Bypass Trusted Process Authorization
allows you to define programs as trusted. stores the trusted programs and their children programs in a table. All events (inbound and outbound) related to trusted processes (and their corresponding ports) are permitted without authorization as part of a full network bypass.
capamsc141
Privileged Access Manager
allows you to define programs as trusted. Privileged Access Manager
stores the trusted programs and their children programs in a table. All events (inbound and
outbound) related to trusted processes (and their corresponding ports) are permitted without authorization as part of a full network bypass.To specify these programs, use the SPECIALPGM class:
- To bypass file and network events for the specified program, use the property PGMTYPE with values pbf and pbn.
- To bypass setuid and setgid events for a specified program, use the property PGMTYPE with the value surrogate.
- To bypass allPrivileged Access Managerauthorization checks for a specified program, use the property PGMTYPE with the value fullbypass.Privileged Access Managerignores a process that has the PGMTYPE(fullbypass) property, and no record of any process events appears inPrivileged Access Manageraudit, trace, or debug logs.
- To propagate bypasses to all programs that are called from the specified program, use the property PGMTYPE with the value propagate.
Security privilege propagation works with PBF, PBN, DCM, FULLBYPASS, and SURROGATE privileges only.