Traps™ Agent Administrator's Guide
    : Traps VDI Tool CLI
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps™ Agent Administrator's Guide
    4. Traps Agent 4.2 for Windows
    5. Set Up a Non-Persistent VDI
    6. Traps VDI Tool CLI

    Traps™ Agent Administrator's Guide

    Traps VDI Tool CLI

    Table of Contents

    Traps VDI Tool CLI

    The Traps VDI Tool requests verdicts for all the PE files detected on the golden image and outputs the verdicts to a WildFire cache file. You can use the command-line interface (CLI) version of the Traps VDI Tool to automate the creation of this file.
    Consider the following usage guidelines for the Traps VDI Tool CLI:
    • If you run the Traps VDI Tool with at least one command line argument, it will run in unattended mode (no user interface). If you issue the TrapsVdiTool command without any arguments, the user interface opens.
    • By default, arguments with flag values—yes or no—default to yes. Therefore, to use the default value, you can specify the argument without the value (e.g. use -ssl instead of -ssl:y).
    • If a path value contains one or more spaces, surround the entire path argument with double quotes, for example: "-i:c:\temp\sig file.csv"
    • You cannot use the Traps VDI Tool to check hashes and mark the computer as a VDI—using the -m argument—at the same time. Therefore, you must execute these actions separately.
    • To write output to a log file, use the > redirect to send output to a filename of your choice, for example: TrapsVdiTool -m > TrapsVDI.log
    1. Download the Traps VDI Tool package from the Support \Portal.
    2. Copy and then unzip the package on the golden image.
    3. Open a command prompt as an administrator:
      • Select StartAll ProgramsAccessories. Right-click Command prompt, and then select Run as administrator.
      • Select Start. In the Start Search box, type cmd. Then, to open the command prompt as an administrator, press CTRL+SHIFT+ENTER.
    4. Navigate to the folder that contains the Traps VDI Tool CLI:
      C:\Users\Administrator>cd C:\TrapsVDItool
    5. View usage and options for the DB Configuration Tool:
      c:\TrapsVDItool> TrapsVdiTool -help
    TrapsVdiTool -i:path [-o:path] [-e:address] [-p:port] [-ssl] [-b:size] [-to:
hours] [-v] [-c:minutes] [-r] [-m] [-silent] [-s:password]
    TrapsVdiTool -m:password

    -help               Displays the help screen.
    -silent             Perform tasks in silent mode (no log displays).
    -i:path             Input file (must be CSV). Specifies the path of the file
 produced by the sigcheck tool. No default. Surround the entire path argument with double quotes to specify a path that contains spaces, for example:
 "-i:c:\temp\sig file.csv".
    -e:address          Specifies the ESM server address (FQDN or IP). Default: ESMSERVER
    -p:port             Specifies the ESM server port. Default: 2125
    -ssl[:flag]         ESM server SSL binding. Indicates use of secured server connection. 'y' for using SSL, 'n' otherwise. Default: n
    -b:size             Hash bulk size. Specifies the bulk size for hash transfers. Default: 300
    -to:hours           Tool timeout in hours. Limits execution time to specified number of hours. Default: 24
    -v[:flag]           Wait for WildFire verdicts. Indicates if should wait for
 WildFire verdicts. 'y' for waiting, 'n' - otherwise. Default: n
    -c:minutes          Specifies WildFire verdicts check interval in minutes. Default: 10
    -r[:flag]           Instructs the tool to continue from where it left off previously. Default: n
    -w[:flag]           Write malware verdicts to cache. Default: n
    -g[:flag]           Write grayware verdicts to cache. Default: y
    -s:password         The agent's uninstall password. Required to read
 data from protected locations when Service Protection is enabled.
    -m:     Instructs the Traps VDI Tool to identify this computer as VDI using
the uninstall password and skips performing hash checks. No default. Do not use
this option if you want the Traps VDI Tool to perform hash checks.

CLI execution examples.

    TrapsVdiTool -i:c:\temp\sig.csv -e:192.168.70.100 -ssl -to:1
      Submits the list of executable files in the 'c:\temp\sig.csv' input file t
o the ESM Server with the IP address 192.168.70.100
      over a secured connection and limits the execution time to 1 hour.
      All the other arguments will be set to their default values.

    TrapsVdiTool "-i:c:\temp\sig file.csv" -v -w
      Submits the list of executable files in the 'c:\temp\sig file.csv' input f
ile to the default ESMServer and waits for all
      WildFire verdicts before writing them to cache.

    TrapsVdiTool -s:password -m
      Identify the computer as VDI without performing hash checks.
    6. Specify arguments to create the WildFire cache file or to mark the golden image as a VDI instance. For example:
      • TrapsVdiTool -i:c:\temp\sig.csv -e:192.168.70.100 -ssl -to:1
        The Traps VDI Tool requests verdicts for the hashes in the c:\temp\sig.csv input file, from the ESM Server with the IP address 192.168.70.100, over a secure connection, and limits the execution time to 1 hour.
        All the other arguments are set to their default values.
      • TrapsVdiTool "-i:c:\temp\sig file.csv" -v -w
        The Traps VDI Tool requests verdicts for the hashes in the c:\temp\sig file.csv input file from the default ESM Server, and creates the cache file only after it has received verdicts for all hashes. Note the file path is enclosed in quotes because the filename contains a space.
      • TrapsVdiTool -m:password
        The Traps VDI Tool identifies the golden image as a VDI instance without performing hash checks.

    © 2025 Palo Alto Networks, Inc. All rights reserved.