A URM elevated application contains an unknown SID

Version 1

    Verified Product Versions

    Application Control 8.9Application Control 8.8Application Control 8.7Application Control 8.6Application Control 8.5Application Control 8.4Application Control 8.3Application Control 8.2Application Control 8.1Application Control 8.0

    Introduction

    When elevating a process using Application Manager User Rights Management (URM), you notice an unknown SID (S-1-5-21-612037418-213544074-8-1-0-0) present within the token.

    Detail

    This is a URM Tag (SID) which can be used as a visual cue (so an administrator can see AM has done something when viewing the process properties in, for example, Process Explorer) and by the agent when it comes to some process rules /apply to child type rules. If the parent has been elevated by us and the config statues ‘apply to child’, the presence of the URM SID in the parent helps the agent decide what to do.