DocumentationAPI ReferenceRelease Notes
Log In
Release Notes
Back to All

Endpoint Privilege Management for Mac 24.5 release notes

6 months ago

August 13, 2024

Requirements:

  • Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with Trellix).

New features and enhancements:

JIT application access

To smooth rollout and decrease your time to value with EPM, we've brought the popular exception management capability Just-in-time (JIT) application access into EPM SaaS workflow.

Specify in policy application groups you would like your end users to request the ability to run or elevate by specifying the Request action in message.

Your end users can view requests and their status using a new endpoint application installed with EPM, accessed via the System Tray or Menu bar.

Your EPM SaaS administrators (or those with the specific role of Request Approver) action the requests within the EPM SaaS Console, choosing whether to deny or allow the application and for how long that application can be used.

All requests and decisions made are audited.

Incorporate the applications most requested and approved into your policy via a new analytics dashboard tile.

Granular filtering on application rules

Add account filters at an application rule level, either Application Rule or On-Demand Application Rule. Use this filtering to add certain users and groups to a specific rule. This granular filtering ensures that applications will only be accessed by those employees that require it. Search and add users and groups to the application account filters via Entra ID or Local AD for Windows. Supported on clients:

  • EPM-W from 23.5
  • EPM-M from 23.7

Additional enhancements

  • Resolved a vulnerability with application control which would allow a Time of Check, Time of Use by referencing the CDhash and inode provided within the Endpoint Security Framework.

Issues resolved:

  • Resolved an issue where Safari Driver was failing to be enabled via Terminal when EPM-M was installed.
  • Resolved an issue where the EPM-M MDM Configuration Profile was not signed with our developer signature.
  • Resolved an issue with our Configuration Profile when using the profile with auto-enrolment would could cause the Login items to not take effect for BeyondTrust applications.
  • Resolved an issue where disabling Show Header Text in the Policy Editor was not obeyed in EPM-M message dialogs.
  • Resolved an issue where the Rapid Deployment Tool Settings packages were affected by vulnerability CVE-2024-27301.
  • Resolved an issue where the option to Reset Printers & Scanners in System Settings was not able to be used while EPM-M was installed. We have made a change to allow standard users to administer local printer settings. Running sudo pmfm printerAdmin disable on an endpoint will allow users to opt out of this. In a future release, we plan to allow this to be controlled via the Policy Editor.
  • Resolved an issue with the BI adapter file /Library/Application Support/BeyondTrust/Defendpoint/store_on_failure/RCSXML.xml.

Compatibility:

  • Endpoint Privilege Management Policy Editor 24.5
  • Endpoint Privilege Management ePO Extension 22.7
  • Endpoint Privilege Management Console Adapter 24.5
  • BeyondInsight/Password Safe 24.1
  • Trellix Agent 5.7

ℹ️

Note

If you have a business requirement to downgrade the EPM-M client, first uninstall the currently installed version.

Supported Operating Systems:

  • macOS 14 Sonoma
  • macOS 13 Ventura
  • macOS 12 Monterey

ℹ️

Note

For more information about compatibility, see Privilege Management for Windows and Mac: Supported Versions and Operating System Compatibility.

Notes:

None.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.