Skip to main content

Windows & MacOS

A localized space to talk about EPM, specifically for Windows And Mac OS's.

  • 187 Topics
  • 505 Replies
187 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - June - Endpoint Privilege Management
Monthly Buzz - June - Endpoint Privilege Management

Maximizing Endpoint Security with IBM QRadar and BeyondTrust Endpoint Privilege Management The integration between BeyondTrust Endpoint Privilege Management (EPM) and IBM QRadar enhances security by providing seamless visibility into privileged activity and endpoint events within a centralized security operations dashboard.Key features of the integration include:Real-time event correlation and alerting: EPM events forward to QRadar, where they correlate with other security data for more effective threat detection. Comprehensive visibility into application usage: EPM provides detailed insights into application behavior and privilege elevation requests across endpoints, enabling better policy enforcement and anomaly detection. Improved incident response: Privilege-related events alongside other security data are available for analysis within QRadar, allowing security teams to quickly prioritize and respond to incidents. Strengthened least privilege enforcement: By combining QRadar’s dete

430
B
Community Manager
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - May - Endpoint Privilege Management
Monthly Buzz - May - Endpoint Privilege Management

How the Full-Stack Approach to PAM Builds Least Privilege Defense-in-Depth For many years, including 2025, the analyst community has recommended Privileged Access Management (PAM) for human and non-human identities as a crucial discipline to mitigate modern identity attack vectors. Organizations face increasingly sophisticated threats that target all forms of identities and accounts—especially those with privileged access. Privileged accounts hold the proverbial keys to the kingdom and provide access to critical systems, sensitive data, and the overall administrative control of the entire enterprise. When any account is left overprivileged or unmanaged, attackers can exploit a single compromised identity to move laterally, escalate privileges, and execute ransomware or exfiltrate data. In a hypothetical example of a high-profile breach, an attacker that has leveraged administrator credentials somewhere in the attack chain can disable security tools, encrypt systems across the network,

470
B
Community Manager
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 18 - Aug 25)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021723 - HP PC Hardware Diagnostics prompts with UAC after EPM-W message KB0022759 - PMR Reports is missing or disappears after upgrade via BTUpdater to 25.1 KB0022795 - OneDrive errors when in EPM policy "OneDrive can't be run using full administrator rights" KB0022806 - Error upgrading EPM-W with Package Manager - Exit Code 1603, please check Installation logs. KB0022809 - EPM-W - Copy and Paste to secure location triggers UAC after upgrade to 25.4 and above

20
GloriaB
BeyondTrust Employee
J
jcundiffNewcomer
asked in Windows & MacOS
Question about Beyond Trust On-Prem upgrade

Hi Everyone, We are an on-prem BeyondInsight appliance EPM customer for almost 2 years now and need to upgrade our agents as well as our server appliance.  Migrated over from Powerbroker. Someday in the future may go to cloud but not in the works yet.Currently on 23.9.225 for our agents and BI Server is at 23.1.0.2407.  I was told two different things by support, EPM support stated that the agent and server are independent of each other and can be updated separately whenever, and I was also told that the Server needed to updated first by BeyondInsight support.  Just looking for some guidance or experience on upgrading to the latest version on-prem.  We have close to 12,000 pc’s, so I would like it to go smoothly without much interruption.  Thanks for any help!

382
MikeK
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 11 - Aug 18)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022750 - How to upgrade EPM-W or EPM-M when in Pathfinder or Cloud KB0022760 - How are EPM workstyles and rules evaluated? - Examples of QuickStart policy logic KB0022763 - What is the best way to manage VDI or short lived endpoints in EPM Cloud or Pathfinder? KB0022769 - 1603 Error when upgrading via Package Manager on previously allowlisted Autodesk products KB0022778 - Poly Lens installation fails with error status 1603

120
GloriaB
BeyondTrust Employee
M
mike.wheelerApprentice
asked in Windows & MacOS
Managing Mac Local User Accounts

I’m working on a solution to onboard a local user account created during the Jamf provisioning of Mac assets to Password Safe Cloud. I have EPM-M installed on the endpoints and they are connected to Password Safe. When I run discovery scans on the endpoints, the local accounts are not discovered. I have looked over the KBs related, and nothing seems to explicitly say “Here is what you need to do” when it comes to local account management. To test, I added a test functional account to the local admin group on a test Mac. This is an Active Directory service account, and it fails to login. As far as I can tell, the account needs to actually log into the Mac in order to be locally cached and thus login as a functional account. But having to locally log into each asset is not scalable. Has anyone had success with an AD group being used for your functional account? What am I missing to complete this set up? 

