View Processes Currently Protected by Traps Using Cytool
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
View Processes Currently Protected by Traps Using Cytool
To view processes that Traps is currently
injected into, run the enum command using
Cytool or view the Protection tab on the Traps Console (see View
Processes Currently Protected by Traps). On Windows endpoints,
the Traps Console and Cytool display only the processes run by the
current user. To view processes run by all users and processes initiated
by the operating system, specify the /a option.
This option is not required on Mac endpoints.
Viewing protected
processes run by all users requires you to enter the supervisor
(uninstall) password.
- Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
- View processes initiated by the current user by entering
the cytool enum command. To view processes
for all users including those initiated by the operating system,
specify the /a option, and enter the supervisor
password when prompted.Windows:
c:\Program Files\Palo Alto Networks\Traps>cytool /a enum Enter supervisor password: Process ID Agent Version 1000 3.1.1546 1468 3.1.1546 452 3.1.1546 [...]Mac:You must enable remote process calls (RPCs) before you can run this command. See Enable or Disable RPC Services.PANM2637HQ:bin jdoe$ sudo ./cytool enum List of protected processes: Process name Process ID User Google Chrome Helper 5469 jdoe Google Chrome Helper 5473 jdoe Google Chrome Helper 5491 jdoe Photos 5599 jdoe com.apple.SafariServices 5763 jdoe com.apple.WebKit.WebContent 5783 jdoe