CLOUD SOLUTIONS

Troubleshooting

Finding the Bitdefender Endpoint Security Tools product version in registry editor

Use this method of checking the product version if silent mode is enabled.

To find BEST product version in Registry Editor:

  1. Open the Run window (Win + R).

  2. Type regedit and press Enter. Click Yes if prompted by User Account Control.

  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Endpoint Security.

  4. Find the BEST product version in the DisplayVersion registry key.

Using the Power User module

Enabling the Power User module in Bitdefender Endpoint Security Tools will allow you to use it for troubleshooting purposes (e.g. policy settings or exclusions).

Overview

Power User is a module designed for troubleshooting purposes and gives you administrative rights at endpoint level.

This way you can access and change policy settings locally, through the Bitdefender Endpoint Security Tools interface.

Note

Through Power User you can access the settings of a limited set of modules such as:

  • Antimalware

  • Firewall

  • Network Protection

  • Device Control

Enable Power User

Once the module is installed on the machine, follow these steps:

  1. Go to the Policies page.

  2. Select the applied policy or the one that you want to apply on your computers.

    16991_3.png
  3. Go to General and click Settings.

  4. Select the Power User check box.

  5. Set a password.

  6. Click the Save button.

  7. Apply the policy if it was not applied previously.

    power-user-console-settings.png
Access Power User

To access Power User:

  1. Right-click the Bitdefender Endpoint Security Tools system tray icon and select Power User from the contextual menu.

    16991_5.png
  2. Enter the password in the login window. The Power User window pops up. Here you can view the policy settings.

  3. Modify the policy settings you are interested in. For more information, refer to the Administrator’s Guide.

BEST BSOD caused by UsrDNIeCertStore.dll - TC-FNMT

UsrDNIeCertStore.dll, which is part of TC-FNMT software or módulo criptográfico DNIe, can sometimes cause a BSOD when using along side BEST.

To fix this issue update applications that use UsrDNIeCertStore.dll to latest version from the below link:

https://www.sede.fnmt.gob.es/en/descargas/descarga-software

BEST services no longer running on Windows 7

An issue where BEST services no longer start has been observed on Windows 7 (32-bit or 64-bit) operating systems that are not up to date.Trying to manually launch the Security Console will result in the process crashing:

22064_1.png

When encountering this issue, you must install Microsoft security update KB2533623 on the endpoint where the error is being received.

You can download the KB from Microsoft from the following site by selecting the Windows 7 operating system and architecture: Update for Windows 7 (KB2533623).

Note

We strongly recommend that you update your operating system on a regular basis with the latest security patches, updates, and drivers.

You can download the latest KB4457144, with additional fixes including KB2533623, from Microsoft.

Note

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the Microsoft website.

Cloning a Windows machine without Sysprep tool with BEST installed

This section provides a solution for situations when you cannot use Sysprep tool to create a Windows system clone while the Bitdefender security agent is installed on.

This section addresses the scenario where you use other solution than Microsoft Sysprep (such as VMWare QuickPrep) to create a Windows clone while the Bitdefender security agent is installed on.

Cloning a Windows system with Sysprep tool with BEST installed

This section shows how to troubleshoot cloning a Windows system with the Sysprep /generalize command when Endpoint Security, Bitdefender Tools or Bitdefender Endpoint Security Tools (BEST) are installed. The "Windows could not finish configuring the system. To attempt to resume configuration, restart the computer." error may appear at Windows startup.

Symptoms

When using System Preparation tool to generalize a Windows installation by running the sysprep /generalize command, and an antivirus is present on the Windows machine that you want to clone, Sysprep may be unable to run properly due to antivirus self-protection.

The "Windows could not finish configuring the system. To attempt to resume configuration, restart the computer." error may appear at Windows startup.

8259_1.png
Troubleshooting

This procedure applies if one of the following Bitdefender security agents is installed on the endpoint: Bitdefender Endpoint Security Tools (BEST), Endpoint Security, and Bitdefender Tools.

To determine if the issue is generated by the Bitdefender security agent:

  1. Press SHIFT+F10 to open a Command Prompt window.

  2. Navigate to C:WindowsPanther.

  3. Copy the Setup.etl file from the corrupted system to a second Windows machine.

    Note

    For ease of access, you may put it on the root of the C: drive.

  4. Open a Command Prompt window on the second Windows computer.

  5. Navigate to the location where you saved the file.

  6. Type tracerpt setup.etl -o logfile.csv

  7. Open logfile.csv in your text editor of choice.

  8. Search for "Failed to process reg key or one of its descendants" message.

    E.g.: "Failed to process reg key or one of its descendants: [REGISTRYMACHINESOFTWAREBitdefender]"

Solution

To overcome this error when the endpoint is protected by Bitdefender, follow these steps:

For environments with Active Directory
  1. Make sure that Windows OS and Endpoint Security by Bitdefender are up to date.

  2. Download Bitdefender Endpoint Security Patch for Sysprep.

  3. Create a Group Policy Object (GPO): Group Policy Management Console (gpmc.msc) > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) > Double-click on Shutdown > Add the script to be run at every shutdown.

  4. Assign this Group Policy to be applied only on the machine that will be used as Master Machine (the machine that will be used for sysprep).

  5. Run: sysprep /generalize.

For environments without Active Directory
  1. Make sure that Windows OS and Endpoint Security by Bitdefender are up to date.

  2. Download Bitdefender Endpoint Security Patch for Sysprep.

  3. Add the script to a local shutdown policy: Local Group Policy Editor (gpedit.msc) > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) > Double-click on Shutdown > Add the script to be run at every shutdown.

  4. Run sysprep /generalize.

  5. Remove the Local Policy from the newly cloned machine.

    Note

    Bitdefender Endpoint Security Patch for Sysprep is updated regularly, so before cloning the virtual machine, download the patch again to make sure that you have the latest version.

Related articles

Microsoft Technet articles:

What is Sysprep?

Sysprep (Generalize) a Windows installation

Windows could not finish configuring the system error after sysprep /generalize

Tamper Protection in Bitdefender Endpoint Security Tools for Windows

This section explains the role of Tamper Protection in Bitdefender Endpoint Security Tools for Windows.

Tamper Protection is a functionality that prevents Bitdefender Endpoint Security Tools (BEST) for Windows from being disabled or deleted by malicious software.

Tamper Protection prevents the following actions:

  • Changing or deleting the product files.

  • Editing or deleting BEST registry keys.

  • Stopping BEST processes.

This functionality is automatically activated in BEST.

Additionally, GravityZone administrators can configure an uninstall password via policy to prevent unauthorized removal of BEST by local administrators.