303
Paul
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 4 - Aug 11)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022522 - Unable to integrate AWS S3 Bucket SIEM into EPM Cloud results in error: Failed to validate Settings KB0022750 - How to upgrade EPM-W or EPM-M when in Pathfinder or Cloud KB0022754 - Package Manager not authenticating after install on macOS - Unauthorized, Invalid Request Header, 401 errors

110
GloriaB
BeyondTrust Employee
F
Firdaus JamaluddinRising Star
asked in Windows & MacOS
Question about BeyondTrust EPM On-Prem

Hi everyone,I have a question as I'm preparing for this. I've been looking into the BeyondTrust EPM on-prem solution, and it says that it pre-bundled if deployed through the UVM appliance. My question is, If I only want the on-prem EPM solution and don't want Password Safe at all, how can we achieve that? I know we can disable the Password Safe features, but that only disables the functionality, the Password Safe section still appears in the admin console. Do you have any other methods you can suggest, such as a way to completely remove or hide it? Thanks

666
MikeK
C
cmscottRising Star
asked in Windows & MacOS
Clear explaination on Global Priority

HelloOne feature of On-Prem EPM which I have not yet found a clear explanation in the documentation is how Global Priority actually works in on prem EPM. While I understand that it has to be configured when there is a default organization - a detailed explanation on  how it works (in relation to organizations) appears to be missing.

421
N
BeyondTrust Employee
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - July - Endpoint Privilege Management
Monthly Buzz - July - Endpoint Privilege Management

Hook Exclusions and Managed Hook Exclusions BeyondTrust is a Microsoft GOLD-certified ISV solutions provider and therefore must ensure that its products comply with Microsoft coding standards. BeyondTrust uses Microsoft’s only fully supported method of application hooking, a Microsoft solution called Detours (a reliable method for intercepting APIs in user mode, described here: Detours - Microsoft Research ). The product is designed to be compatible with other products that also use Detours, including some of Microsoft’s products.   What is a HookExclusion? BeyondTrust has built into its hooking technology the ability to “exclude” a process from being hooked. A common misconception about HookExclusions is that by applying an exclusion the hook is not injected into the process. This is incorrect, the EPM-W client will still inject the hook into the process, however, the hook will become dormant and will not communicate with the EPM-W service.BeyondTrust has deployed more than 4 million

250
B
Community Manager
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 28 - Aug 4)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022715 - Where is the package manager adapter file downloaded from?

100
GloriaB
BeyondTrust Employee
K
KevinKApprentice
asked in Windows & MacOS
Auto Connect to Client

I just switched from a local server to a hosted solution. In the past I was able to install a Jump Client on machines and set it so I could connect without anyone accepting the connections. When I set it up not, I am missing something, and the client needs to accept before I can connect. Can someone tell me where I need to make the change so I can create a Jump Client that will allow me to connect without anyone accepting? Thanks for any help. Kevin

355
K
A
Ajay ChaurasiaNewcomer
asked in Windows & MacOS
Exam Retake

I have exhausted my exam attempts for Endpoint Privilege Management - Windows: Administration Exam? How can I get another attempts for this?

501
H
BeyondTrust Employee
J
JackRising Star
asked in Windows & MacOS
In-place upgrade of Privilege Management for Windows agent

When upgrading EPM by deploying the latest version and allowing it to upgrade silently, we have seen that the fingerprint reader and camera stop working until a reboot is performed. Has anyone seen this issue before?Ideally we want to upgrade the agent silently with no reboot, without affecting the fingerprint reader and camera. If there is no alternative, we will need to prompt the user to reboot.We used the same upgrade method for the last upgrades we did and didn’t see this issue before.Thanks.

292
J
S
ShrayApprentice
asked in Windows & MacOS
Installation of BT EPM on VDIs(Persistent and Non-Persistent)

Installation of BT EPM on VDIs(Persistent and Non-Persistent) - What’s the process, does master image report to cloud console or only child images report? also what is the duplication that can happen

923
J
J
JackRising Star
asked in Windows & MacOS
EPM install issue in Autopilot build since July 2025 Windows patches

Hi all, has anyone seen the following issue we have been experiencing?Autopilot pre-provisioning has problems in the final stages if the EPM agent is installed during the Hybrid build and the OS level is Windows 11 23H2 July 2025.The Avecto driver (PGDriver.sys) seems to be clashing with the Autopilot final OOBE stage preventing the device from finishing on the correct Windows logon screen

2907
Caleb Kershaw
BeyondTrust Employee
J
Jens HansenVeteran
posted in Windows & MacOS
Eventlogs for Privilege Management for Windows

We all appreciate the new feature of having a dedicated Event Logs file for BeyondTrust Privilege Management Events. However, consider this: the default log size is just 1028KB—only enough to store approximately 100 to 300 events, which is far too small.I've submitted a feature request to increase the default log size to 20MB. I also suggested either merging the IC3 Adapter logs into the same log file or add switch that can turn some of the excessive auditing off, as they tend to flood the logs the Application event logs, or creating a better strategy for managing their volume.https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2132Application Event LogsBeyondTrust Privilege Management Logs 

651
J
J
JasperVeteran
asked in Windows & MacOS
Multiple policies applied to same endpoint

Is it possible to point different policy to the same endpoint if I have multiple environment? I have a Prod and a Test Environment. At the moment, I install the Production Package Manager on endpoint 1 if I want to deploy the prod policy but if I want to do a test or play around with some policies from Test environment, I have to uninstall the Prod app installed on endpoint 1 and install it the Test instance definition for the Test PkgMgr. Is there an easier way to do this instead of doing the uninstall/reinstall pkg? I have seen one time from the vendor support showing me two different policies running from one machine. You can view this when you refresh your BT policy and it showed the two different Active policies at the top. I believe that would be adding the policy xml on the same folder where it sits inside the DPC Cache folder.

