Endpoint Privilege Management for Windows 23.3 Release Notes

April 20, 2023


  • Microsoft .NET Framework 4.0 (required to use Activity Viewer, Power Rules, PowerShell audit scripts, and PowerShell API)
  • Microsoft .NET Framework 4.6.2 (required to use Agent Protection)
  • Microsoft .NET Framework 4.8 (required to use Multifactor Authentication with an OIDC provider)
  • PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
  • Microsoft SQL Server Compact 4.0 (required on the endpoint that will run the Activity Viewer console)
  • Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)
The executable version of the client package includes all necessary prerequisites (excluding .NET Framework) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.

New Features and Enhancements:


  • Added the ability to elevate Windows Centennial apps. These are akin to standard win32 apps which run atop a thin registry/filesystem virtualization layer for easier installation. Note that this does not provide elevation support for mobile Universal Windows Platform (UWP) apps.
  • Added support for the new security enhancements configuration options available in the Web Policy Editor, which allow some of the Microsoft recommended DLLs to be blocked.
  • Added the name of the policy that causes a rule to trigger to events for easier referencing in reporting (PM Cloud only).
  • Updated the wording of the toast notifications to be more informative for policy updates.

Policy Editor

  • Added ACR values for macOS when configuring multi-factor authentication messages.

Issues Resolved:

  • Resolved an issue with Edge Chromium processes crashing silently and not closing.
  • Resolved an issue with the reference URLs not displaying in the correct language.
  • Resolved an issue with MSI rules not applying correctly in some circumstances in which multiple rules were targeting the same file.
  • Resolved an issue with elevations not inherited for installers.
  • Resolved an issue with delays to working with files on network shares.
  • Resolved an issue with on-demand elevation rules not correctly applying to MSI files in some circumstances in which multiple rules were targeting the same file.
  • Resolved an issue in which users could see an extra UAC prompt for the WSI.exe application.
  • Resolved latency issues when working with files on NAS shares.
  • Resolved an issue with PGMessageHostExt.exe when a smart card is one of the options in the message.


  • Privilege Management Policy Editor 23.3 (recommended), 21.3+
  • Privilege Management ePO Extension 22.7 (recommended), 21.1+
  • Privilege Management Console Windows Adapter 23.1 (recommended), 21.6
  • BeyondInsight/Password Safe 22.4 (recommended), 7.2
  • Trellix Agent 5.7
  • Trellix ePO Server 5.10 Update 13

Supported Operating Systems:

  • Windows 11
    • 22H2
    • 21H2
  • Windows 10
    • 22H2
    • 21H2
    • 20H2
    • LTSB 2015
    • LTSB 2016
    • LTSC 2019
  • Server
    • 2022
    • 2019
    • 2016
    • 2012R2
    • 2012
    • Core 2016
    • Core 2019
    • Core 2022

For more information about compatibility, see Privilege Management for Windows and Mac: Supported Versions and Operating System Compatibility.