Checking CyberArk Component Versions

Find your CPM, PSM, and Secure Tunnel version details with step-by-step guidance

---

Key Highlights

• Methods for Version Checks: Utilize Control Panel/Appwiz.cpl, Health Status pages, log file properties, and command-line queries to determine versions.
• Specific Steps for Each Component: Details on checking CPM, PSM, and Secure Tunnel versions via file properties, installed application lists, and dedicated services.
• Reference and Documentation Support: Guidance includes how to verify versions through CyberArk documentation and built-in logs.

---

Overview

The CyberArk Privileged Cloud environment includes several critical components such as the CyberArk Password Manager (CPM), Privileged Session Manager (PSM), and Secure Tunnel. Ensuring that you are running the appropriate versions of these components is essential for maintaining security, stability, and compliance with upgrade requirements or patch management. This guide provides step-by-step instructions on how to check the versions of these components using various approaches.

Detailed Steps for Checking Component Versions

1. Using the Windows Control Panel / Programs & Features

One of the simplest methods to verify the installed versions of CPM, PSM, and Secure Tunnel is to utilize the Windows Control Panel. This environment provides a list of installed programs and their version details.

Steps:

• Log in to the Server: Access the machine where CyberArk components are installed.
• Open Programs and Features: Navigate to "Control Panel" and then choose "Programs and Features" (or "Apps & Features" on more recent Windows versions).
• Locate CyberArk Components: Scroll through the list for entries such as “CyberArk Password Manager” (CPM), “CyberArk Privileged Session Manager” (PSM), and “CyberArk Secure Tunnel”.
• View Version Details: The version numbers should be visible alongside each program listing. Note that while the Control Panel shows the complete version number, it might sometimes only show the major and minor version identifiers.

2. Using the CyberArk Privileged Cloud Health Status Page

The CyberArk Privileged Cloud interface contains a Health Status page which provides an overview of the system status, including component versions. While this page is convenient, it often displays only the major and minor portions of version numbers (e.g., 12.2) without the full patch details.

Steps:

• Log into the Privileged Cloud Portal: Open your web browser and log into the CyberArk Privileged Cloud portal with the necessary credentials.
• Navigate to the Health Status Page: Look for a section labeled “Health Status” or similar. Here, details for components like CPM and PSM will be listed.
• Review Version Entries: Although useful for a high-level check, verify if you need full details—if so, consider using additional methods described later.

3. Reviewing File Properties and Application Files

Many CyberArk components display their version information directly in the file properties. This method is particularly useful when specific executable files are accessible on the system.

For PSM:

• Locate CAPSM.exe: By default, the file is located in: C:\Program Files (x86)\CyberArk\PSM\CAPSM.exe.
• View File Properties: Right-click on the executable and choose “Properties”, then navigate to the “Details” tab. The version number should be displayed here.

For CPM:

• Check Installed Program Info: While specific CPM executables might not have an individual file property method as distinct as PSM, similar principles apply. Use the Windows file explorer to navigate to the CPM installation directory if applicable or check the version information from the installed programs list in the Control Panel.

4. Command-Line and PowerShell Methods

You can also retrieve version information from CyberArk installations via command-line utilities or PowerShell scripts. This approach is particularly beneficial for automating checks or integrating with monitoring systems.

Steps:

• Open Command Prompt or PowerShell: Ensure you are running it as an administrator.
• Invoke Programs List: Launch the Programs and Features dialog by running appwiz.cpl from the prompt.
• Utilize Scripting: For more advanced users, custom scripts can query Windows registry or installed program information. Although CyberArk-specific scripts may be provided by your internal team or found in official documentation, a basic query might iterate through the registry keys where installed software versions are reported.

5. Checking Secure Tunnel Version

The Secure Tunnel is a crucial component that manages session traffic securely. Verifying its version is similar to other components, though there are a few additional nuances.

Methods:

• Desktop Icon Method: If using a desktop shortcut for the Secure Tunnel installer (for example, PrivilegeCloudSecureTunnelInstaller), hover the mouse over the icon to see a tooltip displaying the version.
• Control Panel and Apps & Features: As with CPM and PSM, locate the Secure Tunnel installation entry under the Control Panel (or Apps & Features) and check the version information provided.
• Services Panel: You can also inspect the Secure Tunnel service by opening the Windows Services list. Look for a service named something similar to PrivilegeCloudSecureTunnel and check its properties or status. This service status can sometimes reflect built-in version details.

Combining Methods for Verification

In practice, it is advisable to utilize more than one method for verifying component versions in CyberArk Privileged Cloud. For instance, while the Health Status page provides a quick overview, it might not offer complete patch-level details. Therefore, complement this method by checking through the Control Panel and file properties, particularly for modules like PSM, where the file properties can reveal more specific version data such as patch updates.

