Forum Discussion
S_Rowell
Mar 08, 2024Copper Contributor
Endpoint Privilege Management and Windows Terminal
Anyone had issues with using Windows Terminal or the Preview once Endpoint Privilege Management has been enabled? I've got a test rule base at the moment that just does powershell and notepad but now I'm getting blocked by EPM when I'm running Terminal. Our default rule is deny but I wasn't an admin before I enabled EPM and could run Terminal just fine then.
- S_RowellCopper ContributorThis looks to have been conflicting settings between the powershell rule and the Windows Terminal rule (which was launching powershell as a default first window).
- JeroenBurgerhoutIron Contributor
S_Rowell And what if you add the terminal to EPM?
- S_RowellCopper ContributorThat's what I'm looking at now. There seems to be a bunch of weird behaviour when EPM is in the mix. For a start there are multiple processes involved with Windows Terminal (WindowsTerminal.exe, OpenTerminal.exe, conhost.exe, wt.exe) so working out what each thing needs is interesting.
I've removed the powershell rule I had and replaced it with a rule for cmd.exe (just to prove it works now). That seems to be fine, although now I'm getting random cmd processes spawned when I'm not interacting with it or anything else for that matter. I'm going to look at EDR data for my device and see if this is related or just something else I have to find time to look at.