PIM All: taskkill command kills process which is protected by PIM

book

Article ID: 102931

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction



Customer protect by PROCESS class for some process. But it can be killed by taskkill.

i.e:  editres PROCESS c:\Windows\system32\notepad.exe owner(nobody) defacc(n) audit(f)
 taskkill /pid [PID]

process/application can be terminated.

Environment

Release: ACP1M005900-14.0-Privileged Identity Manager
Component:

Resolution

PROCESS class is protecting from specific API in reference guide:
Reference Guide
 > selang Reference Guide
   > Classes in the AC Environment
    Process Class

But taskkill command does not use this API.
So, it cannot protected.

When you need to protect it, you register FILE or so to protect for execution program.