Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CyberArk Endpoint Privilege Manager
FIN-762
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-27 16:10
Not Verified
What It Detects
Identifies CyberArk EPM-managed endpoints where the logged-in user is the built-in Windows Administrator account. The built-in Administrator account has unrestricted local privileges, bypasses User Account Control (UAC) by default, and is a high-value target for credential theft and lateral movement. Endpoints running under this account represent the highest privilege risk in the environment.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
equals
CyberArk
Source User Name
equals
Administrator
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum