we are using CA CM 12.8 on a few hundret Windows Servers (beside others).
CA CM prevents the killing of 2 processes (lsass and some CM process)
here an sample log entry from seaudit:
29 Feb 2016 00:00:00 N PROCESS NT AUTHORITY\SYSTEM Kill 601 10 c:\windows\system32\lsass.exe C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe (OS user)
This occurs about every 10 minutes, sometimes more often and of course spams our logs and log collectors.
The vendor of BESClient checked their logs and says that those kills are not initiated by their product.
I could proove that the killing stoped when stopping the BESClient, but would like to give them a hint from where the killing really started (could be some subprocess!?).
Is there something I could do (trace?) to find out the real process initiating the kill and the chain back to the BESClient?
Any help is welcome!