Endpoint Privilege Management for Windows 23.9 Release Notes

October 31, 2023

Requirements:

  • Microsoft .NET Framework 4.6.2 (required to use Power Rules, PowerShell audit scripts, PowerShell API, and Agent Protection)
  • Microsoft .NET Framework 4.8 (required to use Multifactor Authentication with an OIDC provider)
  • PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
  • Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)
The executable version of the client package includes all necessary prerequisites (excluding .NET Framework) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.

Change to HookLoadMethod Behavior

Starting in 23.9, HookLoadMethod 0, 1, and 2 will default to 3 (APC).

Will this change affect me?

If you aren't sure, you can examine the following:

  • Any flags being passed to the PMfW client installer named HOOKLOADMETHOD= with a value of 0, 1, 2
  • Registry value on endpoints HKLM\SOFTWARE\Avecto\Privilege Guard Client\HookLoadMethod
  • AdvancedAgentSettings within your policy HookLoadMethod

The recommended and default option remains 3, and has been since version 21.6.

No immediate action is required. There is now no behavior difference between these settings. You might want to remove any HookLoadMethod installer flags other than 4 which is only used in some compatibility support cases.

For more information, please see the knowledge base article AppInit End of Support.

New Features and Enhancements:

  • The Privilege Management for Windows Agent Protection Utility is now available as a separate download from the Customer Portal and PM Cloud. This tool facilitates the uninstall of Privilege Management for Windows Client when Agent Protection feature is enabled, and was previously only available via the MMC snap-in Policy Editor installer.
  • Updated newly branded Endpoint Privilege Management logos across PM Cloud, Policy Editor, PMfM and PMfW.
  • Improved the performance of hash based application matching and all auditing by caching file hashes after first use; subsequent hash requests will be faster until the file is changed.

Issues Resolved:

  • Resolved an issue where matching criteria were being evaluated for disabled application definitions within the Application Group in policy. This will improve performance for policies with disabled application definitions. Note: The application was not matched, but still evaluated.
  • Resolved an issue where the policy last-modified time displayed incorrectly when more than one policy is sent to the endpoint. Applies to GPO, BeyondInsight, and ePO platforms.
  • Resolved an issue with case sensitive file names expecting the casing during execution. We now always execute files using the expected file name case. Previously the file names were lowercase for matching purposes, and then ran with the lowercase name as the command line argument.
  • Resolved an issue where a delay was seen while importing a large number of events using the Event Import option in the MMC policy editor.

Security Updates

Agent protection updated to enhance protection of the PMfW service.

Known Issues:

None.

Compatibility:

  • Endpoint Privilege Management Policy Editor 23.9 (recommended), 21.6+
  • Endpoint Privilege Management ePO Extension 22.7 (recommended), 21.1+
  • Endpoint Privilege Management Console Windows Adapter 23.9 (recommended), 21.8+
  • BeyondInsight/Password Safe23.2 (recommended), 7.2+
  • Trellix Agent 5.7+
  • Trellix ePO Server 5.10 Service Pack 1 Update 1(recommended), Update 13+

Supported Operating Systems:

  • Windows 11
    • 22H2
    • 21H2
  • Windows 10
    • 22H2
    • 21H2
    • LTSB 2015
    • LTSB 2016
    • LTSC 2019
    • LTSC 2021
  • Server
    • 2022
    • 2019
    • 2016
    • 2012R2
    • 2012
    • Core 2016
    • Core 2019
    • Core 2022

For more information about compatibility, please see Privilege Management for Windows and Mac: Supported Versions and Operating System Compatibility.

Notes:

None.