PIM All: taskkill command kills process which is protected by PIM

Document ID : KB000102931
Last Modified Date : 26/07/2018
Show Technical Document Details
Question:
Customer protect by PROCESS class for some process. But it can be killed by taskkill.

i.e:  editres PROCESS c:\Windows\system32\notepad.exe owner(nobody) defacc(n) audit(f)
 taskkill /pid [PID]

process/application can be terminated.
Answer:
PROCESS class is protecting from specific API in reference guide:
Reference Guide
 > selang Reference Guide
   > Classes in the AC Environment
    Process Class

But taskkill command does not use this API.
So, it cannot protected.

When you need to protect it, you register FILE or so to protect for execution program.