Watchdog Service
Valid on Windows
capamsc141
Valid on Windows
The watchdog monitors the file information and digital signatures of programs that are defined in the database as trusted programs. Monitoring is performed in the background with a minimal load on the system. The
Privileged Access Manager
agent service automatically starts the watchdog service.The watchdog service performs the following functions:
- It monitors the programs that you defined in the PROGRAM class of the database. If the watchdog detects that a program was modified, it notifies thePrivileged Access ManagerEngine, which marks the program as untrusted. The engine service does not allow an untrusted program to run. The engine service also marks the status change of the program to untrusted in the database and creates an audit record.
- It monitors files that are defined as secured files. These files are defined in the SECFILE class in the database.
- It monitors thePrivileged Access Managerengine service to ensure it is running. If the watchdog detects a problem with the service, it automatically restarts it.
- The service uses the system log to notify the security administrators when it detects that the engine service has stopped responding. All system log messages are submitted as AUTH facility.
- It reports several events toPrivileged Access Manager, and creates audit records for programs and secured files that were found to be altered.
- It allows you to specify interval and fixed scanning schedules for trusted programs and secure files.
You can run
Privileged Access Manager
watchdog service from a command-prompt window. This command has the following format:seoswd [start|remove|debug]
- StartSpecifies to start thePrivileged Access Managerwatchdog service
- RemoveSpecifies to remove thePrivileged Access Managerwatchdog service from the operating system
- DebugSpecifies to run thePrivileged Access Managerwatchdog service as a console for debugging purposes