Malware Protection Overview

Malicious executable files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather sensitive information, or disrupt the normal operations of the system.
Traps prevents malware by reducing the attack surface and increasing the accuracy of malware detection. This approach combines several layers of protection, collectively known as the Malware Prevention Engine, that prevent known and unknown malware—including malicious Microsoft Windows screensaver files (.scr)—from infecting your endpoints. The Malware Prevention Engine automatically protects endpoints from malware whether your endpoints are online or offline, on-premise or off, connected to your organization’s network or not. The Malware Prevention Engine uses the following layers of protection:
  • WildFire integration—Enables automatic detection of unknown malware and quickly prevents threats before an enterprise is compromised.
  • Evaluation of trusted signers—Permits unknown executable files that are signed by trusted signers to run on the endpoint.
  • Local static analysis—Enables Traps to use machine learning to analyze unknown executable files and issue a verdict. Traps uses the verdict returned by the local analysis module until it receives a verdict from the ESM Server.
  • Policy-based restrictions—Enable you to block files from executing from specific local folders, network folders, or external media locations; limit or block child processes; block or whitelist Java processes initiated in web browsers; and block the execution of unsigned processes.
  • Malware protection modules—Target specific malware behaviors and enable you to block the creation of remote threads.
For additional information, see Malware Protection Flow.

Related Documentation