Windows & MacOS

The following articles were published last week. New Knowledge Base Articles: KB0021615 - Policy is not recieved from BI after incorrect install order of EPM-M KB0022408 - Not able to validate settings for ServiceNow in JIT Access Settings KB0022429 - MSI installs using Package Manager fail "Error 1618 (Another installation is already running)"

I’m currently testing an agent provided by support to alleviate performance issues and the IC3Adapter service won’t start on the test laptop. Due to Agent Protection being enable I cannot manually start the service either. I’ve tried manually starting the service via command prompt and that does not work either. I’m about to go through the process of reinstalling using safe mode but I’m wondering if someone might have any input. Thanks. 

We are currently using BeyondTrust EPM for Windows and macOS under a cloud subscription.On every device where the BT Agent and Adapter have been deployed, the devices stopped reporting back to Intune and the sync services are no longer functioning.Is anyone else experiencing this issue? We would greatly appreciate input from anyone who has faced a similar situation and can share guidance on resolving it as soon as possible.

Hey BeeKeepers! Welcome to another edition of suggesting AI EPM policy rules. This advice is geared at creating a separate AI Workstyle for the exact reason that the space is highly dynamic. This is an evolution from using the All Users workstyle for a global block, and then trying to navigate how to handle exceptions. Note: This space is still highly dynamic! The initial notes in Hunting for Lobsters in EPM Analytics - Openclaw (Clawdbot, Moltbot) | Community still stand. The goal isn’t artisanal policies, or boiling the ocean to catch a few lobsters - they will mutate before being totally captured anyways.   💡 There’s a whiteboard at the bottom of the post from my my analogue thinking to provide a visual of the logic. 

The following articles were published last week. New Knowledge Base Articles: KB0022226 - Azure Files incompatibility with EPM-W features using Alternate Data Streams (ADS) KB0022378 - What is the difference between elevation and allowing an application? KB0022392 - How to block specific application installs via Homebrew using EPM-M

Hello! Does the EPM W Package Manager automatically update itself or we can control it . I see we can control the adapter and client version while using the Package Manager but don’t see a setting to control the version of PM .

The following articles were published last week. New Knowledge Base Articles: KB0022403 - Issue with computer or adapter IDs (GUIDs) being overwritten KB0023505 - Trying to start the EPM cloud adapter results in Error 1053: The service did not respond to the start or control request in a timely fashion KB0023531 - Performance issue in EPM-M - Failed to look up group a

Hi there,We have set up MFA-Messages to authenticate admins when installing software on a client. This also needs to be done on “user-clients”. The problem is that you actually can use the admin mfa session to access various ressources such as microsoft admin portal if youre not actively sign out or do the authentication in private-tab.I already tried to use the following in my entra application, but this does not seem to work: Has anyone setup an MFA-Authentication in Messages for EPM-W and may assist?Many Thanks!

has EPM-W in BeyondInsight Software, Now its eol.We need to migrate to UVM based appliance in Active Active with DC-DR, I need assistance in understanding what all should be considered before the migration.1. How do i make sure the software based deployment which has DB should be moved to the new UVM deployment in Active active.2. How do I make sure I deploy UVM in Active Active in DC & DR where I should deploy 3 UVM in DC and 3 UVM in DR so I get them running active active all the time.3. How many maximum machines do we can connect using this kind of deployment for EPM-W4. Also Wanted to understand for EPM what the load Balancer configuration should be.

I was recently asked if there were any best practices uses the challenge response tool with EPM where there’s the software and the key. While we do have some documentation around how to use it, I feel this warranted a quick notes of practices I recommend based on seeing this live in some environments. Tip 1: Put the shared key in a vaultThe shared key is something that should be protected as anyone with the response code generator tool can generate the code. That’s by design, so please protect the shared keys in a vault. Or other encrypted method that’s not in the company’s documentation portal.  Tip 2: Restrict who can run the response code generatorEven though the response code generator needs access to get the installer, it’s good to restrict who can run the response code generator as a layer of friction in the policy. Ideally limited to the service desk only.  Other documentsThis is a quick tips on the response

Trying to install BeyondTrust during a Windows Autopilot deployment, the application installs, but it's not fully setup to handle elevation prompts until after a considerable amount of time and a reboot. Is there a guide on how to install Beyond Trust EPM during Autopilot that improves this experience?

