Skip to main content

Windows & MacOS

A localized space to talk about EPM, specifically for Windows And Mac OS's.

  • 167 Topics
  • 466 Replies
167 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - June - Endpoint Privilege Management

Maximizing Endpoint Security with IBM QRadar and BeyondTrust Endpoint Privilege Management The integration between BeyondTrust Endpoint Privilege Management (EPM) and IBM QRadar enhances security by providing seamless visibility into privileged activity and endpoint events within a centralized security operations dashboard.Key features of the integration include:Real-time event correlation and alerting: EPM events forward to QRadar, where they correlate with other security data for more effective threat detection. Comprehensive visibility into application usage: EPM provides detailed insights into application behavior and privilege elevation requests across endpoints, enabling better policy enforcement and anomaly detection. Improved incident response: Privilege-related events alongside other security data are available for analysis within QRadar, allowing security teams to quickly prioritize and respond to incidents. Strengthened least privilege enforcement: By combining QRadar’s dete

130
B
Community Manager
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - May - Endpoint Privilege Management

How the Full-Stack Approach to PAM Builds Least Privilege Defense-in-Depth For many years, including 2025, the analyst community has recommended Privileged Access Management (PAM) for human and non-human identities as a crucial discipline to mitigate modern identity attack vectors. Organizations face increasingly sophisticated threats that target all forms of identities and accounts—especially those with privileged access. Privileged accounts hold the proverbial keys to the kingdom and provide access to critical systems, sensitive data, and the overall administrative control of the entire enterprise. When any account is left overprivileged or unmanaged, attackers can exploit a single compromised identity to move laterally, escalate privileges, and execute ransomware or exfiltrate data. In a hypothetical example of a high-profile breach, an attacker that has leveraged administrator credentials somewhere in the attack chain can disable security tools, encrypt systems across the network,

340
B
Community Manager
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 7 - Jul 14)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021380 - Why does the Client version show as UNKNOWN and Adapter version show as NA in EPM Cloud? KB0022642 - Unable to upload changes via MMC - Unexpected communication error KB0022652 - Windows Store package not matching the expected application definition and rule KB0022655 - Smart Card option greyed out in message - EPM-W Smart Card support

20
GloriaB
BeyondTrust Employee
J
Jens HansenVeteran
posted in Windows & MacOS
Weekly New and Updated Knowledge Base.

Thanks for adding the new KB’s on the weekly basis, it makes it so much easier to keep track on things.A request to also add when we updates old KBs would be nice 

2293
P
P
pphung301Apprentice
asked in Windows & MacOS
unnapproved Updates to Microsoft Teams

Hi, I am getting a prompt of an unapproved app and after looking into it in Analytics, it seems to be from Microsoft Teams updates which does not carry a Publisher so its unsigned.  Whats the best way to allow this since there is no signed info for this?   ApplicationApp DescriptionPublisherOn DemandNoApplication TypeInstaller PackageFile PathExecutable Pathc:\program files\windowsapps\msteams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teamsupdate.exeCommand Line"C:\Program Files\WindowsApps\MSTeams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -EnsureTmaInstallation -AppSessionGUID 9e3e64d2-2229-4fc7-90dd-70234b468a6b -Trigger EnsureTmaAtStartupApp NameApp VersionFile VersionHash SHA1Hash SHA256Hash MD5File Owner NameProduct CodeUpgrade Code{97F40CEA-BEDE-40ED-A9A3-9354C8E64392}Download URLBeyondTrust ZoneDrive TypeElevation MethodAdmin accountPolicyApplication DescriptionAny MSI Installer PackageApplication Group Name(Default) Any Signed UAC PromptMatched as Child Proce

895
J
J
JackNewcomer
asked in Windows & MacOS
EPM Feature Requests

Hi Beyond Trust community,I have a couple of Beyond Trust - Endpoint Privilege Management suggestions that I would like to share please: We recently found many devices had become disconnected from the EPM Console due to them being deleted. This was likely due to inactivity, where many machines were built in advance of a laptop migration and kept in storage. From the machines, it was not obvious there was a problem until some devices started to show symptoms that were fixed in an earlier policy revision. When the machine is checked, it still had an old policy revision listed. This means even our latest block rules were not working on these devices. To mitigate this issue, we would find the following agent features extremely useful:Feature Request: Ability to check policy name and revision in the Windows Registry / file or WMI etc.Reason: We can keep an active deployment that checks for the revision and if it falls behind we can have an automatic remediation.How we are currently evaluati

332
P
BeyondTrust Employee
C
cmscottRising Star
asked in Windows & MacOS
EPM Reporting Database on a remote database

Can the EPM Reporting Database be configured on the same remote database created in an active/active configuration? Thanks

121
H
BeyondTrust Employee
C
cmscottRising Star
posted in Windows & MacOS
Leveraging OAUTH for on-prem EPM Using BI Self-signed certificate

