150 S Camino Seco, Suite 118 Tucson, AZ

(+1) 520-290-0595

Open : Mon-Fri 09:00am – 4:00pm



Bitdefender Error 87 on remote deployment using SonicWALL gateway – A/V exclusion settings – revised with test file

Written By :

Category :

Bitdefender

Posted On :

Share This :

Bitdefender remote deployment 87 error is a missing file / files in the deployment package 99% of the time.  And SonicWALL is infamous for blocking A/V file downloads and updates:

If you want to do a quick check, try downloading this file from within your network or from the relay. If you try to download it in a network with the Sonicwall GAV enabled, the file will fail to download or will download with 0 bytes:

http://download.bitdefender.com/SMB/Hydra/release/bst_win/6.6.6.84/win32/EPMaintenanceService.exe

If you try to download it in a network with the Sonicwall GAV enabled, the file will fail to download or will download with 0 bytes.



Below is what I have for a SonicWALL AV exceptions.  The address objects should be able to be applied to antivirus filtering, packet inspection and content filtering.  In SonicWALL create an Address Group and add the following to a new group called Bitdefender Downloads.  All address object entries should be entered as FQDN in the Address Object Box. Due to Bitdefender’s Azure Servers and Failover Servers you cannot use IP addresses!

download.bitdefender.com

upgrade.bitdefender.com

update.cloud.2d585.cdn.bitdefender.net

submit.bitdefender.com

lv2.bitdefender.com

*.v1.bdnsrt.org

nimbus.bitdefender.net

*.bitdfender.com

*.bitdefender.net

Additionally add the FQDN name of your internal Relay Server(s)
Add this address group to the existing Address Object Group called Gateway AV Bypass

Then in SonicWALL go to Security Services, Gateway Anti-Virus and select the box Configure Gateway Anti-Virus and ensure that in the section
called Gateway AV Exclusion List that the checkbox for  Enable Gateway AV Exclusion List is Enabled, the radio button next to Use Address Object is Checked, and that the Gateway AV Bypass address object group is selected in the dropdown box.

https://www.experts-exchange.com/articles/31176/SonicWall-Blocking-Update-Downloads.html

Once these settings are applied, the Bitdefender relay will now be able to download the installation packages and updates.  However, if the error persists after this is done, we will want to refresh the relay installation files.  To do this:

Reconfigure the relay client to remove the relay function

Wait 5 minutes for Bitdefender to push the settings, and the relay files will be automatically removed

Then reconfigure the relay client again to add back the relay function

Wait anywhere from 10 minutes to 1 hour for the relay to configure and download all the files.

Try the remote deployment again.

If the remote deployment fails again, please create a trouble shooting log and send it in for evaluation.  If it is still missing a file, we can then see the missing file and go look for it on the relay!

Below is a reference for all the egress ports and URLs that need to be allowed (in the Endpoint Security / Bitdefender Endpoint Security Tools (BEST) section.):

https://www.bitdefender.com/support/bitdefender-gravityzone-(cloud-console)-communication-ports-1256.html

Please confirm that the endpoints affected can connect to port 80 for the following URL:   update.cloud.2d585.cdn.bitdefender.net  

Please ensure that the following URL is also accessible from your endpoints:    https://cloud-ecs.gravityzone.bitdefender.com:443

Ready To Learn What Advantage Can Do For You?