Bitdefender remote deployment 87 error is a missing file / files in the deployment package 99% of the time. And SonicWALL is infamous for blocking A/V file downloads and updates:
If you want to do a quick check, try downloading this file from within your network or from the relay. If you try to download it in a network with the Sonicwall GAV enabled, the file will fail to download or will download with 0 bytes:
If you try to download it in a network with the Sonicwall GAV enabled, the file will fail to download or will download with 0 bytes.
Below
is what I have for a SonicWALL AV exceptions. The address objects
should be able to be applied to antivirus filtering, packet inspection
and content filtering. In SonicWALL create an Address Group and add the
following to a new group called Bitdefender Downloads. All address
object entries should be entered as FQDN in the Address Object Box. Due
to Bitdefender’s Azure Servers and Failover Servers you cannot use IP
addresses!
download.bitdefender.com
upgrade.bitdefender.com
update.cloud.2d585.cdn.bitdefender.net
submit.bitdefender.com
lv2.bitdefender.com
*.v1.bdnsrt.org
nimbus.bitdefender.net
*.bitdfender.com
*.bitdefender.net
Additionally add the FQDN name of your internal Relay Server(s)
Add this address group to the existing Address Object Group called Gateway AV Bypass
Then
in SonicWALL go to Security Services, Gateway Anti-Virus and select the
box Configure Gateway Anti-Virus and ensure that in the section
called
Gateway AV Exclusion List that the checkbox for Enable Gateway AV
Exclusion List is Enabled, the radio button next to Use Address Object
is Checked, and that the Gateway AV Bypass address object group is
selected in the dropdown box.
Once these settings are applied, the Bitdefender relay will now be able to download the installation packages and updates. However, if the error persists after this is done, we will want to refresh the relay installation files. To do this:
Reconfigure the relay client to remove the relay function
Wait 5 minutes for Bitdefender to push the settings, and the relay files will be automatically removed
Then reconfigure the relay client again to add back the relay function
Wait anywhere from 10 minutes to 1 hour for the relay to configure and download all the files.
Try the remote deployment again.
If the remote deployment fails again, please create a trouble shooting log and send it in for evaluation. If it is still missing a file, we can then see the missing file and go look for it on the relay!
Below is a reference for all the egress ports and URLs that need to be allowed (in the Endpoint Security / Bitdefender Endpoint Security Tools (BEST) section.):
Please confirm that the endpoints affected can connect to port 80 for the following URL: update.cloud.2d585.cdn.bitdefender.net
Please ensure that the following URL is also accessible from your endpoints: https://cloud-ecs.gravityzone.bitdefender.com:443