Forum Discussion

S_Rowell's avatar
S_Rowell
Copper Contributor
Mar 08, 2024

Endpoint Privilege Management and Windows Terminal

Anyone had issues with using Windows Terminal or the Preview once Endpoint Privilege Management has been enabled? I've got a test rule base at the moment that just does powershell and notepad but now I'm getting blocked by EPM when I'm running Terminal. Our default rule is deny but I wasn't an admin before I enabled EPM and could run Terminal just fine then.

  • S_Rowell's avatar
    S_Rowell
    Copper Contributor
    This looks to have been conflicting settings between the powershell rule and the Windows Terminal rule (which was launching powershell as a default first window).
      • S_Rowell's avatar
        S_Rowell
        Copper Contributor
        That's what I'm looking at now. There seems to be a bunch of weird behaviour when EPM is in the mix. For a start there are multiple processes involved with Windows Terminal (WindowsTerminal.exe, OpenTerminal.exe, conhost.exe, wt.exe) so working out what each thing needs is interesting.

        I've removed the powershell rule I had and replaced it with a rule for cmd.exe (just to prove it works now). That seems to be fine, although now I'm getting random cmd processes spawned when I'm not interacting with it or anything else for that matter. I'm going to look at EDR data for my device and see if this is related or just something else I have to find time to look at.

Resources