Phase 2: Automated Analysis
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Phase 2: Automated Analysis
When a security event occurs on an endpoint, Traps freezes
the contents of the memory, and stores it in a data file known as
a memory dump. From the ESM Console you can fine-tune memory dump
settings that specify the size of the memory dump—either small,
medium, or full (the largest and most complete set of information)—and
whether Traps should automatically upload the memory dump to the
forensic folder. For more information, see Define Memory Dump Preferences.
After creating the memory dump, Traps deciphers the file and
extracts information to identify the underlying cause and to verify
the validity of the prevention. Use the results of the analysis
to diagnose and understand the event.
Depending on the type of event, Traps may also use automated
detection tools to scan for malicious behavior as described in Phase 3: Automated Detection.