Bitdefender saying Bitwarden's install script has a virus?

I’m trying to install Bitwarden following the instructions here:
https://bitwarden.com/help/install-on-premise-windows/#setup-docker-desktop

However, when I try to execute Step 3 that says to issue this command:
.\bitwarden.ps1 -install

Bitdefender blocks it, with the message:

PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.341.3970F0B0 and was blocked. Your device is safe

and the command errors out in powershell with the message:

At C:\Bitwarden\bitwarden.ps1:1 char:1

  • param (

This script contains malicious content and has been blocked by your antivirus software.
+ CategoryInfo : ParserError: (: ) [], ParseException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent

Is anyone else having this issue? I assume it is a false positive, but am not sure how to confirm that?

Hey @Dawg001 and welcome to the community,

I can pretty much guarantee you that it is a false positive.
Bitwarden is open-source meaning you can see the source code of what make Bitwarden tick, and can view the PowerShell self-hosted install script here.

If you can’t make sense of all the source (genuinely most of us cannot otherwise you are probably a coder) then the other thing you can do is put some trust into 3rd party auditors such as Insight Risk Consulting and Cure53 which Bitwarden has used in the past.
You can trust, but verify as well (which is extremely important IMO) as Bitwarden is very transparent and all their security reports are provided here.

In reading this Bitdefender community post your best option may be to report the error and false positive to Bitdefender to resolve though.
Regardless I hope this post helps to alleviate any worries. :slightly_smiling_face:

Thanks all, this has been shared with the team :+1:

@cksapp @bw-admin thanks for your help!

As a final update, I tried it again this morning and the BitDefender warning/block no longer appears.

2 Likes

Hello guys. I want to state that as of 19/12/2023 the problem still persists with Bitdefender when trying to execute the script. The message from the application is :

PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.341.4227C09D and was blocked. Your device is safe.

Yes, you are right the problem returned for me too.

To work around it every time I want to do an update I have been closing all other applications including my browser and then going to the main screen for the Bitdefender app, clicking on Protection - Antivirus open - Advanced - and then disabling Bitdefender Shield for the length of time it takes me to to do the update (usually less than 5 mins). Once the update is done I re-enable the Bitdefender Shield.