Endpoint Privilege Management for Windows 24.7 release notes
November 12, 2024
Requirements
- Microsoft .NET Framework 4.6.2 (required to use Power Rules, PowerShell audit scripts, PowerShell API, and Agent Protection)
- Microsoft .NET Framework 4.8 (required to use Multifactor Authentication with an OIDC provider)
- PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
- Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)
Note
The executable version of the client package includes all necessary prerequisites (excluding .NET Framework) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.
New features
We now run on ARM64!
Endpoint Privilege Management for Windows and it's associated endpoint components now run on ARM64 so that you can continue to protect your whole estate, whether you're managing, Intel, AMD, or ARM64 hardware.
Limited to estates managed via Endpoint Privilege Management SaaS.
ARM64 support limitations:
- PowerRules
- PowerRules will not work, and will not run the script, falling back to the default action for that rule
Audit script
Audit scripts using PowerShell will not run at all. VB and JS audit scripts should still work.
COM class
COM elevation-type rules will fail to elevate if UAC is disabled and the action is performed by an administrator account. If the user is not an administrator, or if UAC is enabled, then the rule will function as expected
Enhancements
Update to XML attributes in MMC Policy Editor
We updated the MMC Policy Editor to honor XML attributes to ensure policies created in the web Policy Editor retain their attributes when imported and exported through MMC. This update prevents unexpected removal of attributes and maintains consistency across different policy management tools.
JIT application access
Updated the Windows JIT application access feature to ensure that block events are raised when a deny decision is made. This change improves consistency in the handling of denied requests. JIT application access is supported on EPM-WM SaaS only.
Additional enhancements
- Improved JIT application access error message wording.
- Updated the QuickStart template: This update ensures that Narrator can operate normally when the recommended policy changes are implemented. The changes will be made only for Narrator in the QS policy. All users workstyles need to be enabled.
Issues resolved
| Description | Resolution |
|---|---|
| Data was incorrectly being audited when active Content Control rules used Controlling Process definitions. | The correct data is now used by the Controlling Process. |
| There was a possibility communication to the EPM-W service could stop. | Message handling threads no longer hang if there is a pipe failure at a specific point. |
| Microsoft Defender attack surface reduction (ASR) was preventing opening of file when Content Rules were active in the policy. | MS Defender ASR no longer blocks Content Rules in the active policy. |
| IP filtering was incorrectly validating inputs in the Policy Editor. | Enhanced computer filtering so invalid IP addresses are not included in the filter. |
| Command line matching criteria would not match when special characters were present in filenames/paths. | Special characters can be used in file names and paths. |
| Cancellation events would be triggered for uninstaller rules even if they were disabled. | There is now a check in place to determine if cancel events need to be audited. |
| Docker might not open when using with EPM-W. | Fixed a potential BSOD when using Docker with EPM-W. |
| Targeting Any Application with a PowerRule script locks the computer when restarting. | Targeting any Application with a Power Rule script no longer causes a hang on reboot. |
| EPM-W messages were not focused on when ran from the Start menu on non-secure desktop. | EPM-W messages are now correctly in focus. |
Security updates
| Description |
|---|
| We have updated a library in our EPM-Windows repository as part of our ongoing commitment to security and software quality. Details: What: Our security monitoring tools identified the need to update a specific library within our .NET framework. Although our application was not affected by the issue, we have proactively updated the library to ensure continued security and compliance. Why: This update is part of our routine maintenance to address any potential security concerns and to keep our software environment up-to-date. Impact: This update does not impact the functionality or performance of our application. No action is required from you, and everything will continue to operate smoothly. |
| Resolved an issue where EPM-W users were able to bypass Authorization messages by preventing SYSTEM access to files. |
| Remote PowerShell commands which match a message that requires authentication will now be blocked, where previously they would have been allowed to run without messaging. |
Compatibility:
- Endpoint Privilege Management Policy Editor 24.7 (recommended), 22.1+
- Endpoint Privilege Management ePO Extension 23.10 (recommended), 22.7+
- Endpoint Privilege Management Console Windows Adapter 24.7 (recommended), 22.1+
- BeyondInsight/Password Safe 24.1 (recommended), 7.2+
- Trellix Agent 5.7+
- Trellix ePO Server 5.10 Service Pack 1 Update 1 (recommended), Update 13+
- For 5.10 SP1 Update 2 see the KB article: BeyondTrust Compatibility with Trellix ePO
Note
For information on supported operating systems, see Supported platforms.