Fellow buzzers,BI 25.1 makes using OAUTH easy to use for EPM MMC Policy Editor and EPM Agent. Use cases:With a PKI domain cert configured in BI. EPM Agents can be installed on any domain computer machine, or off domain machine (Assuming domain root and intermediate cert are distributed) BI Self signed cert: From the appliance => Certificate ManagementGenerate SSL Certificate Export Certificate Enter Password Select Export Machine Name Certificate Export and Download Certificate Distribute certificate (One goes in personal store, the other goes in Trusted Root store => (CA)” Use info in BI console Installer Activation Keys

231
Q
BeyondTrust Employee
B
bt101Veteran
asked in Windows & MacOS
Driver Exclusion - Wildcard support

Hello! I see that driver exclusion does not support wildcards or folder paths and it needs full path of executable. There is idea but it is in Will Not Implement status. Just wanted to understand from community if you have came across this requirement. We have large number of endpoints with EPM W and have seen at least a few apps that have conflicts and need exclusions. msedgewebviewruntime has been a pain as it is located in 3 folders and folder names change at least once per month . Similary some other security tools that may require exclusions in EPM. some have folder paths that include version numbers , some have processes that are similar to PRA (random characters at the end). A lot of other security tools allow this control to admins

1122
B
D
Drew HollingsApprentice
asked in Windows & MacOS
Identifying devices that are no longer syncing with the cloud?

During BAU we receive tickets where policy changes are made but the user is still having issues doing x (whatever the change was) and it turns out the device is no longer syncing and therefore not receiving policy updates. This makes me think there’s probably many more out there that we don’t know about. Are there any options when it comes to identifying devices that are no longer syncing with the cloud?

342
D
Scatts
BeyondTrust Employee
ScattsBeyondTrust Employee
posted in Windows & MacOS
You asked, we listened….Policy Difference: EPM Cloud 24.6

You asked, we listened…. with over 200 votes in our Aha! Ideas portal, the most popular feature request for EPM, and it is here….Policy Difference. Users will be able to compare policy revisions, pinpoint changes, track who made them and when, solving for auditing and streamlining policy troubleshooting use cases. This feature presents differences between two policy revisions in an easy-to-read, text-based format, allowing for enhanced control over policy management. Save time and gain full visibility into policy changes with our intuitive policy revision comparison tool, scheduled to be released in EPM Cloud 24.6. Here is a sneak preview:  

71517
Scatts
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jun 9 - Jun 16)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022516 - How to configure Okta to be used as an IdP for EPM messages KB0022522 - Unable to integrate AWS S3 Bucket SIEM into EPM Cloud results in error: Failed to validate Settings KB0022528 - Is there a way to setup an email alert for JIT requests? KB0022551 - Frequent BSOD when Nerdio Manager software is used to manage AVDs KB0022562 - EPM-WM and using Yubikey authentication for MFA

180
GloriaB
BeyondTrust Employee
S
SanApprentice
asked in Windows & MacOS
How to uninstall EPM Windows agent, adapter, and package manager via Intune without using GUIDs

Hi all,Can we uninstall EPM components via Intune without using GUIDs in Uninstall Command.After update of every version of components, the GUIDs are changing and Intune doesn't have the capability of auto fetching updated GUIDs.So, are there any constant commands that can be used for uninstallation via Intune?

311
J
J
JasperVeteran
asked in Windows & MacOS
Remote helpers unable to see UAC prompts on EntraID joined Windows 11

Does anybody use EntraID joined Windows 11 devices with Intune? We have an issue with Remote Helpers not being able to see the UAC prompts when remoting in to other user’s machine as the prompts sit inside the Windows Secure Desktop. I have tried to disable the “User Account Control: Switch to the secure desktop when prompting for elevation” and rebooted my device but still unable to see the message from the secure desktop.

261
J
B
Binoy_DeyNewcomer
asked in Windows & MacOS
Can Privilege Management for Windows policy control User Account Control settings?

I am trying to modify User Account Control (UAC) settings on my test device where BeyondTrust Privilege management (BTPM) components (client, adapter, and package manager) are installed and running as expected. I am trying to set UAC as ‘Never notify’ but I am getting an error which says, ‘You must be logged on as an administrator on this computer to select this setting’. I am attaching the screenshot as well.This is required to be modified by few users in our environment for application installations, running scripts etc. Can anyone let me know if this modification of UAC settings can somehow be accommodated in BTPM Policy?

