Skip to main content

Our company utilizes a full Trellix stack of products (unfortunately) in addition to Endpoint Privilege Management.  We have recently upgraded from our On-Prem ePO managed Privilege Management solution to the new SaaS PMC.  One thing we have learned is that when using the EndpointUtility.exe tool to gather logs, is that the Endpoint Utility wants to grab all of the McAfee ProgramData logs even though we have just finished fully migrating over from on-prem ePO managed to SaaS.

It seems Trellix Self-Protection is causing a permissions error at the very end of the log capturing process. After working with support and confirming there is no CLI available in this tool, we are basically forced to disable all of self-protect in order to gather logs, McAfee logs at that, that aren’t even necessary.

Making this post as a means to communicate our findings in case others coming from on-prem ePO to SaaS experience this problem.  It would be extremely beneficial if there were baked in CLI arguments that we could pass to suppress errors, or even better if the Endpoint Utility could be re-released as a SaaS only tool and with the option to not gather McAfee/ePO logs.

We have a strong need to run this tool remotely on endpoints since finding time to run it locally with users is time consuming, and hard to schedule with our developers, who use EPM more than anyone. 

Adding more CLI arguments to the tool, like suppressing errors, or running silently would help us tremendously since when it queries the Trellix folders, it generates a popup that the user cant see, and the tool hangs. 

This has been lacked for quite some time on the PGcaptureConfig side. There is no need to collect the ePO logs for clients that are not managed by ePO, so a switch to skip the EPO content would be nice.

And an option to request this from the PM Cloud would be awesome, so vote on the below idea.
https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-1772

This has been lacked for quite some time on the PGcaptureConfig side. There is no need to collect the ePO logs for clients that are not managed by ePO, so a switch to skip the EPO content would be nice.

And an option to request this from the PM Cloud would be awesome, so vote on the below idea.
https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-1772

Voted for this too!  Building upon these tools is vital and I’m glad others are seeing the need for these improvements as well.

Reply


Badge Earners

  • BCA: Endpoint Privilege Management - Windows
    Hakasehas earned the badge BCA: Endpoint Privilege Management - Windows
  • BCA: Endpoint Privilege Management - Mac
    Hakasehas earned the badge BCA: Endpoint Privilege Management - Mac
  • BCA: Remote Support
    Hakasehas earned the badge BCA: Remote Support
  • BCA: Endpoint Privilege Management - Mac
    joselopezhas earned the badge BCA: Endpoint Privilege Management - Mac
  • BCA: Password Safe
    gnajerahas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings