Skip to main content

Hi,

Has anyone seen issues with Win11 AutoPilot laptops and PatchMyPC where EPM is now prompting users trying to install anything in Company Portal.

I found this

Previously: EPM probably trusted these scripts through a Publisher rule or Parent process allow rule.

Now: After a recent Patch My PC update (around Oct 2025), the background script is signed or launched differently, possibly under the System Functions policy group, and no longer matches the older rule conditions.

Anyone any ideas?

Hey Kpower77. 

I would attempt to review these installs using process explorer, this could help you to identify the needed rules.

Setup a test laptop with local policy is the fastest way to troubleshoot it.

Then installs should usually happen in the context of System instead of user context, this will prevent you from even having to create rules for it in the first place.

All the best
Jens

Badge Earners

  • BCSE: Password Safe
    Kaenniehas earned the badge BCSE: Password Safe
  • 25 Courses Completed
    Daron Garrisonhas earned the badge 25 Courses Completed
  • BCSE: Privileged Remote Access
    AliBhas earned the badge BCSE: Privileged Remote Access
  • BCSE: Privileged Remote Access
    Krista Neunerhas earned the badge BCSE: Privileged Remote Access
  • BCSE: Password Safe
    Krista Neunerhas earned the badge BCSE: Password Safe
Show all badges
Terms & ConditionsCookie settingsAccessibility statement