Troubleshoot Endpoint Privilege Management for Mac
Check Endpoint Privilege Management for Mac is installed and functioning
You can confirm whether Endpoint Privilege Management for Mac is running by checking the Activity Monitor for the following processes:
- Defendpoint
- defendpointd
- dppolicyserverd
Check Settings are Deployed
Assuming Endpoint Privilege Management
ePO policies are stored by Endpoint Privilege Management as an XML file in the following location:
%ProgramData%\Avecto\Privilege Guard\ePO Cache\Machine\PrivilegeGuardConfig.xml
Check that Endpoint Privilege Management is Licensed
One of the most common reasons for Endpoint Privilege Management not functioning is the omission of a valid license from the Endpoint Privilege Management settings. If you create multiple policies, then you must ensure that the computer or user receives at least one GPO that contains a valid license. To avoid problems, it is simpler to add a valid license to every set of Endpoint Privilege Management settings that you create.
Check Workstyle Precedence
Assuming that Endpoint Privilege Management is functioning and licensed, most other problems are caused by configuration problems or Workstyle precedence problems. Please be aware that if you have multiple policies, these are evaluated in alphanumeric order.
Once an application matches an Application Group entry in the Application Rules or the On-Demand Application Rules, then processing does not continue for that application. Therefore, it is vital that you order your entries correctly:
- If you create multiple Workstyles, then Workstyles higher in the list have higher precedence.
- If you have multiple rules in the Application Rules and the On-Demand Application Rules sections of a Workstyle, then entries higher in the list have higher precedence.
Application Rules are applied to applications that are launched either directly by the user or by a running process. On-Demand Application Rules are only applied to applications that are launched from the Endpoint Privilege Management shell menu (if enabled).
Certificate Error in Trellix Endpoint Security (ENS)
A certificate error is shown on the endpoint in the Event Log for Trellix Endpoint Security (ENS) if Endpoint Privilege Management was installed prior to Trellix Endpoint Security.
Add the Certificate for Endpoint Privilege Management:
- Navigate to Policy Catalog and select Trellix Endpoint Security from the Product dropdown menu.
- In the Self Protection section, navigate to the Certificates section and check the Allow box. This allows BeyondTrust processes to be trusted.
- Click Save.
This resolves the error encountered when using BeyondTrust Endpoint Privilege Management and Trellix Endpoint Security software.