Data Protection - What is "Wgncm.exe"?

Document ID : KB000016877
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

When running windows task manager on a machine hosting a CA Data protection Endpoint Client or Policy Engine component you may see one or more instances of the "wgncm.exe" process.

Question:

What is the "Wgncm.exe" process and what does this do?

Environment:
CA Data protection (DataMinder)
Answer:

The Wgncm.exe is the CA Data Protection ‘user-process’.  ‘CM’ is an abbreviation of Collection Manager, though the name is no longer relevant..

In normal operation, on a CA Data Protection endpoint client there will be a single wgncm.exe instance per logged on user.  The CA Data Protection policy engine is hosted within a Windows service, which means that there will be a separate wgncm.exe instance for the policy engine’s use.  This is the case even if the policy engine is running as the same user as the logged on user.

Wgncm.exe performs two main duties (1) storage of captured event data - "USER DATA SET" and (2) management of policy instances from the infrastructure policy interface - "POLICY STORE".   

USER DATA SET

This object manages all the storage of captured data to the local infrastructure.

POLICY STORE

The policy store component in wgncm.exe maintains a single up-to-date copy of the any policies requested by processes running in the context of the wgncm.exe user.  With client integration there will normally only be one policy (that of the logged in user).  See the section below on policy engines for more info on situations when multiple policies might exist.

 

 In addition to the duties mentioned above, this process also monitors the user’s registry hive to ensure that the user hasn’t attempted to remove DLP components. It also performs periodic cleanup of TMP files for the associated user.

 

 

Additional Information:

Orchestria, CA DLP and DataMinder are previous brand names for the product now known as CA Data Protection.