Traps Agent 6.1 for Linux

The Traps™ agent protects Linux servers by preventing known and unknown malware from running by halting any attempts to leverage software exploits and vulnerabilities to compromise the server. Traps also extends exploit and malware protection to processes that run in Linux containers. When you install Traps on a Linux server that uses containers, Traps automatically protects any new and existing containerized processes regardless of the container solution (for example, docker). Because Cortex XDR issues the license per Linux server, each container does not consume any additional licenses.
The protection capabilities and features that Traps for Linux enables depend, in part, on your security policy configuration and the kernel version that is installed. Protection capabilities such as Behavioral Threat Protection, ELF file analysis, and endpoint data collection and sharing for EDR all require a supported kernel version. If you deploy Traps on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, Traps will operate in asynchronous mode where:
  • Continuous event monitoring required for Behavioral Threat Protection is disabled.
  • Sharing endpoint activity data with Cortex apps is disabled.
  • ELF file examination occurs in parallel with the file execution. If the Traps agent obtains a malware verdict for the ELF file, it terminates the file execution. Security events for malware in asynchronous mode are assigned a high severity due to the potential for continued execution during the verdict request while security events in synchronous mode are medium severity.
  • All other exploit and malware protection is enabled per your Linux security policy.
During installation, you can also choose to disable the kernel module version, as explained in the Install the Traps Agent for Linux topic.
The following topics describe how to install and use the Traps agent for Linux:

Recommended For You