Troubleshoot Endpoint Privilege Management for Mac

Check Endpoint Privilege Management for Mac is installed and functioning

You can confirm whether Endpoint Privilege Management for Mac is running by checking the Activity Monitor for the following processes:

  • Defendpoint
  • defendpointd
  • dppolicyserverd

Check Settings are Deployed

Assuming Endpoint Privilege Management for Mac is installed and functioning, the next step is to check that you have deployed settings to the computer or user.

ePO policies are stored by Endpoint Privilege Management as an XML file in the following location:

%ProgramData%\Avecto\Privilege Guard\ePO Cache\Machine\PrivilegeGuardConfig.xml

Check that Endpoint Privilege Management is Licensed

One of the most common reasons for Endpoint Privilege Management not functioning is the omission of a valid license from the Endpoint Privilege Management settings. If you create multiple policies, then you must ensure that the computer or user receives at least one GPO that contains a valid license. To avoid problems, it is simpler to add a valid license to every set of Endpoint Privilege Management settings that you create.

Check Workstyle Precedence

Assuming that Endpoint Privilege Management is functioning and licensed, most other problems are caused by configuration problems or Workstyle precedence problems. Please be aware that if you have multiple policies, these are evaluated in alphanumeric order.

Once an application matches an Application Group entry in the Application Rules or the On-Demand Application Rules, then processing does not continue for that application. Therefore, it is vital that you order your entries correctly:

  • If you create multiple Workstyles, then Workstyles higher in the list have higher precedence.
  • If you have multiple rules in the Application Rules and the On-Demand Application Rules sections of a Workstyle, then entries higher in the list have higher precedence.

Application Rules are applied to applications that are launched either directly by the user or by a running process. On-Demand Application Rules are only applied to applications that are launched from the Endpoint Privilege Management shell menu (if enabled).

Certificate Error in Trellix Endpoint Security (ENS)

A certificate error is shown on the endpoint in the Event Log for McAfee Endpoint Security (ENS).

A certificate error is shown on the endpoint in the Event Log for Trellix Endpoint Security (ENS) if Endpoint Privilege Management was installed prior to Trellix Endpoint Security.

 

Add the Certificate for Endpoint Privilege Management:

  1. Navigate to Policy Catalog and select Trellix Endpoint Security from the Product dropdown menu.

Check the Allow box in the Certificates area to trust vendor applications to run code in McAfee.

  1. In the Self Protection section, navigate to the Certificates section and check the Allow box. This allows BeyondTrust processes to be trusted.

 

  1. Click Save.

This resolves the error encountered when using BeyondTrust Endpoint Privilege Management and Trellix Endpoint Security software.