filter Bitdefender FPs (#2109)

rules/macos/defense_evasion_install_root_certificate.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/13"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2022/07/15"
 
 [rule]
 author = ["Elastic"]
@@ -27,7 +27,9 @@ type = "query"
 
 query = '''
 event.category:process and event.type:(start or process_started) and
-  process.name:security and process.args:"add-trusted-cert"
+  process.name:security and process.args:"add-trusted-cert" and
+  not process.parent.executable:("/Library/Bitdefender/AVP/product/bin/BDCoreIssues" or "/Applications/Bitdefender/SecurityNetworkInstallerApp.app/Contents/MacOS/SecurityNetworkInstallerApp"
+)
 '''