Windows & MacOS

Hello We have EPM Windows agent 24.x version . When a user tries to install Notepad ++ Plugins it throws UAC prompt. I created a rule with all details shown in UAC prompt such as publisher and file name . Later I removed publisher and kept just the executable name , still I get the Windows prompt instead of EPM. Has anyone faced this issue?On 25.x EPM agent with same policy , EPM is able to detect it and elevate it with Notification message 

Apologies in advanced if this is common knowledge, I mainly support our Windows environment but I’m wanting to learn more about EPM on Mac.  Most of our Mac end users utilize an Active Directory group that we grant elevated privileges with.  A discussion came up recently about Homebrew, and I asked our support techs the current process for when they swap out machines for developers on Mac.  What I’m being told, is that possibly in the past EPM used to be able to allow standard users to install Homebrew via EPM for Mac however I’m being told Homebrew is incompatible with EPM for Mac.  End users are being added as local admin as part of the process which I’m not understanding why.If anyone has documentation, KB, or first-hand knowledge of using EPM for Mac and utilizing Homebrew without having to add users to local admin, it would be much appreciated.Example of what I’m being told from my End User Computing support team about the troubleshooting cadence of Homebrew

Is there anyone worked on some kind of powershell script to generate policies, application groups etc.?Trying to create some policy automic policy making process. 

Hey All.I’ve been working with the API for PM Cloud.Thanks to BT for making the Policy Editing API available for PM Cloud — it works great in this first iteration, but we do need some tweaks 🤔I’ve created a ticket with BeyondTrust because I ran into a limitation and would like to hear everyone’s thoughts.When creating applications through the API, we are limited to using “Product Description” as the unique identifier. This prevents us from uploading applications when multiple apps share the same Product Description, even though the File Name, SHA‑256, Product Name, Publisher, etc. are different. See the sample highlighted in purple below.Upload sampleMy view is that the only criterion that can guarantee a 100% certain duplicate is the SHA‑256 value. We need some additional logic to deter

The following articles were published last week. New Knowledge Base Articles: KB0021898 - EPM-W and BITS transfer - How to allow installation KB0022280 - BeyondInsight EPM Reporting issue - Transparent details pane when in "Match System Theme" KB0023253 - BeyondInsight EPM policies not applying on some endpoints

The following articles were published last week. New Knowledge Base Articles: KB0023244 - UseAlternateTokenLaunch - What it is and how to use it KB0023245 - Validate setting fails "Unable to Connect to the Microsoft Entra ID with the provided credentials" KB0023249 - Endpoint machines domain change not showing in EPM Cloud

The following articles were published last week. New Knowledge Base Articles: KB0021348 - EPM rule not matching after using an event (Add to Policy) to create the definition KB0022462 - EndpointUtility freezes when run from elevated cmd or PowerShell

The following articles were published last week. New Knowledge Base Articles: KB0021900 - EPM-M and third party system extensions

The following articles were published last week. New Knowledge Base Articles: KB0023197 - How to add Entra ID groups or users in BI Password Safe integrated WPE

The following articles were published last week. New Knowledge Base Articles: KB0021822 - Local passwords not rotating after upgrade to Endpoint Privilege Management for Mac 24.5.3 KB0021840 - How to add and use a local AD connector in EPM Cloud KB0021899 - How to block users from accessing Users & Groups with EPM-M

Hi,just a short question. Is there a need/ recommendation for the “recommended exclusions from 3rd party anti-virus - KB0017099 ” in combination with Microsoft Defender for Endpoint?We are asking this because at the moment we do not have set these exclusions and for us the Defender is not a typical “3rd party av”. Regards,Jens

Hi  I would like to see if we can block commands in CMD for Windows Platform.If yes, how can we do a sample would help for building it.RegardsNaveen

Hi all,Im currently exploring the features and benefits of the EPM solution, and I came across the TAP functionality. I have a quick question regarding this.What is the difference between TAP configured under a Workstyle created in Enhanced Security and the TAP policy templates found under Utilities > Template Policies? I could not find any clear explanation in the documentation, or I may have missed it.I would appreciate it if someone could clarify this for me. Thanks. TAP under Workstyle created TAP template policies under Utilities > Template Policies 

Does anyone know how to implement this remediation - the instructions are very vague. BT23-08 | BeyondTrust

Dear colleagues,I have a bunch of feature requests on the ideas portal, which I would like to get some traction on.So, if you agree with me on any of these give them a vote so BT can start making things happen.https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2180https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2167https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-1922https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2161

The following articles were published last week. New Knowledge Base Articles: KB0021755 - How to enable the policy cache for Endpoint Privilege Management for Mac KB0021847 - EPM-W client failing to install "Error 2738. Could not access VBScript run time for custom action" KB0022165 - Application group rule filter is not working for Entra ID groups

Hi all,Good day. I have a question regarding the EPM agent for macOS. For this test case, I have two types of endpoints, one Windows and one macOS.I have learned about the agent installation for the Windows endpoint. This one is straightforward for my case since I only have one Windows endpoint for product evaluation. All I need to do is download the package manager and run the command to install it.But, I am still unsure about macOS. Please note that Im not familiar with macOS and this is my first time working with it for a product evaluation. My question is, for macOS, can I use the same method for the agent installation? I mean using a package manager similar to the Windows endpoint since I only have a single macOS machine.Appreciate it if someone could provide the proper guideline and advise on this.Thanks again.

Hi Team,How to block dmg file installation in EPM-M we are unable to block installation for dmg file as well as package installer. The blocking rule is ineffective for application installations, whereas the actions related to allowing or requesting installations are functioning as intended.

The following articles were published last week. New Knowledge Base Articles: KB0021792 - Wrong application type displayed in Analytics reports - Executable instead of Management Console KB0023108 - Settings menu fails to load or crashes on Windows 11 25H2 using EPM-W

Employees with EPM installed are having issues printing with Excel and I cant seem to figure out what is holding that up when printing works fine with everything else. 

The following articles were published last week. New Knowledge Base Articles: KB0023078 - Error when installing EPM-W - The system administrator has set policies to prevent this installation KB0023096 - Performance issues with EPM-W and Symantec

Hello,We have a on-demand rule for Command prompt for a set of users . This rule allows running of child processes with Basic Admin token for Windows Command Prompt - Run-As-Admin action.For same set of users , when they try to install another application using Run-As-Admin option , based on quick-start rules it gets Admin token which gets applied to child processes as well. But at one point in installation Command Prompt is launched by the installer , this results in additional prompt for the user . Logs show that it is hitting the Command Prompt on-demand rule. I think as the application is triggering the Command Prompt and it has application name as parent process, it should ideally get the admin token and not hit the CMD on-demand rule ?

The following articles were published last week. New Knowledge Base Articles: KB0022233 - Events not showing in Reports after PMR upgrade in an Active Passive setup KB0023075 - EPM-W icon missing from system tray after install KB0023082 - Preview of messages are missing the message header and OK and Cancel buttons

We have a requirement in our environment wherein we want to restrict users from modifying certain registry keys/ hives. We want to know:whether we can enforce this using EPM policies or do we need to use group policies for this?Will EPM Policy be able to block users from modifying registry values within their respective endpoints? Can Avecto Defendpoint Service identify such events related to registry modifications i.e. will we see event logs (in Event Viewer and BT EPM cloud console) related to every unique registry key/ hive?