search cancel

Can we protect millions of files with CA PIM on Windows ?


Article ID: 17046


Updated On:


CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)


How many files can PIM on Windows protect?


Component: SEOSNT


By default, in PIM on Windows you can create 4096 discrete rules and 512 generic rules for class FILE.

It is possible to increase these limits by changing the following registry settings:

Note that all FILE rules are cached in seosd memory, so basically it depends on the overall system load, system resources and memory throughput performance to determine if PIM is capable of handling the load.

In our labs we have not performed recent stress tests on Windows endpoints regarding number of FILE rules (discrete and generic) but from field experience we know of other customer running similar configurations as you have described without problems.

In theory there is no practical limit to the above values.
However if they are to be increased please bear in mind to change the number of monitoring memory and opened handles in seosd:

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\SeOSWD\ProcHandlesCritical (number of opened handles in monitoring process) HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\SeOSWD\ProcVSizeCritical (memory virtual size of monitoring process).

There is no formula to calculate these values. As mentioned, it depends on the overall system hardware/software and how the system is loaded if and how far these need to be increased.

To get run-time statistics and see the memory utilisation of PIM you can use the "secons -i" command.
If needed it is suggested to iteratively increase the parameters.