Netwrix is pleased to announce the general availability of Netwrix Endpoint Policy Manager build number 25.8.
What’s Changed in Netwrix Endpoint Policy Manager 25.8
Endpoint Policy Manager CSE
PPLOGS and EPMlogs Improvements
PPLOGS got an inadvertent rename to EPMlogs in the previous build. Now PPLOGS returns and EPMlogs also works; so one-tool, two names.
PPLOGS also improved to collect more details like EPM Cloud logs.
Improved Endpoint Policy Manager Device Manager Driver Handling
To enhance system compatibility and prevent potential conflicts with certain hardware drivers, Endpoint Policy Manager Device Manager now installs and runs its drivers only when an active policy is configured to enable the feature.
When no Endpoint Policy Manager Device Manager policies are in place, the drivers are automatically stopped and unregistered, helping maintain a clean and conflict free system environment.
PPLOGS Version 2 Tool Minor Fixes
A few fixes to the PPLOGS tool regarding running in Console Mode and how we request ticket number. PPLOGS v2 is a big change, so please review what it has to offer here.
Endpoint Privilege Manager for Windows Improvements & Fixes
Admin Approval Updates
Admin Approval is now updated to take on more details from requests; enabling you to learn more about the running processes and make better rules. Now Product Name, Product Version, Manufacturer and more can be sent via Admin Approval long codes (aka Email Method) where you can create more tailored rules. Example workflow of improvements seen above.
Endpoint Device Manager Improvements (New Events and new Rules from Events)
Device Manager has a few new Event IDs when certain activities occur. Here is the full list of Device Manager events:
| Event ID | Description |
|---|---|
| 10000 | Access to the device has been blocked due to PolicyPak Device Manager Rule |
| 10001 | Access to the device was granted by policies |
| 10010 | User requires access to the device |
| 10011 | Short response code verified |
| 10012 | Dialog canceled |
| 10013 | Wrong response code provided |
Some examples of the newer events can be seen here:
The function “New Policy from Audit Event or Admin Approval Code” (seen below) is now improved.
All Device Manager Event IDs can be used to Copy | Paste to make Device Manager rules.
Misc Endpoint Policy Manager for Windows Fixes & Updates
Resolved Issues in This Release
-
FireFox Resolution in Application Settings Manager
Firefox 140 support for Application Settings manager and Browser Router. Note: You need to download and upgrade the Firefox AppSet from the portal and update Paks manually or automatically -
Improved Photo Transfer from Mobile Devices to Windows
Resolved an issue preventing iPhone and other mobile phone users from moving photos to Windows systems. -
PPLogs Background Mode Support
Addressed an issue where PPLogs would not run in console mode for version 25.4. The updated PPLogs method now supports background mode. -
Self‑Elevation Justification Validation
Fixed an error where the self‑elevation process returned “Justification text is not valid” when HP SureClick was active. -
Parent Process Signature in AA Feed
The AA feed now correctly includes the signature of the parent process. -
MSI Product Info for Approval Codes
Resolved an issue where MSI AA approval long codes did not include product information required to create a rule. -
Auto Rule Generator Stability
Fixed a crash affecting the LPM Auto Rule Generator. -
2FA Prompt with NPS‑AM Integration
Corrected an issue where no 2FA prompt appeared when using NPS‑AM integration with the “Run As” feature.
Endpoint Policy Manager Cloud
EPM Network Security Manager and EPM Device Manager Events may now be forwarded to the cloud
Many of our components, produce interesting security events which appear locally. Now, if you want to send Device Manager (Event IDs 10000, 10001, 10010, 10011, 10012 and/or 10013) and Network Security Manager (Event IDs 10300 and/or 10301) events to EPM Cloud for processing and reporting, you can follow the same basic steps which are found here (demonstration shows Endpoint Privilege Manager policies.)
Result after events come in looks like what’s seen here.
Additionally, remember that all EPM Cloud customers are entitled to one day’s worth of event storage for free. (Open an EPM support ticket and ask for it if you are unsure.) And you can also buy 7, 14 or 30 days of EPM Cloud storage by talking to your sales representative. Note the list of all events can be found here but the documentation needs to be updated for these latest event types.
Implemented Features
- Device Manager – New In-Cloud Editor Options
The PolicyPak Device Manager (PPDM) In-Cloud Editor now includes:- Block phones silently
- Allow users to move photos from iPhones and other phones to Windows
- Admin Approval policy type with an Email tab for defining email extension filters
See screenshots below:
Fixes
- Rename Policy Action Not Working in Computer Groups
Resolved an issue where renaming a policy in Computer Groups would not apply the new name as expected.
Endpoint Policy Manager for Mac Fixes & Updates
Implemented Features
- Renamed PolicyPak macOS Client
The PolicyPak macOS client has been renamed to Endpoint Policy Manager (Mac) to better align with product branding and clarity.
Fixes
- App Launches Without User Approval
Resolved an issue where certain applications could launch without explicit user approval under macOS. - No Rules for Client to Update Applications
Fixed a bug that prevented the Mac client from receiving rules to update applications. - Elevation Rules Not Working for Slack
Addressed a compatibility issue that prevented elevation rules from functioning properly with Slack and other applications. - Elevation Rules Not Working with Latest macOS Client (v25.03)
Fixed an issue where elevation rules were not functioning as expected with the updated macOS client version 25.03.
Group Policy Compliance Reporter Updates
Implemented Features
- Per-Instance SQL CE Password Configuration
A new “Database Password Settings” section has been added to the application Settings window. This allows customers to manage passwords for each SQL CE instance, enhancing security and flexibility.
What’s New
- Vulnerability Improvements
See Security Advisory here
Fixes
- Snapshot Value Entry Improved
Users can now configure snapshot retention to values lower than 10, offering more granular control for lightweight environments. - Service Name Display Correction
Fixed an issue where incorrect data was shown for the PPGPCR service.exe. - Snapshot Retention Settings
Addressed a problem where the application wouldn’t remember snapshot values below 10. - Tab Order on SQL Connection Form
Corrected the tab order on the SQL Server connection form for improved accessibility and usability. - Corrected Invalid URL Reference
Fixed a bug where the application displayed an incorrect or malformed URL.
This we say with every major Announcement
Always back up your GPOs and or Cloud XMLs:
- Restoration is VERY EASY. Re-creation of policies is NOT EASY.
- Backup your GPOs today (video).
- Backup your XML Data Files today from Endpoint Policy Manager Cloud (screenshot)
Remember that Endpoint Policy Manager acts as part of the operating system and you should do SMALL SCALE to LARGE SCALE testing with RINGS before rolling it out broadly.
Updating both the CSE and MMC snap-in up to date is recommended for all customers.
Specific upgrade guidance based upon your circumstances:
How to use the Community for Netwrix Endpoint Policy Manager…
Please use the Netwrix Community for the following items:
- Ideas to improve Endpoint Policy Manager
- General non-support / How-do-I questions
The URL for Endpoint Policy Manager Community is here: Discussions & Questions - Netwrix Community
How to get support for Netwrix Endpoint Policy Manager…
For help on specific support issues you are welcome to open support cases. Use our Support Portal (www.netwrix.com/support.html) to submit a case. Please refer to our Support Reference Guide (www.netwrix.com/download/documents/customer_support_program_guide.pdf) for details on the support process, including available contact methods, SLAs, and case severity guidelines.
Thank you for being a Netwrix Endpoint Policy Manager customer!
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Endpoint Policy Manager > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Endpoint Policy Manager > Ideas |
| If you have something cool to show… | Show everyone what you built: Endpoint Policy Manager > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!