PAM Server was upgraded to PAM to 4.2.3.

When user login to PAM Client, only white screen was displayed.

Symantec Endpoint Protection was blocking chromium.exe which is component responsible for displaying the screen.

PAM Server version changes will cause PAM Client to download matching version of components from PAM server which can trigger security softwares (not limited to SEP) to detect the change and block.

This may happen on every PAM Server updates.

Due to the dynamic nature of PAM Clients placing temporary files and deleting them after use, listing static files to whitelist is not possible.

Multiple instances of PAM Client will run and the filenames will change (such as chromium-1.exe, chromium-2.exe and etc).

As suggested in KB387438 the solution is to exclude "<PAM Client Directory>\temp" folder.