Recently active topics

This doc is a quick guide of finding potential instances of OpenClaw (aka Clawdbot, Moltbot) by using EPM Analytics. Please refer to Using Endpoint Privilege Management with local AI agents in our public docs. Where this worksThis works in the cases where:The application group is set up to log to EPM-SaaS The target system has the name as standard, and not obfuscated the tool with a renameQuick Analytics ChecksIn EPM SaaS, or in your SIEM / log aggregator of choice, search for Events → Filter by: Command Line → Search for any contains `openclaw`, `moltbot`, or `clawdbot` In EPM SaaS, or your SIEM / log aggregator of choice, I would recommend using the Custom Views options to save this for rechecks You can also check for file/folder contains those key wordsWhat returnsDepending on what is being logged, you could end up with a lot of noise. For instance, emails or browser visits to sites with those in the name, etc.  It could return scheduled tasks calling gateway.cmd, etc. which is a de

Hi AllI am trying to find a way to use the API to force check in of vault accounts which have had their password checked out for over 7 days,I think it is crazy to allow the PRA and the vault account members to checkout their password and allow it to stay checked out (this could be over a year) therefore they could use the password and put it into some automated tasks where it is in plain text and as it is never checked in this will always stay the same.It seems a lot safer if there was an option within PRA to force check in ( a tick box or something ) and a correct schedule that could be set that would check in all passwords on a set day and time and rotate them. Instead I am having to mess about with APIs which are not very well documented in my opinion.Therefore has anyone needed to do this and if so how did they go about it?Thank you in advance.

Hi All.I have identified two functions that are still missing in PM Cloud, and the available APIs force you into workarounds to accomplish some of these tasks.Moving a list of computer hostnames into a specific group.Overcoming two API hurdles: partial name matching, and the requirement to fetch computer IDs before using the CSV import option—since it does not support hostnames directly. 😖When you need to move computers between groups, doing it manually becomes a tedious process.In the classic Policy Editor MMC Snap-in, we had the advantage of browsing for a file and automatically pulling in its metadata. This capability has not yet been added to PM Cloud either.How have you resolved these options and are there any functions that you see missing in addition?I addressed these gaps, by creating a WebApp that handles both challenges, plus an application scanner for bulk rule uploads.Move Computers to Group allows me to upload a CSV file containing a hostname column with hostnames listed

Is it possible to archive transfer on a Remote VNC jump?

Does anyone know how to get BeyondTrust Jump Client or Customer Client working with interactivity on Intune Multi-App Kiosk machines? We have our Jump Client installed but there’s no interactivity in Kiosk mode. And Customer Client simply gets blocked. Part of the issue with whitelisting apps with AssignedAccess seems to be the multiple EXEs to whitelist and not allowing dynamic paths. E.g. I think bomgar-scc.exe needs to be whitelisted but it lives in C:\Program Files\BeyondTrust\bomgar-scc\*\ bomgar-scc.exe 

The following articles were published last week. New Knowledge Base Articles: KB0022235 - Representative Console opens in Windows mode despite last use in full screen KB0023394 - Representative console times out early ignoring Log Out Idle Representative After time setting KB0023437 - How to sync an Atlas cluster

The following articles were published last week. New Knowledge Base Articles: KB0023437 - How to sync an Atlas cluster

The following articles were published last week. New Knowledge Base Articles: KB0022135 - EPM Cloud (SaaS) client, adapter and Package Manager FAQ KB0022207 - JAWS screen reader does not narrate 'Select Reason' drop-down KB0022214 - Is Privilege Management for Windows Web Policy Editor affected by CVE-2025-24813? KB0023382 - EPM-M message does not work as expected when set to Password or Touch ID and Biometrics are not configured

The following articles were published last week. New Knowledge Base Articles: KB0022118 - Integration Accounts Sync fails with a 504 Server Error: Gateway Timeout KB0023430 - Unable to install Entitle agent error "Secret: illegal base64 data at input."

The following articles were published last week. New Knowledge Base Articles: KB0022203 - User is not able to see "Show All Safes" toggle in Secrets Safe KB0022218 - End user does not have personal folder in Secrets Safe KB0022222 - Group sync fails when selecting a specific Domain Controller in PS cloud KB0023401 - Error installing U-Series Environment Updates for January 2026 - Failed. Platform determination indeterminate KB0023406 - Analytics & Reporting Configuration Wizard fails - There was an error connecting to the server KB0023425 - Approve and Deny links in the approvers link fail to load KB0023426 - Is the email as a scheduled subscription option available for Password Safe Cloud?

When scanning assets with PWS we get an enumeration of all users that have permissions on this  system under advanced details => scan data => users However, we only see user here from the domain directly linked to this system. Users that have permissions on this system trough a trust with another domain are not enumerated. Is there any way of getting visibility on this?

Hi everyone,I have a question regarding PASM. I have users and devices managed through Password Safe, and session delivery is handled by PRA. If I want a user connecting from PRA with credentials injected from Password Safe to provide a reason for connecting, where do I configure this in PS or PRA? Also, if they need an approval workflow, where do I configure that in PS or PRA?

Hello , I see there is only TOTP MFA option in PRA . We are using PRA for external Vendor access where the accounts are quarterly reviewed but as the number of vendor grows , manual errors might increase. Also as the review can not be made more frequent , there is a possibility that Terminated vendor user still has access as they know their PRA login password and have TOTP MFA configured using a personal mobile device. These user identities are in Active Director as well as PRA internal DB. Is there any way to implement email-based MFA so that terminated user will immediately lose access as they wont have access to company email ?I see Radius auth and OKTA can be used both have separate trade-offs

I tried to install my EPM for Windows Local AD connector on a server but it failed on the activation part.Error is:[ERR] [BT.LocalAdConnector.Services.ActivationService] [9] Activation failed.System.Net.Http.HttpRequestException: No such host is known. (xxxxxx-xxxxxxxxx-services.pm.beyondtrustcloud.com:443) ---> System.Net.Sockets.SocketException (11001): No such host is known. My server is connected to my proxy server for external access and I have the policy opened from my server to xxxxxx-xxxxxxxxx-services.pm.beyondtrustcloud.com but it is not getting triggered at all. Am I missing something here? do I need any additional URL for the activation of the AD connector?

I can log into the portal but when I click on links for KB articles or cases nothing happens. If I use a direct link to a KB article I get a message that it was not found. Is anyone else experiencing problems or do I need to look for issues on my ends?

Some users intermittently encountered this error in Password Safe PAM:Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.After that error message, the session disconnects.Tech Support determined that the issue is caused due to a network-related TLS/SSL interference between the appliances and target servers. However, Networking team couldn't find any issues to fix.Please share with us if anyone encountered this type of issue.ThanksMeku

Hi Team, The customer has a requirement to maintain segregation for administrators across different sites. Could you please advise how this can be achieved? Currently, we have five sites (A, B,C,D,E,F configured in an Active-Active setup. Each site has its own set of administrators. The customer now requires segregation of duties so that administrators from one site are restricted from viewing or accessing assets, groups, or directory queries belonging to other sites. For example, administrators from the Asite should only be able to view and manage assets, groups, and directory queries related to A, and should not have visibility into resources from the other sites. Please let us know the possible approach to implement this requirement.