Endpoint Privilege Management for Windows 23.9.261 Release Notes

December 14, 2023


  • Microsoft .NET Framework 4.6.2 (required to use Power Rules, PowerShell audit scripts, PowerShell API, and Agent Protection)
  • Microsoft .NET Framework 4.8 (required to use Multifactor Authentication with an OIDC provider)
  • PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
  • Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)
The executable version of the client package includes all necessary prerequisites (excluding .NET Framework) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.

Issues Resolved:

  • Resolved an issue where upgrading Endpoint Privilege Management for Windows would prevent policy information being displayed in the System Tray until a reboot or restart of PGSystemTray.exe.

Upgrades from 23.9 to other versions will require the workaround of restarting PGSystemTray.exe process, or rebooting the machine. Upgrades from any other version than 23.9 to all other versions will not exhibit the issue.

  • Resolved an issue where designated users were unable to authenticate after being disconnected from the network/VPN.
  • Resolved an issue where catalog subsystem matching (CheckAdditionalCatalogSubsystems) could cause directories to become locked.
  • Resolved an issue with the Italian language notification templates containing some French language strings.
  • Resolved an issue where some messages configured with or conditions presented a UAC password prompt. Scenarios affected and resolved:
    • Authenticate and run as designated user or MFA Authentication
    • Authenticate and run as designated user or Challenge Response
  • Resolved an issue with Hosted File types in On-Demand rules, which resulted in the hosted file not being opened by the hosting process.
  • Resolved an issue where Endpoint Privilege Management for Windows messages, message headers, and banners were not being read on secure desktops by JAWS and NVDA.
  • Mitigated an issue where Windows installers (MSI, MSU, MSP, etc), that are in locations inaccessible to the Privilege Management for Windows service, fail to match publisher criteria during rules processing.

The mitigation fixes the issue when the installer is blocked using publisher criteria checks, but "allow rules" will not be matched, and will continue to pass through to the next application. To see suggestions on how to improve this experience in the "allow rules" case, please view this KB: https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0020646

Known Issues:

Agent Protection may block upgrading Endpoint Privilege Management for Windows via Package Manager. If using Agent Protection and Package Manager, please follow these instructions: https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020423. This issue has been resolved in version 24.1.


  • Endpoint Privilege Management Policy Editor 23.9 (recommended), 21.6+
  • Endpoint Privilege Management ePO Extension 23.10 (recommended), 21.2+
  • Endpoint Privilege Management Console Windows Adapter 23.9 (recommended), 21.8+
  • BeyondInsight/Password Safe23.2 (recommended), 7.2+
  • Trellix Agent 5.7+
  • Trellix ePO Server 5.10 Service Pack 1 Update 1 (recommended), Update 13+

Supported Operating Systems:

  • Windows 11
    • 23H2
    • 22H2
  • Windows 10
    • 22H2
    • 21H2
    • LTSB 2015
    • LTSB 2016
    • LTSC 2019
    • LTSC 2021
  • Server
    • 2022
    • 2019
    • 2016
    • 2012R2
    • Core 2016
    • Core 2019
    • Core 2022

For more information about compatibility, see Privilege Management for Windows and Mac: Supported Versions and Operating System Compatibility.