Cyber security flagged PAM an executable as interactive

book

Article ID: 197061

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction


The file \PAM_Install_Dir\server\c2o\wrappers\c2ojagtw.exe has bee flagged as using application account in an interactive way.

Cause

This executable is using Windows functions to run a process on Windows. 
The LogonUser function is used to perform a user logon operation with the LogonType as 'LOGON32_LOGON_INTERACTIVE'. 
This logon type is intended for users who will be interactively using the machine. 

Environment

Release : 4.3

Component : Process Automation

Resolution

This behavior is by design - the given user account will be used interactively. This is the account that starts the orchestrator service.

If this behavior is not allowed for this account, the account needs to be changed to one that is allowed to do this.