Privilege Management for Windows 5.7 SR1 Release Notes

December 7, 2020

Requirements:

  • Microsoft .NET Framework 4.0 (required to use Activity Viewer, Power Rules, PowerShell audit scripts, and PowerShell API)
  • PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
  • Microsoft SQL Server Compact 4.0 (required on the endpoint that will run the Activity Viewer console)
  • McAfee Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)

The executable version of the client package includes all necessary prerequisites (excluding .NET Framework 4.0) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.

 

If you use the "Uninstaller" application type with a Privilege Management for Windows Client and Policy Editor prior to the 5.7.x release, backup policies before any upgrade and ensure ALL clients are upgraded to 5.7 before upgrading the Policy Editor. For more information, please see Privilege Management for Windows 5.7.x - Granular uninstall feature.

Issues Resolved:

  • Resolved issue introduced by a Windows update that prevented the reading of memory locations for some TPM processes (Ngclso.exe, for example).
  • Added engineering key UseAlternateTokenLaunch, in which parent processes can be named to enable the elevation of processes which would otherwise fail due to an ElevationRequired exception. For example, SCCM installs for Install for user applications which require UAC.
  • Addressed issue in which a system crash which could occur when using Office Mobile apps to save files to local machine.
  • Resolved issue in which ZoneID caused a stop error.
  • Privilege Management for Windows now safely ignores any Power Broker for Windows policies assigned by BeyondInsight. Previously the entire list PBW and PMfW would be ignored, resulting in no PMfW policy updates.
  • Added an optional setting to the Service Now Rule Script integration which allows the override of operating system default TLS settings.
  • Moved the EnabledDriverFeatures engineering key read by the driver into the SYSTEM registry hive to enable it to function on boot.

    The key was moved from HKEY_LOCAL_MACHINE\SOFTWARE\Avecto\Privilege Guard Client to KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PGDriver.

    • If set via Advanced Agent settings the values will be migrated automatically; if by other means, you will need to migrate the values.

  • Corrected a typo in the Canceled Event Log.
  • Resolved an issue in which BT Zone ID was not being set on files downloaded via new MSEdge (Chromium).
  • We now guarantee the application of new GUIDs for pasted Application Rules, On Demand Rules, and Content Rules, for Windows and macOS.

Compatibility:

  • Privilege Management Policy Editor 5.7 (recommended), 5.0+
  • Privilege Management ePO Extension 5.7 (recommended), 5.0+
  • Privilege Management Console Windows Adapter 2.4 and 1.4+
  • BeyondInsight/Password Safe 7.1 (recommended), 6.9+
  • McAfee Agent 5.6 (recommended), 5.0+
  • McAfee ePO Server 5.10 (recommended), 5.9

Supported Operating Systems:

For more information about compatibility, please see Privilege Management for Windows and Mac: Supported Versions and Operating System Compatibility.