PIM All: taskkill command kills process which is protected by PIM
Article ID: 102931
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
CA Privileged Access Manager (PAM)
Issue/Introduction
Customer protect by PROCESS class for some process. But it can be killed by taskkill.
i.e: editres PROCESS c:\Windows\system32\notepad.exe owner(nobody) defacc(n) audit(f)
taskkill /pid [PID]
process/application can be terminated.
Environment
Release: ACP1M005900-14.0-Privileged Identity Manager
Component:
Component:
Resolution
PROCESS class is protecting from specific API in reference guide:
Reference Guide
> selang Reference Guide
> Classes in the AC Environment
Process Class
But taskkill command does not use this API.
So, it cannot protected.
When you need to protect it, you register FILE or so to protect for execution program.
Reference Guide
> selang Reference Guide
> Classes in the AC Environment
Process Class
But taskkill command does not use this API.
So, it cannot protected.
When you need to protect it, you register FILE or so to protect for execution program.
Feedback
Yes
No
Powered by
