> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/keeperpam/endpoint-privilege-manager.md). # Endpoint Privilege Manager - [Overview](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/overview.md): Keeper EPM is a Privileged Elevation and Delegation Management (PEDM) solution - [Getting Started](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup.md): Installation and setup of Privileged Elevation and Delegation Management (PEDM) - [Create Approvers, Collections, & Policies](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/create-approvers-collections-and-policies.md): This section covers how to set up approvers, collections, and policies so you can control who can approve requests and how policies apply to users, machines, and applications. - [Deployment Packages, the Agent, & Requests](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/deployment-packages-the-agent-and-requests.md) - [Reference Targeting](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/reference-targeting.md) - [Policies](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/policies.md) - [Jobs & Applications](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/jobs-and-applications.md) - [Plugins & Settings](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/plugins-and-settings.md) - [Security](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/setup/security.md) - [Deployment](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/deployment.md): Deploying the Keeper Agent to your endpoints - [Deploy with Windows](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/deployment/deploy-with-windows.md): Deploying Keeper EPM on Windows - [Deploy with macOS](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/deployment/deploy-with-macos.md): Deploying Keeper EPM on macOS - [Deploy with Linux](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/deployment/deploy-with-linux.md): Deploying Keeper EPM on Linux - [Collections](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/collections.md): Managing groups of protected resources for Endpoint Privilege Manager - [Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies.md): Applying least privilege policies to your users and machines - [Policy: Controls](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-controls.md) - [Policy: Status](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-status.md) - [Policy: Path Variables & Protected Paths](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/path-variables.md) - [Policy: Wildcards](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/wildcards.md) - [Policy: Types](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types.md): Overview of Keeper EPM policy types, supported controls, and when to use each - [Agentic AI Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/agentic-ai-policy.md): Control which users and endpoints can run AI agents - [Agentic Access Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/agentic-access-policy.md): Control what AI agents can execute on a user's behalf with policy-based approvals and enforcement - [Agentic Privilege Elevation Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/agentic-privilege-elevation-policy.md): Govern elevation requests made by AI agents with approvals, MFA, and justification controls - [Command Line Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/command-line-policy-type.md): Manage the use of sudo across your macOS and Linux endpoints - [File Access Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/file-access-policy-type.md): Control access to specific files and executables, implementing fine-grained access control for sensitive data, configuration files and system files - [Least Privilege Policy](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/least-privilege-policy-type.md): Remove local admin from standard users on the target endpoint - [Privilege Elevation](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/privilege-elevation-policy-type.md): Control over the ability of a user to elevate to an administrative role - [Advanced Policy Types](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types.md): Use Advanced Mode JSON to configure non-standard Keeper EPM policy types - [Custom](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/custom-policy-type.md): Create custom Keeper EPM policies for specialized workflows and integrations - [Emergency Access](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/emergency-access.md): Coming soon — emergency access policy guidance for Keeper EPM - [File Access Redirect](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/file-access-redirect.md): Coming soon — file access redirect policy guidance for Keeper EPM - [HTTP Access](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/http-access-policy-type.md): Control outbound HTTP and HTTPS access with URL-based Keeper EPM policies - [EPM Agent Updates](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/epm-agent-updates.md): Coming soon — manage Keeper EPM agent updates with policy-based controls - [Keeper Updates](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/keeper-updates.md): Manage how Keeper EPM updates are staged, approved, deferred, and rolled out across endpoints - [Update Jobs](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-jobs-policy-type.md): Deploy, update, or remove endpoint job definitions using Advanced Mode policies - [Update Settings](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-settings-policy-type.md): Push plugin and agent configuration to endpoints using Advanced Mode policies - [Policy: Phased Rollout Planning](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-phased-rollout-planning.md) - [Policy: Examples](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples.md): Step-by-step KEPM policy examples for common operational and security scenarios - [Allowing Silent Elevation for .msi Automated Installer Processes](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/allowing-silent-elevation-for-.msi-automated-installer-processes.md): Example policy for .msi automated installer processes - [Anti-Ransomware Policies](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/anti-ransomware-policies.md): Layered Keeper EPM policies that disrupt the Windows ransomware kill chain - [Gate 1: Execution](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/anti-ransomware-policies/gate-1-execution.md): Anti-Ransomware LOTL Justification Policy (Windows) - [Gate 2: Escalation](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/anti-ransomware-policies/gate-2-escalation.md): Escalation — Least Privilege (Windows) - [Gate 3: Recovery-Destruction](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/anti-ransomware-policies/gate-3-recovery-destruction.md): Anti-Ransomware Command Line DENY Policy - [Gate 4: Data Protection](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/anti-ransomware-policies/gate-4-data-protection.md): Data Protection — Protected Directories (Windows) - [Enable and Start the Watchdog Service](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/enable-and-start-the-watchdog-service.md): Example policy for configuring the watchdog service - [Global Allow File Access with Require Approval](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/policy-global-allow-file-access-require-approval.md): Example policy for global file access allow - [Global Deny File Access](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/policy-global-deny-file-access.md): Example policy for global file access deny - [Global Privilege Elevation Justification Policy for Specific Application(s)](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/policy-global-privilege-elevation-justification-policy-for-specific-application-s.md): Example policy for global privilege elevation on application collections - [Living off the Land File Access Justification](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/policy-living-off-the-land-file-access-justification.md): Example policy for "Living Off the Land" (LOTL) scenarios - [Advanced Examples](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/advanced-examples.md): Advanced examples of policy controls including jobs and settings - [Create, Modify, or Delete Job](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/advanced-examples/policy-create-modify-or-delete-job.md): Advanced configuration of KEPM Jobs - [Policy-Based Agent Settings Control](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/advanced-examples/policy-create-a-policy-to-set-settings.md): Advanced configuration of KEPM Agent Settings - [Using PowerShell Jobs as Custom Policy Filters](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/advanced-examples/policy-create-a-policy-with-job-running-powershell.md): Advanced configuration of KEPM to run custom PowerShell during policy evaluation - [Policy-Based File Execution Redirection](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/advanced-examples/policy-create-a-file-redirect.md): Advanced configuration of KEPM elevations using a File Redirect - [Variables & Wildcards](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-examples/advanced-examples/variables-and-wildcards.md): Advanced configuration variables and wildcards for use in KEPM policies - [Managing Requests](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/managing-requests.md): Day to day management of Keeper Privilege Manager elevation requests - [Integrations](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations.md) - [Overview](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/overview.md) - [AI Trainer](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/ai-trainer.md) - [Custom Job Guide](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/custom-job-guide.md) - [Custom Plugin Guide](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/custom-plugin-guide.md) - [HTTP Reference Guide](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/http-reference-guide.md) - [Examples](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples.md) - [Job: Minimal Linux](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/job-minimal-linux.md) - [Job: Minimal macOS](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/job-minimal-macos.md) - [Job: Minimal Windows](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/job-minimal-windows.md) - [Job: Schedule & Startup](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/job-schedule-and-startup.md) - [Job: Schedule Only](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/job-schedule-only.md) - [Job: with Event Topic](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/job-with-event-topic.md) - [Plugin: Minimal Linux](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/plugin-minimal-linux.md) - [Plugin: Minimal macOS](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/plugin-minimal-macos.md) - [Plugin: Minimal Windows](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/plugin-minimal-windows.md) - [Plugin: Command Response MQTT](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/plugin-command-response-mqtt.md) - [Plugin: Manual Start](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/plugin-manual-start.md) - [Plugin: Install Launcher](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/plugin-install-launcher.md) - [Plugin: Redirect Evaluator](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/integrations/examples/redirectevaluator-plugin-configuration.md) - [User Guides](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides.md) - [Airgapped Support](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/airgapped-support.md) - [Backup & Restore](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/backup-and-restore.md) - [Configuring the Approval Duration](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/configuring-the-approval-duration.md) - [Crowdstrike Running Job](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/crowdstrike-running-job-guide.md): Ensure CrowdStrike Falcon Is Running — Job Deployed via Policy - [Enable File Inventory](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/enable-file-inventory.md) - [macOS: Keeper Trash](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/macos-keeper-trash.md) - [Reading Logs](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/reading-logs.md) - [Risk Assessment Administration](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/risk-assessment-administration.md) - [Security Hardening](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/security-hardening.md) - [Troubleshooting](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/troubleshooting.md) - [Windows Defender Running Job](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/user-guides/windows-defender-running-job-guide.md): Ensure Windows Defender Is Running — Job Deployed via Policy - [Reference](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference.md) - [Architecture](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/architecture.md): Endpoint Privilege Manager Architecture Best Practices - [Default Jobs](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/default-jobs.md): Default Jobs Deployed with Keeper Privilege Manager - [Job: Definition & Format](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/jobs-definition-and-format.md) - [Job: Run Guide KeeperAdminCLI](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/jobs-run-guide-keeperadmincli.md) - [Job & Plugin: MQTT Topic Permissions](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/job-and-plugin-mqtt-topic-permissions.md) - [Job & Plugin: Registration](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/plugin-and-job-registration.md) - [Job & Plugin: Settings Keys](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/job-and-plugin-settings-keys.md) - [Local Endpoints](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/local-endpoints.md) - [Localization Service](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/localization-service.md) - [macOS Protected Path Design Intent](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/macos-protected-path-design-intent.md) - [macOS: System Extension Configuration](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/macos-system-extension-configuration.md) - [macOS Two-Layer Bypass Architecture](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/macos-two-layer-bypass-architecture.md) - [Plugin & Task: Settings](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/plugin-and-task-settings.md) - [Policy: Certificate Filter (CertificationCheck)](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/policy-certificate-filter-certificationcheck.md) - [Policy JSON & Extension](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/policy-json-and-extension.md) - [Redirect Capability](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/redirect-capability.md) - [Signed Certificate Support](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/signed-certificate-support.md) - [Technical Architecture](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/technical-architecture.md) - [Timers & Intervals](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/reference/timers-and-intervals.md) - [FAQs](https://docs.keeper.io/keeperpam/endpoint-privilege-manager/faqs.md): Frequently Asked Questions regarding Keeper Endpoint Privilege Manager --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/endpoint-privilege-manager.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.