Synchronizing ConnectWise Automate computers with GravityZone
Note
Bitdefender has started a controlled rollout of advanced computer synchronization features, as described in this section. For users to be eligible for the rollout process, they need to install the plugin version 1.4.0.167 or later. In the following period, Bitdefender will progressively deliver the new features to eligible users, with the aim of reaching the entire installation base as soon as possible.
In the Deployment section, you can configure how to deploy the Bitdefender security agent (Bitdefender Endpoint Security Tools) to your managed machines in ConnectWise Automate Control Center. For details on the features available with Bitdefender Endpoint Security Tools, refer to Security agents.
Deployment Settings
Note
For users using plugin version 1.4.0.167 or later that and are not eligible for the rollout process of advanced computer synchronization features, the Computer Synchronization Options section will not available. Instead under Deployment Options, the Automatic Deployment Retry option will be available to select the time interval on which the Bitdefender security agent will try again to install if an error occurs.
In the Deployment Settings section, the integration allows you to configure the settings for deploying the Bitdefender security agent through the integration on new unprotected machines in the ConnectWise Automate Control Center inventory.
To configure the security agent deployment settings, follow these steps:
Under Deployment Options, select one of these options:
Next to Download Timeout, select a time limit within which the installation package should be downloaded.
Use the On/Off switch to enable or disable Setup Downloader for the security agent deployment.
When Setup Downloader is enabled, the Bitdefender Plugin uses this file to deploy the Bitdefender security agent on Windows computers instead of the full kit.
Note
The Enable Setup Downloader option does not support Linux and macOS. On computers running Linux and macOS, the Plugin continues using the full kit when deploying the Bitdefender security agent.
Under Installation Options, select Automatically reboot if needed. This option is useful when the computer needs to restart following the Bitdefender security agent installation. If you leave this check box unselected, the endpoint will remain unprotected until the next manual reboot.
Under Computer Synchronization Options, configure the scope and event handling for the synchronized computer.
The options for the computer synchronization options are the main tool for you to control the synchronization of ConnectWise computers. The computer synchronization task is performed automatically by the plugin each hour.
Configuring computer synchronization options
These options cover two areas:
Scope – it refers to the computers affected by the sync task. They may be:
Only synchronized entities – the sync task operates on ConnectWise Automate computers that have an association GravityZone endpoint.
Entire inventory – the sync task operates on all computers, regardless they have an association with GravityZone endpoint or not.
Event actions – they refer to the behavior of the sync task related in relation to the generated events. They may be:
Report only – the task only reports events in the interface and you have to handle them manually.
Handle – the task tries to handle the events according to the configured options.
To configure the Computer Synchronization Level settings, follow these steps:
Select one of the available options, as described in the table below.
Computer Synchronization level
Scope
Event actions
Monitor and report synchronized computer status
The sync task operates only on computers that have an association.
The sync task only reports events in the Computers Events screen. It ignores the options in the Synchronization Event Handling section.
Monitor and handle synchronized computer status
The sync task operates only on computers that have an association.
The sync task handles events according to the options in the Synchronization Event Handling section.
Automatic computer synchronization
The sync task operates on all computers (whether they have an association or not), except exclusions.
The sync task handles events according to the options in the Synchronization Event Handling section.
Note
The Automatic computer synchronization level has in scope for Bitdefender security agent deployment all computers belonging to mapped ConnectWise clients.
To exclude computers, clients, and locations from installing the Bidefender agent, please create exclusions under Deployment Exclusions.
Select the type of action for handling each event:
Automatic - the synchronization task tries to handle the event without your intervention. If it fails, the event will be presented to user for manual fixing.
Manual - you have to manually handle each event generated in the Client Events screen of the plugin.
The synchronization task applies the configured actions only if you selected Monitor and handle synchronized computer status or Automatic computer synchronization.
For example, if you select Automatic computer synchronization and the event handling for all the generated events is set to Manual, the sync task will generate events for possible synchronization issues, but it will not handle them. That means you need to go to the Computer Events screen and take any actions there manually.
Click Save Settings to apply the configuration.
The synchronization task starts generating and handling events within the next hour.
Automatic actions for synchronization events
The following table describes the automatic actions taken by computer synchronization task on each generated event:
Event type | Automatic action |
Destination Moved | Moves the Bitdefender security agent in GravityZone to match the inventory location in ConnectWise Automate Control center, inside the same clients or between clients. |
Destination Deleted | Reinstalls the Bitdefender security agent on the computer. |
Rogue Endpoint | Moves the Bitdefender security agent in GravityZone to match the inventory location in ConnectWise Automate Control center and force the uninstallation/reinstallation of the Bitdefender security agent. |
Note
Automatic action for event type Rogue Endpoint is available only for Windows OS computers. For Linux and MacOS, the event must be handled automatically by the ConnectWise Automate Control Center admin by locally uninstalling the rogue Bitdefender security agent.
Manual actions for synchronization events
You can view and handle synchronization events manually in the Computer Events screen. This section displays only events that have been configure for manual handling or that the system has failed to handle automatically.
To handle an event, follow these steps:
In the Computer Events grid, select the check box corresponding to the event and click Handle event.
In the details window, select an action from the predefined list.
The available actions for each event are described in the table below. Each event has two or more possible actions.
Event type | Description | Manual actions |
Destination Moved | The computer was moved from its original location, inside the same client or between clients. |
|
Destination Deleted | The Bitdefender security agent was uninstalled from the ConnectWise computer. |
|
Association Missing | The Bitdefender security agent is not associated with the ConnectWise Automate. |
|
Rogue Endpoint | The Bitdefender agent was found outside the target client or tenant. |
|
Destination Creation | The Bitdefender agent is not installed on the ConnectWise computer. |
|
Source Deleted | The computer located in the ConnectWise client is no longer present. |
|
Auto Deployment
The integration uses auto deployment to install the Bitdefender agent on new unprotected machines. The deployment attempts to install the Bitdefender agent once per day only if it is enabled for the specific location, and the target computer has not been excluded.
Note
If the Computer Synchronization Level under the Deployment Settings section is set on "Automatic computer synchronization", all mapped inventory is in scope for Bitdefender agent deployment.
You can select Auto Deployment for Windows workstations and servers, macOS, and Linux machines.
In Automate Control Center, go to Tools > Bitdefender GravityZone.
Go to Auto Deployment.
Select the check boxes corresponding to your target machines.
Click Save Settings in the upper right-hand corner to confirm the changes.
Once enabled, the automatic deployment starts within 10 to 15 minutes.
Deployment Actions
In the Deployment Actions section, you can manually start installation or uninstallation commands on machines, clients, or locations. Use the right-side menu to make specific selections.
The right-side menu has the specific selections grayed out if the action is not applicable. For example, unprotected machines have the Uninstall GravityZone and Sync Features buttons grayed out.
To install the Bitdefender agent:
Select one or more targets.
Click Sync GravityZone.
An install task starts for selected machines that have the Bitdefender agent not installed. If the Bitdefender agent is installed, the Sync GravityZone action will synchronize the status of the computer and check if:
The computer moved inside the client locations or between clients from the same tenant.
The Bitdefender agent was uninstalled.
The locally Bitdefender agent belongs to another GravityZone company that is not part of the ConnectWise tenant.
The computer is still present in ConnectWise.
ConnectWise Automate Control Center must remain open until the installation is complete to avoid aborting the process. If any issues are found, or if the Bidefender agent installation was not successful, an event will be generated under Computer Events.
To uninstall the Bitdefender agent:
Select one or more targets.
Click Uninstall GravityZone.
Click Uninstall.
An uninstall agent task starts for selected machines.
To sync the currently installed Bitdefender agent features against the asigned package or policy:
Select one ore more targets that have the Bitdefender agent installed.
Click Sync Features.
An assessment will be performed locally on each target machine to determine if there are any features that need to be added or removed. Depending on the configured synchronization type, features active in the assigned policy or features active in the installation package will be added or removed. The option is only available for Windows operating systems.
Note
The synchronization type is configured in the Client Mapping or Client Subscriptions section in the Deployment Modes wizard and displayed in the Sync Type column:
Package - Package Defaults or Custom Package
Policy - Sync with Policies
The Deployment Actions page displays several statuses that indicate if the GravityZone protection is present on machines or not:
Installed
Verification Pending
Not Installed
Installed without features
Installed with Issues (related to macOS permissions for full disk access and kernel extensions, and to Linux critical services not started:
bdsrvscand,epagdorbdlogd)Install Pending
Uninstall Pending.
Deployment Exclusions
In the Deployment Exclusions section, you can exclude machines, clients, and locations from installing the Bitdefender agent on them. Use the right-side menu to make specific selections.
To exclude certain machines from agent installation:
Select one or more machines.
Click Enable Exclude.
To remove an exclusion:
Select one or more excluded machines.
Click Disable Exclude.
Note
The Deployments Exclusions section is available in the Bitdefender GravityZone area and in the Client and Location screens.
Deployment History
The Deployment History section displays the list of install and uninstall commands started on machines in the past. Each entry provides you the following details:
Client name
Location
Computer name
Command type (installation or uninstallation)
Command status (whether the command was successful, failed or it is pending or executing)
Output details
Date and time of task completion.