Manage Privilege Management Audit Scripts

When an application is allowed, elevated, or blocked, or when content modification is allowed or blocked, Privilege Management for Windows logs an event to McAfee ePO to record details of the action. If you want to record the action in a bespoke or third party tracking system that supports PowerShell, VBScript, or JScript based submissions, you can use the Run a Script setting within an application, on-demand application, or Content Rule.

To add a new auditing script:

  1. Navigate to the Policy Catalog and select the policy.
  2. Select the Utilities node and click Manage Audit Scripts.
  3. In the left pane, select Action > Add. The Add Script dialog box appears.
  4. Enter a Script Name.
  5. Select either PowerShell, VB Script or Javascript from the Script Language dropdown menu.

PowerShell audit scripts can only be run in the system context.

  1. Select how long the script should be allowed to execute before it is terminated, from the Timeout dropdown menu. By default, this is set to Infinite.
  2. Select whether the script should be executed in the System context or the current User context, from the Script Context dropdown menu.
  3. Enter the script code either manually or by copy and paste. Alternatively, you can import a script by selecting Action > Import at step 2 and browsing to the location of the relevant script.
  4. Click OK to finish.