171
J
A
Anil ReddyApprentice
asked in Windows & MacOS
How the process of adding exclusions and clearly explain which settings would need to be altered

HI Team, I am trying to configuring the EPM for windows .Can any one please provide me the process of exclusions. Thanks. 

1384
Caleb Kershaw
BeyondTrust Employee
B
bt101Veteran
asked in Windows & MacOS
EPM-W : Allow uninstall of apps from add/remove programs

Hello! is there any way to allow users in high flex to uninstall any applications using Windows Add/Remove Programs option. This should be default behavior and we will add apps in a deny list which they should not be able to remove. Certain apps have additional protections and users wont be able to remove those even if we don’t have them in EPM deny list

6584
P
A
abhijitdikshitNewcomer
asked in Windows & MacOS
How to block old version applications

I want to block applications running old version. How to block it based on min and max version as I tried adding it for chrome and did not work. I have chrome version 138.x.x.x I want to block if user is running less than mentioned version on machine. Can some one help? Below is my rule:Type : ExecutableApplication: Google ChromePublisher: Google LLCMax Version: 137.x.x.xI am still able to execute chrome with 138 version.

151
H
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 21 - Jul 28)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021379 - Does CVE-2024-6387 affect Endpoint Privilege Management? KB0021399 - Troubleshooting steps for forwarding Defendpoint events to event collector (GPO) KB0021460 - Endpoint Privilege Management GPO end of life (EOL) announcement and FAQ KB0022645 - EPM-WM update to Initialization Vector value for encrypting configuration values KB0022691 - What is the DriverInjectMethod registry value? KB0022693 - How to turn on local ECS events for EPM-W KB0022695 - Does full admin token prevent application control in screen sharing? KB0022700 - Analytics missing in EPM Cloud console KB0022724 - When 'Requires Elevation' is set in app definition EPM-W does not match, UAC is prompted

170
GloriaB
BeyondTrust Employee
J
Jens HansenVeteran
posted in Windows & MacOS
Are Power Rules now obsolete?

Did the Power Rule for Privilege Management for Windows become obsolete with the introduction of the Application Rule filter option?Absolutely not. Power Rules are indeed more powerful that what is documented and brings many more options, to cover a “lack” of functions or new innovation.I frequently encounter scenarios where customers struggle to capture batch files, registry files, or other unusual launches that show up in our analytics from client machines they can’t access.To address this, I developed a PowerShell script to be used as a Power Rule. My objective was to collect these uncommon `.bat`, `.cmd`, `.ps1`, `.reg`, and `.vbs` files which may pose unknown threats or conflict with software restriction policies etc.In the script, I defined the target file extensions and used:Get-PRVariable -Name "PG_PROG_PATH"to retrieve the file and path. If the file matched one of the specified extensions and was under 200KB, the script would initiate its workload.The workload involved connect

441
P
BeyondTrust Employee
J
JackRising Star
asked in Windows & MacOS
EPM Feature Requests

Hi Beyond Trust community,I have a couple of Beyond Trust - Endpoint Privilege Management suggestions that I would like to share please: We recently found many devices had become disconnected from the EPM Console due to them being deleted. This was likely due to inactivity, where many machines were built in advance of a laptop migration and kept in storage. From the machines, it was not obvious there was a problem until some devices started to show symptoms that were fixed in an earlier policy revision. When the machine is checked, it still had an old policy revision listed. This means even our latest block rules were not working on these devices. To mitigate this issue, we would find the following agent features extremely useful:Feature Request: Ability to check policy name and revision in the Windows Registry / file or WMI etc.Reason: We can keep an active deployment that checks for the revision and if it falls behind we can have an automatic remediation.How we are currently evaluati

633
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 14 - Jul 21)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021434 - How to create a QuickStart or other template policy within Endpoint Privilege Management KB0022676 - Check disk COM Class fails when elevated by EPM-W - You do not have sufficient rights to check this drive. KB0022688 - EPM Computer policies not updating when performing a gpudate sync

90
GloriaB
BeyondTrust Employee

Badge Earners

  • BCA: AD Bridge
    Sarah Fadelhas earned the badge BCA: AD Bridge
  • BCIE: Password Safe
    Wesley Cardosohas earned the badge BCIE: Password Safe
  • BCIE: Endpoint Privilege Management - Windows
    Diliphanhas earned the badge BCIE: Endpoint Privilege Management - Windows
  • BCA: Endpoint Privilege Management - Windows
    Sarah Fadelhas earned the badge BCA: Endpoint Privilege Management - Windows
  • BCSE: Identity Security Insights
    Fabien Landaishas earned the badge BCSE: Identity Security Insights
Show all badges
Terms & ConditionsCookie settings