PAM server was upgraded to PAM version 4.2.3. When the user attempted to log in via the PAM Client, a white screen was displayed instead of the initial PAM UI (User Interface) screen.

Symantec Endpoint Protection (SEP) was blocking the chromium.exe which is a component that is responsible for rendering the PAM UI (User Interface) screens.

On a change of  the PAM Server version, the PAM Client downloads the required binaries from the PAM server.  Such a download of binaries can trigger a security software (not limited to SEP) to detect and block the change. Note that such a block may occur on every PAM Server update.

Note that PAM Clients often place temporary files in temporary folders and then deletes them after use, hence maintaining/publishing a comprehensive list of static files that can be whitelisted is not possible.

As suggested in KB387438 the resolution is to exclude the "<PAM Client Directory>\temp" folder that is required ONLY for temporary processing.