PIM All: taskkill command kills process which is protected by PIM

Document ID : KB000102931
Last Modified Date : 27/06/2018
Show Technical Document Details
Question:
Customer protect by PROCESS class for some process. But it can be killed by taskkill.

i.e:  editres PROCESS c:\Windows\system32\notepad.exe owner(nobody) defacc(n) audit(f)
 taskkill /pid [PID]

process/application can be terminated.
Answer:
PROCESS class is protecting from specific API in reference guide:

https://docops.ca.com/ca-privileged-identity-management/12-8-01/en/reference/selang-reference-guide/classes-in-the-ac-environment/process-class/

But taskkill command does not use this API.
So, it cannot protected.

When you need to protect it, you register FILE or so to protect for execution program.