The following articles were published last week. New Knowledge Base Articles: KB0022288 - What does the ManageSystemProcesses registry key do? KB0022296 - EPM-M limitation with Keychain Access KB0022297 - JetBrains Toolbox update fails using EPM-M elevation

Hi There,we often create a blanc Test-Policy by importing the productive policy, make changes and test them there. However we expirience some unconsistencies when rolling back to the productive policy. In fact OnDemand processes are not being recognized. So if i start powershell as Administrator, it hits the default any uac (not OnDemand) This is most likely due to a cache issue or sth. On a machine which did not have the test-policy assigned, the productive-policy is working as expected and OnDemand rules are applied correctly.Multiple Computer restarts did not solve the problem. A few hours later, it just worked again without any changes.Is there a way to troubleshoot this? Many Thanks

Hi,I have a problem with the Avecto Defendpoint Service (client version 25.8.12.0).When I restart a Windows 11 notebook, the service is running, but EPM does not work correctly.To resolve the issue, I have to restart the Avecto Defendpoint Service manually, after which everything works as expected.If I set the service startup type to Delayed Start, it starts after about two minutes and then works fine.Has anyone else experienced this issue?Thank you.Kind regards,Thien

Hello All,Is there a way to notify (some sort of pop up) the users that the JIT request has been approved via BT EPM app/agent for a better user experience ? PMC has been integrated with SNOW.

The following articles were published last week. New Knowledge Base Articles: KB0022887 - JIT requests stuck in the pending status in ServiceNow

Hey everyone,Checking to see if anyone has seen this before, I have multiple servers in an environment that all point to the same proxy.  On a handful of these servers, I can see where package manager is downloading and attempting to install the adapter and client.  However, on others I’m seeing where it cannot download the package.  It tries 5 times, gives up and says I can find more information on the agent with a specific ID (looks like the computer ID).  Anyone have a location for that log? I’ve looked in the standard ones with no luck.I’ll attach an example from the event viewer logs so you can see where it downloads and tries to install the adapter with a 1603 error on one (this I’m trying to fix with workarounds) and on the other it can’t download at all.  

Does anyone know if it is possible to include multiple domains in a management rule filter?  For an example, we need to setup rules to move multiple domains to single computer groups after a certain length of time.  Currently, I have over 20 management rules in place to do this functionality, however I would like to cut that down if possible.  

EPM-W is blocking some of the functionality of ZoomText screen reader. How do we get around that and allow all functions of ZoomText to run? zt.exe and child processes have been whitelisted already.

Hi All I have been looking arround for a document that can help in building the Beyondinsight Using UVM for Privilege Management for Windows & Mac in Active Active mode for DC & DR. What are the prerequisites and how to establish the DC & DR scenarios, what are the things that we should be really looking into for the deployment. My another query is how does the Agent understand the DC & DR scenario as if we need to deploy 1 Management node in DC and 1 Management node in DR with 2 Event worker nodes in DC and 2 Event Worker nodes in DR. Where in DC we have SQL in Cluster with Always ON Availability Group and Same deployed seprately in DR too. Can some one explain as how it works and what are the precautionary measurements we need to take care of.

The following articles were published last week. New Knowledge Base Articles: KB0022215 - Privilege Management for Mac client app bundle continually verifiying package KB0022295 - How to create replacement definitions for PGNetworkAdapterUtil, PGPrinterUtil and PGProgramsUtil KB0023279 - EPM-M Defendpointd memory leak causing high RAM usage

Hello,I am working on creating a new BT EPM policy for our Win 10 and 11 system in our environment. I created an application group and added it under Low Flex workstyle. I am trying to create a policy that will block all the applications except the ones i have approved in SCCM Software Center and InTune. My problem is that i have a list of couple of hundred of approved apps and i don’t want to add them in the application group manually one by one. is there a way to import them from an excel list if i populate the excel with publisher and product name and whatever else i might need. or is there any API i can use for that.Thank You

Has anyone else gotten the 26.1 agent upgrade yet? We have been waiting for a few weeks now, and it is still not available to us. I don’t know if we should put in a ticket to find out why it hasn’t been pushed to us yet, or if it is just taking that long.  We’re looking forward to the AAD refresh capability that’s built into it. 

On our systems we’ve deployed beyondtrust to, if I do a Microsoft sentinel or KQL search for local admin login events, I’m seeing a lot of accounts that start with lenovo_tmp. After some searching, it appears that these are used by the lenovo system updater software to run updates with elevated privileges when a user is not admin. This concerns me because it seems to violate the tamper protection of beyondtrust that disallows the creation of other admin accounts. (lenovo forum for context).Is anyone else seeing this? If you can run KQL advanced hunting queries, look at the DeviceLoginEvents t