ESM Forwarding
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
ESM Forwarding
The Endpoint Security Manager (ESM) forwards unknown
samples for in-depth analysis to the WildFire. You can integrate
your ESM environment with either the WildFire public cloud or a
local WF-500 that acts as a local sandbox. The type of samples the
ESM submits and frequency at which the ESM communicates with WildFire
is determined by the WildFire settings and rules that you configure
(see Set
Up the ESM to Communicate with WildFire and Configure
a WildFire Rule).
For samples that Traps reports, the agent first checks its local
cache of hashes to determine if it has an existing verdict for that
sample. If Traps does not have a local verdict, Traps queries the
ESM to determine if WildFire has previously analyzed the sample.
If the sample is identified as malware, it is blocked. If the sample
remains unknown after comparing it against existing WildFire signatures,
the ESM forwards the sample for WildFire analysis. For more information,
see Malware
Protection Flow.