Cytool for Windows
To manage Traps functions from the command line on Windows endpoints,
use Cytool.
Cytool is a command-line interface (CLI) that is integrated
into Traps and enables you to query and manage both basic and advanced
functions of Traps. Any changes you make using Cytool are active
until Traps receives the next heartbeat communication from the Traps
management service.
On Windows endpoints, you can access Cytool using a Microsoft
MS-DOS command prompt that you run as an administrator. Cytool is
located in the
C:\Program Files\Palo Alto Networks\Traps
folder
on the endpoint.The following table displays the Cytool options available on
Windows endpoints.
Command Option | Description |
---|---|
enum | Enumerate protected processes. Usage: cytool
enum For example:
|
protect | Enable or disable a protection feature. Usage: cytool
protect <action> <feature> where:
For
example:
|
startup | Enable, disable, or query the startup state
of Traps components. Usage: cytool startup <action> <component> where:
For example:
|
runtime | Stop or start product components. Usage: cytool
runtime <action> <component> where:
For example:
|
policy | Query or compare the applied policy for
a process. Usage: cytool policy <action> <process> where:
For example,
to query the policy for future executions of notepad.exe:
For example, to compare the policy for future executions
of notepad.exe to the default policy:
|
trace | Operate product trace sessions. Usage:
|
quarantine | View and restore quarantined files. Usage:
|
stat | Query Traps statistics from a running process. Usage: cytool
stat <pid> where <pid> For example, to display statistics about
the Chrome process identified by PID 4080:
|
tla | View the history of the Traps local analysis
module. Usage: cytool tla query For
example:
|
info | Display general Traps information. Usage: cytool
info [query] To display the Traps version, run
the cytool info command without any additional
arguments. To display additional details about Traps, such as the
version of the default policy and the specific build number, add
the query argument. For example:
|
wf | WildFire operations. Usage: cytool
wf query [<hash>]
|
imageprep | Prepare a golden image by submitting files
for cloud analysis and generate a threats report. Usage: cytool
imageprep [scan] [timeout <scan timeout> ]
[upload <upload timeout> ] [path <full path> ]where:
For example:
|
scan | Scan operations. Usage: cytool
scan <action> where <action>
For example:
|
persist | Traps stores policy and security event information,
such as the list of trusted signers, local verdicts, and one-time
actions in local databases on the endpoint. To troubleshoot policy
issues and security events, you can use cytool persist operations
to import, export, and view information stored in the local database. Usage: cytool
persist <action> where <action>
To view a list of all local databases,
use the cytool persist list command.
|
log | Set log level for the desired process. Usage: cytool
log <log_level> <components> where:
Then use
the cytool log collect command to generate
a support file archive of all logs in a TGZ file. |
checkin | Initiate check-in to the server. Usage: cytool
checkin To verify the checkin, view the check-in
time on the Traps console. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.