Troubleshooting
Finding the Bitdefender Endpoint Security Tools product version in registry editor
Use this method of checking the product version if silent mode is enabled.
To find BEST product version in Registry Editor:
Open the Run window (Win + R).
Type
regeditand press Enter. Click Yes if prompted by User Account Control.Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Endpoint Security.Find the BEST product version in the DisplayVersion registry key.
Using the Power User module
Enabling the Power User module in Bitdefender Endpoint Security Tools will allow you to use it for troubleshooting purposes (e.g. policy settings or exclusions).
Overview
Power User is a module designed for troubleshooting purposes and gives you administrative rights at endpoint level.
This way you can access and change policy settings locally, through the Bitdefender Endpoint Security Tools interface.
Note
Through Power User you can access the settings of a limited set of modules such as:
Antimalware
Firewall
Network Protection
Device Control
Enable Power User
Once the module is installed on the machine, follow these steps:
Go to the Policies page.
Select the applied policy or the one that you want to apply on your computers.
Go to General and click Settings.
Select the Power User check box.
Set a password.
Click the Save button.
Apply the policy if it was not applied previously.
Access Power User
To access Power User:
Right-click the Bitdefender Endpoint Security Tools system tray icon and select Power User from the contextual menu.
Enter the password in the login window. The Power User window pops up. Here you can view the policy settings.
Modify the policy settings you are interested in. For more information, refer to Security management.
BEST BSOD caused by UsrDNIeCertStore.dll - TC-FNMT
UsrDNIeCertStore.dll, which is part of TC-FNMT software or módulo criptográfico DNIe, can sometimes cause a BSOD when using alongside BEST.
To fix this issue update applications that use UsrDNIeCertStore.dll to the latest version from the below link:
BEST services no longer running on Windows 7
An issue where BEST services no longer start has been observed on Windows 7 (32-bit or 64-bit) operating systems that are not up to date. Trying to manually launch the Security Console will result in the process crashing:
When encountering this issue, you must install Microsoft security update KB2533623 on the endpoint where the error is being received.
You can download the KB from Microsoft from the following site by selecting the Windows 7 operating system and architecture: Update for Windows 7 (KB2533623).
Note
We strongly recommend that you update your operating system on a regular basis with the latest security patches, updates, and drivers.
You can download the latest KB4457144, with additional fixes including KB2533623, from Microsoft.
Details of KB4457144: September 11, 2018—KB4457144 (Monthly Rollup).
Standalone package: Microsoft Update Catalog - KB4457144.
Note
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the Microsoft website.
Cloning a Windows machine without Sysprep tool with BEST installed
This section provides a solution for situations when you cannot use Sysprep tool to create a Windows system clone while the Bitdefender security agent is installed.
This section addresses the scenario where you use other solutions than Microsoft Sysprep (such as VMWare QuickPrep) to create a Windows clone while the Bitdefender security agent is installed.
Issue
When cloning a Windows system, Sysprep tool is able to reset the unique ID generated by the Bitdefender agent and used by GravityZone for identification. If creating a clone without resetting the ID, the machine will have duplicate entries in the GravityZone inventory.
Solution
Note
You must perform this solution before completing the Windows image and before starting deploying it on the machines.
When you cannot use Sysprep to reset the unique ID assigned to each managed machine, follow these steps:
Run the patch.
Restart the machine immediately and the unique identifier will be regenerated.
Cloning a Windows system with Sysprep tool with BEST installed
This section shows how to troubleshoot cloning a Windows system with the Sysprep /generalize command when Endpoint Security, Bitdefender Tools, or Bitdefender Endpoint Security Tools (BEST) are installed. The "Windows could not finish configuring the system. To attempt to resume configuration, restart the computer." error may appear at Windows startup.
Symptoms
When using System Preparation tool to generalize a Windows installation by running the sysprep /generalize command, and antivirus is present on the Windows machine that you want to clone, Sysprep may be unable to run properly due to antivirus self-protection.
The "Windows could not finish configuring the system. To attempt to resume configuration, restart the computer." error may appear at Windows startup.
Troubleshooting
This procedure applies if one of the following Bitdefender security agents is installed on the endpoint: Bitdefender Endpoint Security Tools (BEST), Endpoint Security, and Bitdefender Tools.
To determine if the issue is generated by the Bitdefender security agent:
Press SHIFT+F10to open a Command Prompt window.Navigate to
C:WindowsPanther.Copy the Setup.etl file from the corrupted system to a second Windows machine.
Note
For ease of access, you may put it on the root of the
C:drive.Open a Command Prompt window on the second Windows computer.
Navigate to the location where you saved the file.
Type
tracerpt setup.etl -o logfile.csvOpen logfile.csv in your text editor of choice.
Search for "Failed to process reg key or one of its descendants" message.
E.g.: "Failed to process reg key or one of its descendants: [REGISTRYMACHINESOFTWAREBitdefender]"
Solution
To overcome this error when the endpoint is protected by Bitdefender, follow these steps:
For environments with Active Directory
Make sure that Windows OS and Endpoint Security by Bitdefender are up to date.
Create a Group Policy Object (GPO): Group Policy Management Console (
gpmc.msc) > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) > Double-click onShutdown> Add the script to be run at every shutdown.Assign this Group Policy to be applied only on the machine that will be used as Master Machine (the machine that will be used for sysprep).
Run:
sysprep /generalize.
For environments without Active Directory
Make sure that Windows OS and Endpoint Security by Bitdefender are up to date.
Add the script to a local shutdown policy: Local Group Policy Editor (
gpedit.msc) > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) > Double-click on Shutdown > Add the script to be run at every shutdown.Run sysprep /generalize.Remove the Local Policy from the newly cloned machine.
Note
Bitdefender Endpoint Security Patch for Sysprep is updated regularly, so before cloning the virtual machine, download the patch again to make sure that you have the latest version.
Related articles
Microsoft Technet articles:
Sysprep (Generalize) a Windows installation
Windows could not finish configuring the system error after sysprep /generalize
Tamper Protection in Bitdefender Endpoint Security Tools for Windows
This section explains the role of Tamper Protection in Bitdefender Endpoint Security Tools for Windows.
Tamper Protection is a functionality that prevents Bitdefender Endpoint Security Tools (BEST) for Windows from being disabled or deleted by malicious software.
Tamper Protection prevents the following actions:
Changing or deleting the product files.
Editing or deleting BEST registry keys.
Stopping BEST processes.
This functionality is automatically activated in BEST.
Additionally, GravityZone administrators can configure an uninstall password via policy to prevent unauthorized removal of BEST by local administrators.