Skip to main content

Windows & MacOS

A localized space to talk about EPM, specifically for Windows And Mac OS's.

  • 182 Topics
  • 495 Replies
181 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - June - Endpoint Privilege Management

Maximizing Endpoint Security with IBM QRadar and BeyondTrust Endpoint Privilege Management The integration between BeyondTrust Endpoint Privilege Management (EPM) and IBM QRadar enhances security by providing seamless visibility into privileged activity and endpoint events within a centralized security operations dashboard.Key features of the integration include:Real-time event correlation and alerting: EPM events forward to QRadar, where they correlate with other security data for more effective threat detection. Comprehensive visibility into application usage: EPM provides detailed insights into application behavior and privilege elevation requests across endpoints, enabling better policy enforcement and anomaly detection. Improved incident response: Privilege-related events alongside other security data are available for analysis within QRadar, allowing security teams to quickly prioritize and respond to incidents. Strengthened least privilege enforcement: By combining QRadar’s dete

360
B
Community Manager
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - May - Endpoint Privilege Management

How the Full-Stack Approach to PAM Builds Least Privilege Defense-in-Depth For many years, including 2025, the analyst community has recommended Privileged Access Management (PAM) for human and non-human identities as a crucial discipline to mitigate modern identity attack vectors. Organizations face increasingly sophisticated threats that target all forms of identities and accounts—especially those with privileged access. Privileged accounts hold the proverbial keys to the kingdom and provide access to critical systems, sensitive data, and the overall administrative control of the entire enterprise. When any account is left overprivileged or unmanaged, attackers can exploit a single compromised identity to move laterally, escalate privileges, and execute ransomware or exfiltrate data. In a hypothetical example of a high-profile breach, an attacker that has leveraged administrator credentials somewhere in the attack chain can disable security tools, encrypt systems across the network,

370
B
Community Manager
F
Firdaus JamaluddinRising Star
asked in Windows & MacOS
Question about BeyondTrust EPM On-Prem

Hi everyone,I have a question as I'm preparing for this. I've been looking into the BeyondTrust EPM on-prem solution, and it says that it pre-bundled if deployed through the UVM appliance. My question is, If I only want the on-prem EPM solution and don't want Password Safe at all, how can we achieve that? I know we can disable the Password Safe features, but that only disables the functionality, the Password Safe section still appears in the admin console. Do you have any other methods you can suggest, such as a way to completely remove or hide it? Thanks

162
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 28 - Aug 4)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022715 - Where is the package manager adapter file downloaded from?

10
GloriaB
BeyondTrust Employee
K
KevinKApprentice
asked in Windows & MacOS
Auto Connect to Client

I just switched from a local server to a hosted solution. In the past I was able to install a Jump Client on machines and set it so I could connect without anyone accepting the connections. When I set it up not, I am missing something, and the client needs to accept before I can connect. Can someone tell me where I need to make the change so I can create a Jump Client that will allow me to connect without anyone accepting? Thanks for any help. Kevin

205
K
A
Ajay ChaurasiaNewcomer
asked in Windows & MacOS
Exam Retake

I have exhausted my exam attempts for Endpoint Privilege Management - Windows: Administration Exam? How can I get another attempts for this?

221
H
BeyondTrust Employee
J
JackRising Star
asked in Windows & MacOS
In-place upgrade of Privilege Management for Windows agent

When upgrading EPM by deploying the latest version and allowing it to upgrade silently, we have seen that the fingerprint reader and camera stop working until a reboot is performed. Has anyone seen this issue before?Ideally we want to upgrade the agent silently with no reboot, without affecting the fingerprint reader and camera. If there is no alternative, we will need to prompt the user to reboot.We used the same upgrade method for the last upgrades we did and didn’t see this issue before.Thanks.

192
J
S
ShrayApprentice
asked in Windows & MacOS
Installation of BT EPM on VDIs(Persistent and Non-Persistent)

Installation of BT EPM on VDIs(Persistent and Non-Persistent) - What’s the process, does master image report to cloud console or only child images report? also what is the duplication that can happen

253
J
C
cmscottRising Star
asked in Windows & MacOS
Clear explaination on Global Priority

HelloOne feature of On-Prem EPM which I have not yet found a clear explanation in the documentation is how Global Priority actually works in on prem EPM. While I understand that it has to be configured when there is a default organization - a detailed explanation on  how it works (in relation to organizations) appears to be missing.