Comparison Table of Methods

Method	Applicable Components	Details Provided	Advantages
Control Panel / Apps & Features	CPM, PSM, Secure Tunnel	Version numbers (often complete or summarized)	Easy access; built-in Windows feature
Health Status Page	CPM, PSM	Major & minor version levels	Quick overview within CyberArk portal
File Properties (e.g., CAPSM.exe)	PSM and related executables	Full version details including patches	More precise version detail; useful for troubleshooting
Command-Line/PowerShell	CPM, PSM, Secure Tunnel	Detailed registry queries and logs	Automation-friendly; scriptable for periodic checks
Services Panel	Secure Tunnel	Service status and some version clues	Validates running service; additional operational insight

Additional Considerations and Best Practices

Log Files and Documentation

Another practical method is checking the log files generated by these components. Most CyberArk components, such as PSM and CPM, generate logs that include startup information, which often contains version numbers. For instance, logs located in the installation directories (typically under a "Logs" folder) may provide a timestamped record of version information with details captured at startup or during updates.

Regular Maintenance and Updates

Ensuring that your CyberArk Privileged Cloud environment is running the proper version is not only about troubleshooting but also about maintaining security and compliance. Regularly verifying the component versions can help you identify if patches or upgrades are needed and provide reminders about deprecations or system updates. This approach supports the overall security posture of your privileged access management system.

Utilizing CyberArk Documentation

The official CyberArk documentation contains up-to-date guidelines on version management, upgrade procedures, and specific instructions that might differ slightly depending on the setup or version of your CyberArk Privileged Cloud environment. If in doubt, using the resources provided by CyberArk can offer step-by-step scripts, PowerShell commands, and insights into potential discrepancies between displayed version numbers (e.g., the Health Page showing only major and minor version information versus full version details available via file properties).

Integration with Monitoring Tools

For administrators managing multiple servers or seeking an automated alert system, consider integrating version checks into your overall system monitoring. Tools such as custom PowerShell scripts or configuration management platforms can routinely query the versions of installed applications, including CyberArk components. This automation helps ensure that any version discrepancies or outdated components get flagged early, thereby reducing security risks and aiding in compliance enforcement.

Troubleshooting Common Issues

Missing Detailed Version Data

If you notice that some elements, such as the Health Status page, display only partial version details:

• Double-check logs: Look into the main log files for detailed version information.
• File properties: Use file explorer to check the version information embedded in the executable files.

Discrepancies Between Sources

In instances where different methods appear to report different version numbers, note the following:

• Health Status vs. Control Panel: The Health Status page might round off to the major and minor versions only, while the Control Panel or file properties might provide the complete version details including the patch number.
• Verify Against Release Notes: Use CyberArk release notes and official documentation to confirm which version is truly running and whether an update is needed.

Custom Scripts Not Working

If you rely on custom PowerShell or other command-line scripts for version checking and they appear ineffective:

• Review Script Permissions: Ensure that scripts are executed with administrative privileges.
• Check for Environment Specifics: The exact registry keys or file paths might vary across different CyberArk deployments, so double-check them against the official guidelines.
• Consult CyberArk Resources: Frequently consult the CyberArk Community and Documentation for updates or modifications to the scripts.

Summary of Methods and Best Practices Table

Method	Description	When to Use
Control Panel / Apps & Features	Direct lookup of installed CyberArk components with version data	For a quick check and when updating component listings
Health Status Page	Online portal view of aggregated component status and versions	For overview and routine monitoring
File Properties	Review executable file details like CAPSM.exe for full patch information	For detailed troubleshooting and confirming exact patch versions
Command Line / PowerShell	Scriptable methods for querying installed versions via registry or file systems	For automation and regular audits across multiple systems
Services Panel	Inspect service status for Secure Tunnel version clues	When verifying that the Secure Tunnel service is running and updated

Additional Reference and Documentation Links

For further details, troubleshooting steps, and customized scripts, consider referring to the following resources. These provide additional insights and examples on how CyberArk manages component versions:

References

• PrivCloud Upgrade Connector - CyberArk Documentation
• Guide to Determine Versions of CPM and PSM - CyberArk Community
• Checking Versions for PSM, CPM, and PVWA - CyberArk Community
• Upgrade the Privilege Cloud Connector - CyberArk Documentation
• PrivCloud Upgrade Secure Tunnel - CyberArk Documentation

Recommended Related Queries

• How to automate CyberArk version checks
• CyberArk Health Status Page troubleshooting
• CyberArk PowerShell scripts for version audit
• Using file properties to check CyberArk versions
• CyberArk component version upgrade best practices