save britannic/1dd1a48424abf80e0f7e074c11c6bf4c to your computer and use it in GitHub Desktop.
Download ZIP
Bitdefender GravityZone Remote Installation Scripts (Works with JumpCloud Command-Runner Agent)
Raw
best.ps1
# Insert your company-hash here. When you get the download link, this is the long alpha-numeric scring
# that comes after setupdownloader_ in the filename.
# Do not include the square brackets (but do include the = if there is one).
$CompanyHash = ""
### Modify below this line at your own risk!
# If it's already installed, just do nothing
$Installed = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -eq "Bitdefender Endpoint Security Tools" }
if ($Installed) {
Write-Output "Bitdefender already installed. Exiting."
Exit 0
}
$BitdefenderURL = "setupdownloader_[$CompanyHash].exe"
$BaseURL = "https://cloud.gravityzone.bitdefender.com/Packages/BSTWIN/0/"
$URL = $BaseURL + $BitdefenderURL
$Destination = 'C:\Windows\Temp\setupdownloader.exe'
try
{
Write-Output "Beginning download of Bitdefender to $Destination"
Invoke-WebRequest -Uri $URL -OutFile $Destination
}
catch
{
Write-Output "Error Downloading - $_.Exception.Response.StatusCode.value_"
Write-Output $_
Exit 1
}
# Check if a previous attempt failed, leaving the installer in the temp directory and breaking the script
$FullDestination = "$DestinationPath\setupdownloader_[$CompanyHash].exe"
if (Test-Path $FullDestination) {
Remove-Item $FullDestination
Write-Out "Removed $FullDestination..."
}
Rename-Item -Path $Destination -NewName "setupdownloader_[$CompanyHash].exe"
Write-Output "Download succeeded, beginning install..."
Start-Process -FilePath "C:\Windows\Temp\$BitdefenderURL" -ArgumentList "/bdparams /silent silent" -Wait -NoNewWindow
# Wait an additional 30 seconds after the installer process completes to verify installation
Start-Sleep -Seconds 30
$Installed = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -eq "Bitdefender Endpoint Security Tools" }
if ($Installed) {
Write-Output "Bitdefender successfully installed."
Exit 0
}
else {
Write-Output "ERROR: Failed to install Bitdefender"
Exit 1
}
Raw
best.sh
# Get the download url for the Mac installer from your GravityZone server and put it here
DownloadUrl=""
### Modify below this line at your own risk!
# Check if BDLDaemon is already running
PROCESS=BDLDaemon
count=$(ps aux | grep -v grep | grep -ci $PROCESS)
if [ $count -gt 0 ]; then
echo "Bitdefender is already installed..."
exit 0
fi
# Verify JumpCloud MDM
verify_jc_mdm (){
# Check the system for the following profileIdentifier
mdmID="com.jumpcloud.mdm"
check=$(profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}')
if [[ $check == *$mdmID* ]] ; then
echo "ProfileIdentifier: ${mdmID} found on system. MDM Verified"
return
else
echo "JumpCloud MDM profile not found on system."
false
fi
}
if ! verify_jc_mdm "$":; then
echo "Device is not yet supervised..."
exit 0
fi
# Locate DMG Download Link From URL
regex='^https.*.dmg$'
if [[ $DownloadUrl =~ $regex ]]; then
echo "URL points to direct DMG download"
validLink="True"
else
echo "Searching headers for download links"
urlHead=$(curl -s --head $DownloadUrl)
locationSearch=$(echo "$urlHead" | grep https:)
if [ -n "$locationSearch" ]; then
locationRaw=$(echo "$locationSearch" | cut -d' ' -f2)
locationFormatted="$(echo "${locationRaw}" | tr -d '[:space:]')"
regex='^https.*'
if [[ $locationFormatted =~ $regex ]]; then
echo "Download link found"
DownloadUrl=$(echo "$locationFormatted")
else
echo "No https location download link found in headers"
exit 1
fi
else
echo "No location download link found in headers"
exit 1
fi
fi
#Create Temp Folder
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir /tmp/$TempFolder
# Navigate to Temp Folder
cd /tmp/$TempFolder
# Download File into Temp Folder
curl -s -O "$DownloadUrl"
# Capture name of Download File
DownloadFile="$(ls)"
echo "Downloaded $DownloadFile to /tmp/$TempFolder"
# Verifies DMG File
regex='\.dmg$'
if [[ $DownloadFile =~ $regex ]]; then
DMGFile="$(echo "$DownloadFile")"
echo "DMG File Found: $DMGFile"
else
echo "File: $DownloadFile is not a DMG"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
fi
# Mount DMG File -nobrowse prevents the volume from popping up in Finder
hdiutilAttach=$(hdiutil attach /tmp/$TempFolder/$DMGFile -nobrowse)
echo "Used hdiutil to mount $DMGFile "
err=$?
