DocumentationAPI ReferenceRelease Notes
Log In
Documentation

Application analytics

Suggest Edits

What are applications?

Applications, as defined by EPM for Windows and Mac, include the following:

Windows application types

Application TypeAggregation Criteria
Executable (exe)
  • Application name
  • Application description
  • Publisher
  • Admin required
COM Class (com)
  • CLSID
  • COM Display Name
  • Publisher
  • Admin required
Installer Package (msi)
  • Application description
  • Upgrade code
  • Publisher
  • Admin Required
Uninstaller (unin/unex)
  • App Description
  • Product Name
  • Publisher
  • Admin Required
Store App (appx)
  • Publisher
  • Admin Required
  • Store App Name
Windows Service (svc)
  • Service Display Name
  • Service Action
  • Publisher
  • Admin Required
Control Panel Applet (cpl)
  • Publisher
  • Admin Required
  • App Description
Management Console (msc)
  • Publisher
  • Admin Required
  • File Path

macOS application types

Application TypeAggregation Criteria
Binary (bin)
  • Publisher
  • Authorization Required
  • File Path
Bundle (bund)
Package (pkg)
System Preference Pane (pref)
  • Publisher
  • Authorization Required
  • Application Name
  • Application Description

The Applications page

  1. Analytics tabs: Access the Dashboard, Events, Applications, and Users pages.
  2. Filters: Select a filter to refine your results. Click Clear Filters to remove all filters from your results.

    👍

    Available filters
    • Time Period
    • Computer groups
    • Operating system
    • Application type
    • Admin required
    • App description
    • App name
    • Application group name
    • Downloaded status
    • Drive type
    • Elevation method
    • Elevation action
    • Message name
    • On demand
    • Policy name
    • Publisher
    • Workstyle name
  3. Save View and Load View: Save your filter preferences and load the view later for quick access to your most frequently-used preferences.
  4. List options: Click to refresh the list, Download icon in [%=Products.PMAb%] SaaS. to download the list to a .csv file, to select which columns to display on the page, and Download icon in [%=Products.PMAb%] SaaS. to configure your page display.
  5. Columns: Details for each event.

    👍

    Available columns
    • Application name
    • Versions
    • Admin Required
    • Processes
    • Users
    • Computers
    • Date Discovered
    • Last Event
    • Operating System
    • Group Name(s)
    • Application Type
    • Publisher
    • Event Action
    • Application Group Name
    • Message Name
    • Elevation Method
    • On Demand
    • Drive Type
    • Workstyle Name
    • Policy Name

Add an application to a policy

📘

Note

You can only add an application to an unlocked policy.

  1. From the top left of the page, click Menu button > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
  2. Click Applications.
    The Applications page displays.
  3. Locate the application you want to add to a policy.
  4. In the application row, click .
    The Application panel displays.
  5. Select an unlocked policy and available application group from the drop-down list.
  6. Click Add and Edit Policy.
    The Policy Editor opens and the Applications Group page displays.
  7. Edit the application settings.
  8. Click Save Changes.
    The policy saves.

View an application's details

👍

Best practices

Use the application details to:

  • View how often an application runs in your estate and the associated behavior at the end user level (for example, how often an event action occurred for an application over a given time period).
  • View the number of users running an application, the reason given if one is required, all associated events, and metadata (such as versions run, application type, etc.).
  • View event details specific to the application.
  1. From the top left of the page, click Menu button > Endpoint Privilege Management for Windows and Mac > Analytics. The Analytics page displays.
  2. Click Applications.
    The Applications page displays.
  3. Locate the application you want to view.
  4. Click the Application Description.
    The Application Details page displays, where you can review at-a-glance user and event activity.
  5. Optionally, click the User Activity or Events tabs to display additional details for each logged user or event activity.

Export to CSV

Click the Download icon to export all analytics data results in the currently filtered result set. When downloading from the Applications page:

  • Includes up to 10,000 rows.
  • Exports only child rows.
  • Downloads only the current page. For example, if 25 items are selected on the page, you only see the child rows for the items on the current page).
  • Exports all columns.

When saving an export file for events, you can set the number of records to download, the columns to include, and a file name.

Click the Notifications icon when the file is ready to download. Notifications only apply to the Events page.

Save and load views

EPM users with Analyze Group permissions can create and save a set of filters and columns so that the same set of filters does not have to be selected every time Analytics is accessed. Saving viewing preferences provides an easy way to return to views of data used frequently to monitor Endpoint Privilege Management activity in the estate.

You can load and save data sets from the Events page, Applications page, and Users page.

Access views on any device regardless of the device the views were created on.

  1. After selecting filters, select Save View to retain those preferences for viewing later. Preferences are saved locally.
  2. If a view name already exists, select Overwrite existing view, and then select the view you want to replace.
  3. The next time you access Analytics, your view settings are preserved. Click Load View to select and load a view.
  4. On the Load Event View pane, you can delete and refresh views.

Recommended views

The recommended views provide a selection of the most useful predetermined views. Use the views to review collected data and make informed decisions around policy editing.

  1. To access the views, go to Analytics.
  2. Click the Applications tab.
  3. Click Load View, and then click the Recommended Views tab.

Recommended views for applications load with the default filters.

NameDescription
Discovered: Active ApplicationsTo help build the Passive Allow and the Add Admin definitions. This view is used for implementation as it displays all the events captured by the (Default) rules.
The report name in legacy reporting: Target Types
Discovered: by PublisherTo view discovered applications aggregated by Publisher, to decide if you want to treat all applications from that publisher the same way in policy and take that action.
The report name in legacy reporting: Discovery by Publisher
Discovered: by Requiring Admin RightsTo see the applications that require admin rights and how they are granted, so you can track down genuine admins and what they are running.
The report name in legacy reporting: Discovery Requiring Elevation
Discovered: from External SourcesDiscover applications run from riskier places, to ensure the applications are not allowed admin rights.
The report name in legacy reporting: Discovery from External Sources
Discovered: New and UncategorizedFind the new and uncategorized applications running in your estate. Take action to add the applications to a category (add to a more specific application group).
The report name in legacy reporting: Discovery All

Updated 24 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.