Skip to main content

Psminitsessionexe ((top)) <480p>

If this process is crashing or consuming high CPU, it usually indicates a corruption in the VPN client installation. Standard fixes include:

When an authorized user requests a privileged session via the CyberArk web portal, the platform generates a dynamic initialization payload. The sequence below demonstrates how psminitsession.exe bridges the user environment and the target network:

title: PsMinISessionExe Unusual Path status: experimental logsource: product: windows category: process_creation detection: selection: Image|endswith: '\psminitsessionexe' filter: Image|contains: '\Program Files\Palo Alto Networks\' condition: selection and not filter

is a legitimate executable file associated with PowerBroker for Windows (now part of the BeyondTrust privileged access management suite) [1].

In Active Directory (AD), an administrator must ensure the PSMConnect and PSMAdminConnect domain users are part of the Remote Desktop Users group and are configured to start the executable. This configuration is set in the user account's , where the full path is specified. This ensures the session environment is correctly initialized every time an administrator uses the PSM to access a target. psminitsessionexe

: It takes connection information from the Password Vault Web Access (PVWA) and initiates the secondary connection to the target system.

: Typically found at C:\Program Files (x86)\CyberArk\PSM\Components\PSMInitSession.exe .

The PSMInitSession.exe binary resides locally on the PSM server host. During standard deployments, it can be found in the following directory paths:

If you encounter errors like "The initial program cannot be started" or "PSMSC036E No Process was found for image" , check the following: If this process is crashing or consuming high

It serves as the initial startup program defined within the user profile configuration of the PSMConnect account.

This is arguably the most common error faced by PSM administrators. It indicates the system is looking for the executable but cannot find it or launch it.

Psminitsessionexe plays a crucial role in the Windows printing ecosystem. Its significance can be attributed to several factors:

Windows Group Policy can sometimes override CyberArk’s logic, forcing a full desktop to load instead of the PSMInitSession wrapper. In Active Directory (AD), an administrator must ensure

: It ensures that the user session is restricted to the specific administrative tool or application requested, rather than providing a full desktop environment. Common Issues & Troubleshooting If you encounter errors like "This initial program cannot be started"

If in doubt, upload the file to . A detection rate of >5 engines suggests malware.

A: Not if you are using CyberArk PSM. Deleting it will completely break your privileged access management infrastructure, preventing any users from connecting to secured targets.

Temporarily set AppLocker to "Audit Only" to see if the session connects. If it does, you need to re-run the PSMConfigureAppLocker.ps1 script or check if your PSMConnect domain users are correctly defined in the script's configuration. PSMSC036E No Process was found for image - CyberArk

: The name "psminitsessionexe" could suggest a relation to a specific software application or system process. Breaking down the name: