Microsoft Endpoint Manager Configuration Manager (MEMCM / SCCM) and Microsoft Intune use Detection Rules to determine the presence of Applications & Win32 Apps. The detection rules ensure that application installations only begin to run if the application is not already installed on the device. This article will serve as an informative guide and give you a clear understanding of how to create an updated custom detection script for each new version of Bitdefender Anti-Ransomware using PowerShell.
How to Create a Custom Detection Script for Bitdefender Anti-Ransomware
Bitdefender Anti-Ransomware (File Detection Method)
- Install the version of Bitdefender Anti-Ransomware you want to deploy on a test box or VM
- Check out the following posts for further details
- Open Windows PowerShell ISE by Right-Clicking on Windows PowerShell ISE and selecting Run as Administrator
- Copy the following code into the Windows PowerShell ISE
## Check for Bitdefender Anti-Ransomware (File Detection Method) $BDAntiRansomwareExe = (Get-ChildItem -Path "C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe" -ErrorAction SilentlyContinue) $BDAntiRansomwareExe.FullName $BDAntiRansomwarePath = $($BDAntiRansomwareExe.FullName).Replace("C:\Program Files\","") $FileVersion = (Get-Item -Path "$($BDAntiRansomwareExe.FullName)" -ErrorAction SilentlyContinue).VersionInfo.FileVersionRaw ## Create Text File with Bitdefender Anti-Ransomware File Detection Method $FilePath = "C:\Windows\Temp\BDAntiRansomware_Detection_Method.txt" New-Item -Path "$FilePath" -Force Set-Content -Path "$FilePath" -Value "If([String](Get-Item -Path `"`$Env:ProgramFiles\$BDAntiRansomwarePath`" -ErrorAction SilentlyContinue).VersionInfo.FileVersionRaw -ge `"$FileVersion`"){" Add-Content -Path "$FilePath" -Value "Write-Host `"Installed`"" Add-Content -Path "$FilePath" -Value "Exit 0" Add-Content -Path "$FilePath" -Value "}" Add-Content -Path "$FilePath" -Value "else {" Add-Content -Path "$FilePath" -Value "Exit 1" Add-Content -Path "$FilePath" -Value "}" Invoke-Item $FilePath
- Click Run Script (F5)
- A text file will open with the Bitdefender Anti-Ransomware Detection Method script required to detect the current version of Bitdefender Anti-Ransomware that is installed on the device you are running the script from.
Example:
If([String](Get-Item -Path "$Env:ProgramFiles\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe" -ErrorAction SilentlyContinue).VersionInfo.FileVersionRaw -ge "1.0.12.151"){ Write-Host "Installed" Exit 0 } else { Exit 1 }
- Copy the Bitdefender Anti-Ransomware Detection Method script content into the Custom Detection Rules (Script)
- Microsoft Endpoint Manager Configuration Manager (MEMCM / SCCM)
- Microsoft Intune
Bitdefender Anti-Ransomware (Registry Detection Method)
- Install the version of Bitdefender Anti-Ransomware you want to deploy on a test box or VM
- Check out the following posts for further details
- Open Windows PowerShell ISE by Right-Clicking on Windows PowerShell ISE and selecting Run as Administrator
- Copy the following code into the Windows PowerShell ISE
## Check for Bitdefender Anti-Ransomware (Registry Detection Method) $BDAntiRansomware = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Where-Object {$_.DisplayName -match 'BDAntiRansomware' } | Select-Object -Property DisplayName, DisplayVersion, PSChildName $BDAntiRansomware.DisplayVersion $BDAntiRansomware.PSChildName ## Create Text File with Bitdefender Anti-Ransomware Registry Detection Method $FilePath = "C:\Windows\Temp\BDAntiRansomware_Detection_Method.txt" New-Item -Path "$FilePath" -Force Set-Content -Path "$FilePath" -Value "If([Version](Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$($BDAntiRansomware.PSChildName)' -Name DisplayVersion -ea SilentlyContinue) -ge '$($BDAntiRansomware.DisplayVersion)') {" Add-Content -Path "$FilePath" -Value "Write-Host `"Installed`"" Add-Content -Path "$FilePath" -Value "Exit 0" Add-Content -Path "$FilePath" -Value "}" Add-Content -Path "$FilePath" -Value "else {" Add-Content -Path "$FilePath" -Value "Exit 1" Add-Content -Path "$FilePath" -Value "}" Invoke-Item $FilePath
- Click Run Script (F5)
- A text file will open with the Bitdefender Anti-Ransomware Detection Method script required to detect the current version of Bitdefender Anti-Ransomware that is installed on the device you are running the script from.
Example:
If([Version](Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1' -Name DisplayVersion -ea SilentlyContinue) -ge '1.0.12.151') { Write-Host "Installed" Exit 0 } else { Exit 1 }
- Copy the Bitdefender Anti-Ransomware Detection Method script content into the Custom Detection Rules (Script)
- Microsoft Endpoint Manager Configuration Manager (MEMCM / SCCM)
- Microsoft Intune
Always make sure to test everything in a development environment prior to implementing anything into production. The information in this article is provided “As Is” without warranty of any kind.