Running a manual network port scan from the Tools page in CA PAM on some individual servers and then running the same batch through the bulk scan option (loading a csv file) in the same page there are differing results for some servers with respect to open or filtered ports: the results of the bulk scan will show them as filtered, whereas a manual scan of the same servers will yield those ports as open. The bulk scan arguments are the default ones as specified in the sample file that can be downloaded in the page, that is, a bulk scan is performing the following operation against each of the IP addresses specified in the csv file:
nmap -n -T4 -sT -PN --max-scan-delay 0ms --min-rate 1000000 --max-retries 0 -p <port> <ip_address>
By default a manual scan just does
nmap -p <port> <ip_address>
CA Privileged Access Management versions 3.4.X
This is due to the -sT option specified in the bulkscan, which corresponds to a TCP connect scan, the default option when a SYN scan is not possible. In principle specifying it or not should not have any adverse effect on functionality.
In the bulk scan parameters to load in the csv file, do not specify this option, that is, use -n -T4 -PN --max-scan-delay 0ms --min-rate 1000000 --max-retries 0
https://explainshell.com/explain?cmd=nmap+-sT+-PN+-n for an explanation of the nmap functionalities and this specific option