PsmInitSession.exe – legitimate Windows process
When a user initiates an administrative connection via the CyberArk Password Vault Web Access (PVWA), PSMInitSession.exe intercepts the Remote Desktop Protocol (RDP) login shell. It prepares the sandboxed environment, registers tracking tokens, and hands control over to the correct target connection dispatcher.
Last updated: October 2025. Information based on CyberArk versions 11.x to 14.x and Windows 10/11. psminitsessionexe
: If psminitsession.exe is causing high CPU usage, consider:
: Ensure the path in the user's Environment settings matches the actual installation directory (e.g., if installed on the D: drive). PsmInitSession
Before handing off control to target components (like a web browser, SQL management tool, or Remote Desktop client), it triggers screen recording, keystroke logging, and session monitoring subsystems.
: Usually means the process timed out before it could start. Information based on CyberArk versions 11
If you find psminitsession.exe in C:\Windows , C:\Windows\System32 , or C:\Users\Username\AppData\Local\Temp , it could be a malicious file masquerading as a legitimate one. How to Verify: Open Task Manager ( Go to the Details tab. Locate psminitsession.exe . Right-click it and select Open file location .
You might see in event logs: