Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Verdicts
WildFire delivers verdicts to identify samples it analyzes
as safe, malicious, or unwanted (grayware is considered obtrusive
but not malicious):
- Unknown—Initial verdict for a sample for which WildFire has received but has not analyzed.
- Benign—The sample is safe and does not exhibit malicious behavior.
- Malware—The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros. For files identified as malware, WildFire generates and distributes a signature to prevent against future exposure to the threat.
- Grayware—The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs).
- No Connection—Verdict assigned to a sample when WildFire cannot be reached.
When WildFire is not available or integration is disabled, Traps
can also assign a local verdict for the sample using additional
methods of evaluation: When Traps performs Local
analysis on a file, it uses machine learning to determine
the verdict. Traps can also compare the signer of a file with a
local list of Trusted
signers to determine whether a file is malicious:
- Local analysis verdicts:
- Benign—Local analysis determined the sample is safe and does not exhibit malicious behavior.
- Malware—The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros.
- Trusted signer verdicts:
- Trusted—The sample is signed by a trusted signer.
- Not Trusted—The sample is not signed by a trusted signer.