211
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jun 2 - Jun 9)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022499 - Windows startup issues with EPM-W - black screen after reboot KB0022506 - How to block WhatsApp install through the MS Store via EPM-W policy rule

120
GloriaB
BeyondTrust Employee
D
Dirk KroeningApprentice
posted in Windows & MacOS
Best practices to manage applications while introducing "low flex" as standard for the users

Hi Community,we are rolling out Windows 11 at the moment and with each Windows 11 device we add the low flex policy (we call it our standard policy) to each client. Doing that, many people are complaining that applications they had on their former Windows 10 device are no longer there. Sure, we wanted to reduce the number of the overall applications used, as usually nobody knows how these apps made it to the machine of the user 😊. But -and this is the reason for starting this discussion- what we do not want is to granting higher permissions to the users.What are your best practices to get this under control better? Some guidance on that would be really appreciated.

431
J
M
mlajoieTrailblazer
asked in Windows & MacOS
Add certificates to macOS

We get the following error when trying to add a trusted certificate to the keychain from terminal:  SecCertificateAddToKeychain: Write permissions error We’ve tried with sudo and with that we get the following error after being prompted by the OS for an admin user name and password:  SecTrustSettingsSetTrustSettings: The authorization was denied. Any insights into how we can add certificates to the keystore would be greatly appreciated.  Thank you!  

875
C
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (May 19 - May 26)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022408 - Not able to validate settings for ServiceNow in JIT Access Settings KB0022429 - MSI installs using Package Manager fail "Error 1618 (Another installation is already running)" KB0022448 - Endpoint App compatibility for 24.5 - Endpoint App missing on some clients KB0022462 - EndpointUtility freezes when run from elevated cmd or PowerShell

200
GloriaB
BeyondTrust Employee
M
mlajoieTrailblazer
asked in Windows & MacOS
Elevate Acrobat.exe

We have acrobat.exe wanting to launch in an elevated mode.  It is hitting the ‘add basic admin’ rule in our low flex workstyle.  We have a message attached to this that allow for admins to input their credentials.  This works.  The problem is that adobe seems to want to launch acrobat.exe elevated for updates.  I don’t know that it’s a good idea to always launch adobe in an elevated mode so is there a better way to control this behavior?  Any thoughts or ideas are greatly appreciated.

553
H
BeyondTrust Employee
Josh Bristow
Josh BristowVeteran
asked in Windows & MacOS
PMC Analytics - Parent Process

Maybe I’m missing it, but is there an easy way to filter the view to only show events that were generated because the rule matched on parent process. I’d like to weed out all the spawned child events from the view. I do believe this was possible in the v1 of analytics.

201
tclowater
BeyondTrust Employee
J
Jeffrey S.Apprentice
asked in Windows & MacOS
GIT Project asks for credentials and fails when fetched through EPM-W elevated Visual Studio

Hi everyone, I have users unable to clone repos from our Git repos using Microsoft Visual Studio using elevated permissions. Same issue that KB0020044 describes. That KB says to update to EPM-W 24.1 and the issue would be fixed, but I’m still having this issue. Does anyone have users that use Visual Studio and Git in this manner? Is it working for them and if so, did you have to do anything special to get it to work? Thanks!

181
tclowater
BeyondTrust Employee
Y
Yuvaraj NApprentice
asked in Windows & MacOS
How to get the installation file PMC Settings XX.pkg and BI Settings XX.pkg

How to get the installation file PMC Settings XX.pkg and BI Settings XX.pkg for installing in Mac machine?

81
P
BeyondTrust Employee
J
JiaweiApprentice
asked in Windows & MacOS
Blocking Ability to Rename a Speciifc File

Hello, Right now I have a content rule in place to block modification of a certain file. It blocks the ability to edit but I can rename the file with a High Flex Workstyle. Is there a way to lock down the ability to rename that file via explorer in the High Flex Workstyle? Thanks,Jiawei 

1212
J
H
Harjinder SinghApprentice
asked in Windows & MacOS
Package Manager Components vs Intune/MS Endpoint Manager Apps clash

Does anyone else have this issue, during deployment of PMC Package Manager in Intune Autopilot & MS Endpoint Manager OS Provisioning, it downloads the 2 components, the client and the cloud adapter and then when other Intune/MECM MSI packages are coming in, there is error 1618 (Another installation is already running), this can happen vice versa, depending which tool runs the MSI first, Package Manager or Intune/MECM. We are currently thinking of getting rid of Package Manager and use these deployment tool to install these 2 components, so such a clash doesn't happen. But if anyone else has better ideas, most welcomed.

533
H

Badge Earners

  • BCIE: Password Safe
    Arif_786has earned the badge BCIE: Password Safe
  • BCIE: Password Safe
    Rodrigo Mattoshas earned the badge BCIE: Password Safe
  • BCA: Privileged Remote Access
    Eric Hombohas earned the badge BCA: Privileged Remote Access
  • BCIE: Password Safe
    Rushikesh Yhas earned the badge BCIE: Password Safe
  • BCA: Privileged Remote Access
    IanSeylerhas earned the badge BCA: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings