PIM All: taskkill command kills process which is protected by PIM

Document ID : KB000102931
Last Modified Date : 27/06/2018
Show Technical Document Details
Customer protect by PROCESS class for some process. But it can be killed by taskkill.

i.e:  editres PROCESS c:\Windows\system32\notepad.exe owner(nobody) defacc(n) audit(f)
 taskkill /pid [PID]

process/application can be terminated.
PROCESS class is protecting from specific API in reference guide:


But taskkill command does not use this API.
So, it cannot protected.

When you need to protect it, you register FILE or so to protect for execution program.