Forensic Folder
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Forensic Folder
When Traps encounters a security-related event, such
as a file execution or an exploit attack, it logs real-time forensic
details about the event on the endpoint. The forensic data includes
the memory dump and other information associated with the event.
You can retrieve the forensic data by creating an action rule to
collect the data from the endpoint. After the endpoint receives
the security policy that includes the action rule, the Traps agent
sends all the forensic information to the forensic folder, which
is sometimes referred to as the quarantine folder.
During the initial installation, you specify the path of the
forensic folder that the Endpoint Security Manager uses to store
forensic information it retrieves from endpoints. The Endpoint Security
Manager supports multiple forensic folders and enables the Background
Intelligent Transfer Service (BITS) on the folder during installation.
If the forensic folder specified during installation cannot be reached, Traps
defaults to the forensic folder specified in the ESM Console. You
can change the default folder at any time using the ESM Console.
For more information, see Forensics Flow.