if [ ${err} -ne 0 ]; then
echo "Could not mount $DMGFile Error: ${err}"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
fi
regex='\/Volumes\/.*'
if [[ $hdiutilAttach =~ $regex ]]; then
DMGVolume="${BASH_REMATCH[@]}"
echo "Located DMG Volume: $DMGVolume"
else
echo "DMG Volume not found"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
fi
# Identify the mount point for the DMG file
DMGMountPoint="$(hdiutil info | grep "$DMGVolume" | awk '{ print $1 }')"
echo "Located DMG Mount Point: $DMGMountPoint"
# Capture name of App file
cd "$DMGVolume/SetupDownloader.app/Contents/MacOS/"
./SetupDownloader
Raw
best_unsigned.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AllowUserOverrides</key>
<true/>
<key>AllowedSystemExtensions</key>
<dict>
<key>GUNFMW623Y</key>
<array>
<string>com.bitdefender.cst.net.dci.dci-network-extension</string>
</array>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>System Extensions</string>
<key>PayloadIdentifier</key>
<string>C4CC343D-B6B3-42AA-BDBE-17A87938BE42</string>
<key>PayloadOrganization</key>
<string>Bitdefender Vendor Payload</string>
<key>PayloadType</key>
<string>com.apple.system-extension-policy</string>
<key>PayloadUUID</key>
<string>C4CC343D-B6B3-42AA-BDBE-17A87938BE42</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Privacy Preferences Policy Control</string>
<key>PayloadIdentifier</key>
<string>A8D2FB69-FE19-4F76-8E9E-E0FD82F4F08F</string>
<key>PayloadOrganization</key>
<string>Bitdefender Vendor Payload</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>A8D2FB69-FE19-4F76-8E9E-E0FD82F4F08F</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<integer>1</integer>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string>
<key>Identifier</key>
<string>com.bitdefender.epsecurity.BDLDaemonApp</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
<dict>
<key>Allowed</key>
<integer>1</integer>
<key>CodeRequirement</key>
<string>identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y</string>
<key>Identifier</key>
<string>com.bitdefender.EndpointSecurityforMac</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
</array>
</dict>
</dict>
<dict>
<key>FilterPacketProviderBundleIdentifier</key>
<string>com.bitdefender.cst.net.dci.dci-network-extension</string>
<key>FilterPacketProviderDesignatedRequirement</key>
<string>anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string>
<key>FilterPackets</key>
<true/>
<key>FilterSockets</key>
<false/>
<key>FilterType</key>
<string>Plugin</string>
<key>PayloadDisplayName</key>
<string>Web Content Filter Payload</string>
<key>PayloadIdentifier</key>
<string>CDB57D2F-44EF-4386-A2BE-530E1EAB71AE</string>
<key>PayloadOrganization</key>
<string>JAMF Software</string>
<key>PayloadType</key>
<string>com.apple.webcontent-filter</string>
<key>PayloadUUID</key>
<string>CDB57D2F-44EF-4386-A2BE-530E1EAB71AE</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PluginBundleID</key>
<string>com.bitdefender.epsecurity.BDLDaemonApp</string>
<key>UserDefinedName</key>
<string>Bitdefender</string>
<key>VendorConfig</key>
<dict/>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>BitDefender</string>
<key>PayloadIdentifier</key>
<string>8758FD71-64D2-4739-8836-7838BE671CCE</string>
<key>PayloadOrganization</key>
<string>Bitdefender GravityZone.</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>B3EB5B54-D81F-4670-B586-53E8D1944AC2</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment