The Solution

CyberArk Endpoint Privilege Manager helps remove the barriers to enforcing least privilege and allows organizations to block and contain attacks at the endpoint, reducing the risk of information being stolen or encrypted and held for ransom. A combination of privilege management, targeted Privilege Threat protection and application control stops and contains damaging attacks at the endpoint of entry. Unknown applications run in a restricted mode to contain threats and Privilege Threat protection blocks credential theft attempts. These critical protection technologies are deployed as a single agent to strengthen and harden all desktops, laptops and servers.

CyberArk Endpoint Privilege Manager also enables security teams to enforce granular least privilege policies for IT administrators, helping organizations effectively segregate duties on Windows servers. Complementing these privilege controls, the solution also delivers application controls designed to manage and control which applications are permitted to run on endpoints and servers


The objective of this engagement is for the Supplier is to upgrade a existing CyberArk EPM setup for the Customer organization from V11.0 to V11.5.


1. Prerequisite

  1. FQDN of existing EPM server.
  2. Reporting server user id and password.
  3. Database user id and password.
  4. Make sure that database is running on MSsql 2016 standard.

2. Existing setup verification.

Verify the existing EMP setup and make sure that its in running and healthy state.
Open IIS server and see the application status.

Open EPM web console and login and make sure that you are able to login.

3. Existing backup verification

Verify the existing backup and make sure that its in running condition. If backup is not setup then configure it.

4. Database verification

Verify the reporting server by opening reporting server configuration manager.

Click on service account and verify the account.

Open SSMS and login on Data Base and verify the EPM data base.

EPM application up-gradation

Download EPM Rls from and keep it on EPM server.

Open service manager and stop all CyberArk EPM services.

Go to Add remove program and select CyberArk endpoint Privilege manager.

Click on Uninstall the select Yes on confirmation window.

It will start uninstallation of EPM follow the uninstallation window instruction.

Click on OK when it will ask for reboot. After uninstallation reboot the server.

Login on the EPM server and go to EPM Server-Rls11.5 folder.

Open SSMS and login on database.

Right click on upgrade assessment sql script and open it in SSMS.

Click on Excute and run the script.

Now select Pre upgrade maintenance script and run it.

Start installation by running VFManagerSetup.exe file as a administrator.

Click Next on welcome window.

Check I accept on license agreement window and click on next.

Choose destination folder and click on Next.

Give the FQDN of EMP server select use SSL and Active Directory as a authentication method and click Next.

Choose the certificate and click Next.

Select Data base and authentication method and click on Next.

Provide reporting server details and click on Next.

Provide email ID.

Provide data file location and select Next.

Follow the installation wizard.

Click on Finish and reboot the server.

After upgradation open web console and login.

Deploy newer version of agent on test machines and test it. Monitor the upgraded environment for few days and plan for production agent upgradation.
Make sure that you do not uninstall older version of agents and install newer version, It will create duplicate entry on end point.

By taichi

Leave a Reply