130
C
J
JackRising Star
asked in Windows & MacOS
EPM install issue in Autopilot build since July 2025 Windows patches

Hi all, has anyone seen the following issue we have been experiencing?Autopilot pre-provisioning has problems in the final stages if the EPM agent is installed during the Hybrid build and the OS level is Windows 11 23H2 July 2025.The Avecto driver (PGDriver.sys) seems to be clashing with the Autopilot final OOBE stage preventing the device from finishing on the correct Windows logon screen

1847
Caleb Kershaw
BeyondTrust Employee
J
Jens HansenVeteran
posted in Windows & MacOS
Eventlogs for Privilege Management for Windows

We all appreciate the new feature of having a dedicated Event Logs file for BeyondTrust Privilege Management Events. However, consider this: the default log size is just 1028KB—only enough to store approximately 100 to 300 events, which is far too small.I've submitted a feature request to increase the default log size to 20MB. I also suggested either merging the IC3 Adapter logs into the same log file or add switch that can turn some of the excessive auditing off, as they tend to flood the logs the Application event logs, or creating a better strategy for managing their volume.https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2132Application Event LogsBeyondTrust Privilege Management Logs 

171
J
J
JasperVeteran
asked in Windows & MacOS
Multiple policies applied to same endpoint

Is it possible to point different policy to the same endpoint if I have multiple environment? I have a Prod and a Test Environment. At the moment, I install the Production Package Manager on endpoint 1 if I want to deploy the prod policy but if I want to do a test or play around with some policies from Test environment, I have to uninstall the Prod app installed on endpoint 1 and install it the Test instance definition for the Test PkgMgr. Is there an easier way to do this instead of doing the uninstall/reinstall pkg? I have seen one time from the vendor support showing me two different policies running from one machine. You can view this when you refresh your BT policy and it showed the two different Active policies at the top. I believe that would be adding the policy xml on the same folder where it sits inside the DPC Cache folder.

101
J
A
Anil ReddyApprentice
asked in Windows & MacOS
How the process of adding exclusions and clearly explain which settings would need to be altered

HI Team, I am trying to configuring the EPM for windows .Can any one please provide me the process of exclusions. Thanks. 

1054
Caleb Kershaw
BeyondTrust Employee
B
bt101Veteran
asked in Windows & MacOS
EPM-W : Allow uninstall of apps from add/remove programs

Hello! is there any way to allow users in high flex to uninstall any applications using Windows Add/Remove Programs option. This should be default behavior and we will add apps in a deny list which they should not be able to remove. Certain apps have additional protections and users wont be able to remove those even if we don’t have them in EPM deny list

6084
P
A
abhijitdikshitNewcomer
asked in Windows & MacOS
How to block old version applications

I want to block applications running old version. How to block it based on min and max version as I tried adding it for chrome and did not work. I have chrome version 138.x.x.x I want to block if user is running less than mentioned version on machine. Can some one help? Below is my rule:Type : ExecutableApplication: Google ChromePublisher: Google LLCMax Version: 137.x.x.xI am still able to execute chrome with 138 version.

151
H
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 21 - Jul 28)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021379 - Does CVE-2024-6387 affect Endpoint Privilege Management? KB0021399 - Troubleshooting steps for forwarding Defendpoint events to event collector (GPO) KB0021460 - Endpoint Privilege Management GPO end of life (EOL) announcement and FAQ KB0022645 - EPM-WM update to Initialization Vector value for encrypting configuration values KB0022691 - What is the DriverInjectMethod registry value? KB0022693 - How to turn on local ECS events for EPM-W KB0022695 - Does full admin token prevent application control in screen sharing? KB0022700 - Analytics missing in EPM Cloud console KB0022724 - When 'Requires Elevation' is set in app definition EPM-W does not match, UAC is prompted

130
GloriaB
BeyondTrust Employee
J
Jens HansenVeteran
posted in Windows & MacOS
Are Power Rules now obsolete?

Did the Power Rule for Privilege Management for Windows become obsolete with the introduction of the Application Rule filter option?Absolutely not. Power Rules are indeed more powerful that what is documented and brings many more options, to cover a “lack” of functions or new innovation.I frequently encounter scenarios where customers struggle to capture batch files, registry files, or other unusual launches that show up in our analytics from client machines they can’t access.To address this, I developed a PowerShell script to be used as a Power Rule. My objective was to collect these uncommon `.bat`, `.cmd`, `.ps1`, `.reg`, and `.vbs` files which may pose unknown threats or conflict with software restriction policies etc.In the script, I defined the target file extensions and used:Get-PRVariable -Name "PG_PROG_PATH"to retrieve the file and path. If the file matched one of the specified extensions and was under 200KB, the script would initiate its workload.The workload involved connect

441
P
BeyondTrust Employee
J
JackRising Star
asked in Windows & MacOS
EPM Feature Requests

Hi Beyond Trust community,I have a couple of Beyond Trust - Endpoint Privilege Management suggestions that I would like to share please: We recently found many devices had become disconnected from the EPM Console due to them being deleted. This was likely due to inactivity, where many machines were built in advance of a laptop migration and kept in storage. From the machines, it was not obvious there was a problem until some devices started to show symptoms that were fixed in an earlier policy revision. When the machine is checked, it still had an old policy revision listed. This means even our latest block rules were not working on these devices. To mitigate this issue, we would find the following agent features extremely useful:Feature Request: Ability to check policy name and revision in the Windows Registry / file or WMI etc.Reason: We can keep an active deployment that checks for the revision and if it falls behind we can have an automatic remediation.How we are currently evaluati

613
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 14 - Jul 21)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021434 - How to create a QuickStart or other template policy within Endpoint Privilege Management KB0022676 - Check disk COM Class fails when elevated by EPM-W - You do not have sufficient rights to check this drive. KB0022688 - EPM Computer policies not updating when performing a gpudate sync

80
GloriaB
BeyondTrust Employee
A
Akshay SharmaVeteran
asked in Windows & MacOS
Task manager acting abnormally

In PMFW , we are seeing cases where after upgrading from windows 10 to windows 11 .  the task manager when opened normally does not open instead it asks for admin privileges  and give Level 2 admin elevation prompts to access Task manager. How can we fix this with help of beyondtrust.

6115
C
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 7 - Jul 14)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021380 - Why does the Client version show as UNKNOWN and Adapter version show as NA in EPM Cloud? KB0022642 - Unable to upload changes via MMC - Unexpected communication error KB0022652 - Windows Store package not matching the expected application definition and rule KB0022655 - Smart Card option greyed out in message - EPM-W Smart Card support

40
GloriaB
BeyondTrust Employee
J
Jens HansenVeteran
posted in Windows & MacOS
Weekly New and Updated Knowledge Base.

Thanks for adding the new KB’s on the weekly basis, it makes it so much easier to keep track on things.A request to also add when we updates old KBs would be nice 

2333
P
P
pphung301Apprentice
asked in Windows & MacOS
unnapproved Updates to Microsoft Teams

Hi, I am getting a prompt of an unapproved app and after looking into it in Analytics, it seems to be from Microsoft Teams updates which does not carry a Publisher so its unsigned.  Whats the best way to allow this since there is no signed info for this?   ApplicationApp DescriptionPublisherOn DemandNoApplication TypeInstaller PackageFile PathExecutable Pathc:\program files\windowsapps\msteams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teamsupdate.exeCommand Line"C:\Program Files\WindowsApps\MSTeams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -EnsureTmaInstallation -AppSessionGUID 9e3e64d2-2229-4fc7-90dd-70234b468a6b -Trigger EnsureTmaAtStartupApp NameApp VersionFile VersionHash SHA1Hash SHA256Hash MD5File Owner NameProduct CodeUpgrade Code{97F40CEA-BEDE-40ED-A9A3-9354C8E64392}Download URLBeyondTrust ZoneDrive TypeElevation MethodAdmin accountPolicyApplication DescriptionAny MSI Installer PackageApplication Group Name(Default) Any Signed UAC PromptMatched as Child Proce

1325
J
C
cmscottRising Star
asked in Windows & MacOS
EPM Reporting Database on a remote database

Can the EPM Reporting Database be configured on the same remote database created in an active/active configuration? Thanks

141
H
BeyondTrust Employee
C
cmscottRising Star
posted in Windows & MacOS
Leveraging OAUTH for on-prem EPM Using BI Self-signed certificate

Fellow buzzers,BI 25.1 makes using OAUTH easy to use for EPM MMC Policy Editor and EPM Agent. Use cases:With a PKI domain cert configured in BI. EPM Agents can be installed on any domain computer machine, or off domain machine (Assuming domain root and intermediate cert are distributed) BI Self signed cert: From the appliance => Certificate ManagementGenerate SSL Certificate Export Certificate Enter Password Select Export Machine Name Certificate Export and Download Certificate Distribute certificate (One goes in personal store, the other goes in Trusted Root store => (CA)” Use info in BI console Installer Activation Keys

241
Q
BeyondTrust Employee

Badge Earners

  • BCIE: Password Safe
    Sorpehas earned the badge BCIE: Password Safe
  • BCA: Remote Support
    Jerry Zhanghas earned the badge BCA: Remote Support
  • BCA: Password Safe
    kapadawahas earned the badge BCA: Password Safe
  • BCIE: Password Safe
    Avishka Vithanagehas earned the badge BCIE: Password Safe
  • BCIE: Password Safe
    MircoAhas earned the badge BCIE: Password Safe
Show all badges
Terms & ConditionsCookie settings