DocumentationAPI ReferenceRelease Notes
Log In
Release Notes
Back to All

Endpoint Privilege Management for Windows 24.8 release notes

about 2 months ago

December 12, 2024

Requirements

  • Microsoft .NET Framework 4.6.2 (required to use Power Rules, PowerShell audit scripts, PowerShell API, and Agent Protection)
  • Microsoft .NET Framework 4.8 (required to use Multifactor Authentication with an OIDC provider)
  • PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
  • Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)

ℹ️

Note

The executable version of the client package includes all necessary prerequisites (excluding .NET Framework) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.

Enhancements

Added a new PasswordAllowed field for messages which allows Windows Hello to be configured without a password.

  • Windows Hello and TouchID can be configured without a requiring password.
  • TouchID authentication is now integrated into EPM-M messages.

Issues resolved

DescriptionResolution
Errors when uninstalling programs from the old control panel where the uninstaller is an .exeResolved appwiz.cpl crash when uninstalling non-.msi type applications.
Credential authentication error on a domain joined computer with a name longer than 15 characters.Resolved designated user authentication failing when domain-joined if the computer name is longer than 15 characters.
Privilege Monitoring missing detailsResolved an issue where the privilege monitoring MMC snap-in was unable to display monitoring events correctly.
Windows 11 accessibility icon on the login page flashes when you click on it with EPM-W installed.Resolved an issue where accessibility menu was failing to open on Windows 11.

Security updates

DescriptionResolution
Windows Hello Authentication can be bypassed stopping the winhelloauthenticator process.Resolved a vulnerability regarding a bypass of authentication using Windows Hello.
File path matching can be bypassed via paths longer than 260 characters.Resolved a vulnerability where some application rule matching could be bypassed by using very long file paths.

Compatibility:

  • Endpoint Privilege Management Policy Editor 24.8 (recommended), 22.1+
  • Endpoint Privilege Management ePO Extension 23.10 (recommended), 22.7+
  • Endpoint Privilege Management Console Windows Adapter 24.8 (recommended), 22.1+
  • BeyondInsight/Password Safe 24.2.1 (recommended), 7.2+
  • Trellix Agent 5.7+
  • Trellix ePO Server 5.10 Service Pack 1 Update 1 (recommended), Update 13+

ℹ️

Note

For information on supported operating systems, see Supported platforms.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.