Cyberark Endpoint Privilege Manager (EPM)

Cyberark Endpoint Privilege Manager (EPM) helps organizations reduce the attack surface by removing local administrative privileges for business users, granularly controlling IT administrator privileges on Windows Servers based on role, and seamlessly elevating users’ privileges when necessary and authorized. Cyberark Endpoint Privilege Manager (EPM) also enables organizations to closely control and monitor all applications within the environment. Whitelisted applications may seamlessly run, malicious applications can be immediately blocked, and unknown applications can be “greylisted” and restricted, pending further analysis.


  • Reduce the attack surface by removing local administrator privileges and preventing malware from entering the organization

  • Enable organizations to remove everyday local administrator privileges from business users without impacting user productivity or driving up help desk costs

  • Enable organizations to segregate duties on Windows Servers to strengthen security and reduce the risk of intentional or accidental damage to critical systems

  • Enable users to seamlessly run whitelisted applications

  • Maintain user productivity while IT teams investigate unknown applications

  • Accelerate threat detection by integrating with automated sandboxing tool such as the Campus Palo Alto Networks solutions

  • Accelerate remediation by providing visibility into every instance of a malicious application in the organization and blocking malware from running

Installing Software on your University Computer:

There will be a defined set of software (whitelisted) that you will be able to install on your University computer at anytime. This will be common applications such as Microsoft Office, Windows Updates, Java, allowed web browsers plus more. If you want to install software you have downloaded from the internet or copied from another location to a USB drive onto your computer then unless this software is on the whitelist, you won't be able to install it without providing a business reason as to why you need it. Information Services System Administrators will receive the request and assess the software to determine its validity.

Business Reasons need to be detailed. Here are a couple of examples:

  • I need to install "My Application" in order to run statistical analysis on my data. I bought this software and have a license for it. 

  • This is the new version of "My Application" which is used to do graphical representations of data. I bought this software and have a license for it. 

Information Services System Administrators may contact you to get further clarification or Departmental approval to use the software.

Related University Controls:

User Installed Software:

Malicious Code Protection:

Rules For Responsible Computing: