Enable or Disable Traps File Protection Settings on the Endpoint
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Enable or Disable Traps File Protection Settings on the Endpoint
To prevent attackers from tampering with the Traps
files, use the cytool protect enable file command
to restrict access to the system files stored in %Program
Files%\Palo Alto Networks\Traps and %ProgramData%\Cyvera (or C:\
Documents and Settings\All Users\Application Data\Cyvera on Windows XP).
To disable protection of Traps files, use the cytool
protect disable file command.
Making changes to
the Traps file protection settings requires you to enter the supervisor
(uninstall) password when prompted.
- Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
- To manage the protection settings of Traps files on the
endpoint, use the following command:
C:\Program Files\Palo Alto Networks\Traps> cytool protect [enable|disable] fileThe following example displays output for enabling protection of files. The Mode column displays the revised protection status, either Enabled or Disabled, or Policy when using the settings in the local security policy to protect Traps files.C:\Program Files\Palo Alto Networks\Traps>cytool protect enable file Enter supervisor password: Protection Mode State Process Policy Disabled Registry Policy Disabled File Enabled Enabled Service Policy DisabledTo use the default policy rule settings to protect Traps files on the endpoint, see Use the Security Policy to Manage Service Protection.