Hook Exclusions and Managed Hook Exclusions
BeyondTrust is a Microsoft GOLD-certified ISV solutions provider and therefore must ensure that its products comply with Microsoft coding standards. BeyondTrust uses Microsoft’s only fully supported method of application hooking, a Microsoft solution called Detours (a reliable method for intercepting APIs in user mode, described here: Detours - Microsoft Research ). The product is designed to be compatible with other products that also use Detours, including some of Microsoft’s products.
What is a HookExclusion?
BeyondTrust has built into its hooking technology the ability to “exclude” a process from being hooked. A common misconception about HookExclusions is that by applying an exclusion the hook is not injected into the process. This is incorrect, the EPM-W client will still inject the hook into the process, however, the hook will become dormant and will not communicate with the EPM-W service.
BeyondTrust has deployed more than 4 million endpoints with its technology and has had to co-exist with literally thousands of application combinations.
Endpoint Privilege Management for Windows HookExclusion
In Endpoint Privilege Management for Windows (EPM-W), hook exclusions will occasionally be required for the following application types:
-
Executables (.exe)
-
Windows Installer files (.msi’s)
-
Hosted File Types (.reg, .bat, .ps1 and any other Windows-based scripts)
What functionality is retained or lost?
Retained:
-
The Process or Application which has been excluded can still be controlled using EPM-W policies.Privilege Monitoring of CHILD processes is available and audit events would be generated.
Read more here
Customer Case Study
MTS: Misr Technology Services Streamlines Identity Security & Improves Operational Efficiencies with BeyondTrust
Latest Available Versions:
Endpoint Privilege Management (Cloud and Pathfinder) 25.6 - July 2025
Endpoint Privilege Management for Windows 25.4.270 - July 2025
Endpoint Management for Mac 25.4.2 - July 2025
Beekeepers Hot Topics
Issues with elevating MSI's
“Just curious if anyone else has encountered this. After updating to 25.2.11 some MSI’s fail directly after launch or mid through the installations.
They get errors like these:
-
2738, Could not access VBScript run time for custom action t2].
-
2739, Could not access JScript run time for custom action t2].
to solve this one should run regsvr32 jscript.dll or regsvr32 VBScript.dll however after installing 25.2.11 we are no longer able to edit HKEY_CURRENT_USER\Software\Classes\CLSID\{Any CLSID Folder}.
If I downgrade BTPM towards 23.9.261.0 the MSI’s does not fail and im able to read the content of HKEY_CURRENT_USER\Software\Classes\CLSID\{Any CLSID Folder}...”
Click here for the most popular discussions in BeeKeepers
Upcoming and In Case You Missed It Webinars:
Road Maps:
Upcoming Product Road Map : Tuesday, August 5th, 2025
2025 July Product Road Map: Endpoint Privilege Management Windows & Mac
User Groups:
Q2 EPM Virtual User Group Recording
Announcements
Earn $25 by reviewing BeyondTrust!
Your feedback not only helps us but also assists other businesses in making informed decisions. As a token of appreciation, we are offering $25 for each published review through G2 using the link below. Leave a review on G2 and earn $25!
Who To Contact
Need to reach someone from the team or have questions?
Find your main points of contact below.
Support:
Technical Support – Best Practice
Customer Success Management:
Email: customer.success@beyondtrust.com
