Although CAPAM is a blackbox( closed system) is there any anti-malware that would be running in the background?

Release : 4.1

Attached is document Security Assurance practices for Symantec Privileged Access Manager.

Of specific interest here is the following section that clarifies that no software other than PAM is permitted to run on the appliance. This includes anti-malware/anti-virus software.

Symantec Privileged Access Manager is provided as a secure locked-down appliance consisting of a
web application and Oracle MySQL™ Enterprise Edition database. No other software is permitted to
run on the appliance. An integrity utility check is present to verify that no unauthorized changes have
been made to the approved OS modules of the appliance. Access to the appliance file system requires
customer and Broadcom-Support collaboration in a 2-party coordination