PIM/PAMSC All:PROGRAM class does not work on Windows 2016
Article ID: 129665
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
User tried to test for PROGRAM class rule. But it does not work on it. And also, audit log is not recorded access event. Rules: setoptions class+(PROGRAM) er PROGRAM ('C:\Windows\System32\notepad.exe') owner(nobody) defacc(none) blockrun- audit(a) authorize PROGRAM ('C:\Windows\System32\notepad.exe') access(EXECUTE) uid('hostname\\Administrator') The rule is affected on another server which is running on 2012 R2.
I compared setting on normal and problematic server. Then I found FILE class is disabled at the problematic server. When I check behavior with tracer's log, PROGRAM class check is triggered by FILE access. It is not caused by difference between OS and PIM/PAMSC version.
OS: Windows Server 2016 Prod: CA Privileged Access Manager r14.0 CR1 for Endpoint