Hey ​@ThienT 

I would check the logs to see for any signs that could prevent the service from starting, or if we see a failed start of the service.

Then I would validate if there is a potential conflict with other 3rd party security apps?
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017099

vice versa if you need to exclude EPM from touching your other security products, use HookExlusions and or DriverHookExclusion.
HookExclusion
https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0017569
DriverHookExclusion
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020102

Do read the KBs as they can have unintended consequences. 

Kind regards
Jens

Hello Jens,

thanks for your help. The Logs in the events says the Service is resumed/started. I did try it with the Configuration as an Exception in the Windows Defender. Also I set the RegKey DriverHookExclusions but somehow neither of the Solutions works. Do you have another Solution for the Problem?

Thank you Kind Regards

Thien

How many clients do you have the issue on and how many total clients?

If 1 out of 1000 have the issue, redeploy/reimage the system

DriverHookExclusion is for the EPM client not to tamper with whatever you excluded, it will lose the ability to control the excluded process completely.

What did you add to your exclusion for driverhookexclusion?

In the other 3rd party tools NOT epm, did you add all the recommended exclusion?

Windows exclusions

Excluded folders for real-time and AV scanning protection:

• C:\Windows\system32\DRIVERS\PGDriver.sys
• C:\Program Files\Avecto\Privilege Guard Client\
• C:\Program Files (x86)\Avecto\Privilege Guard Client\
• C:\ProgramData\Avecto\
• C:\Program Files\Avecto\Avecto IC3 Adapter\ 1
• C:\Program Files\Avecto\PMC PackageManager\ 2

Exclusion of processes:

• C:\Program Files\Avecto\Privilege Guard Client\DefendpointService.exe 
• C:\Program Files\Avecto\Avecto IC3 Adapter\Avecto.IC3.Client.Host.exe 1
• C:\Program Files\Avecto\PMC Package Manager\PMC.PackageManager.exe 2
• C:\Program Files\Avecto\Privilege Guard Client\DefendpointBeyondInsightAdapter.exe 3
• C:\Program Files\Avecto\Privilege Guard Client\PasswordSafeService.exe 4
• C:\Program Files (x86)\Avecto\Privilege Guard Client\PGEPOService.exe 5

If managed by:
1 - For EPM Cloud
2 - For EPM Package Manager
3 - For EPM integrated with BeyondInsight 
4 - For EPM integrated with Password Safe
5 - For EPM integrated with Trellix ePO

KR
Jens

I use this registry DriverHookExclusions Key

As an additiional Info, when i change a rule or do changes via Webconsole and then “Refresh all policies” it enables the EPM functions again. Then when i restart i doesn´t works anymore. 

The Windows Exclusions does not working also. 

I did already tried to reiinstall the computer with the BeyondTrust Privilege Management Package Manager but it didnt helped either.

Kind Regards Thien

Sorry this is to exclude other processes from EPM, not EPM from itself.

So if you had Cylance, Trellix, DLP Clients etc. those should be the paths to use.
The list I added above for EPM Folder goes in as exclusions in your AV tools, to avoid conflict of AV attempting to tamper with EPM. Some AV’s support to exclude signing certificates you can grab from the EPM Processes to exclude.

Then DriverHookExclusions requires the full path and filename in any lower version than 26.1, were as hookexclusions you can do a path wildcard.

Please thoroughly read the KBs
And be aware of what the implications of implementing these are.

Kind regards
Jens