Enable or Disable Core Process Protection on the Endpoint

By default, Traps protects core processes including Cyserver.exe and CyveraService.exe based on the service protection rules defined in the local security policy. If required, you can override the behavior of core process protection using the
cytool protect [enable|disable] process
command.
Changing the protection settings requires you to enter the supervisor (uninstall password).
  1. Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
  2. To manage the protection settings of core processes on the endpoint, use the following command:
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect [enable|disable] process
    The following example displays output for enabling protection of core processes. The
    Mode
    column displays the revised protection status, either
    Enabled
    or
    Disabled
    , or
    Policy
    when using the settings in the local security policy to protect core processes.
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect enable process
    Enter supervisor password: Protection Mode State Process Enabled Enabled Registry Policy Disabled File Policy Disabled Service Policy Disabled
    To use the default policy rule settings to protect core processes on the endpoint, see Use the Security Policy to Manage Service Protection.

Related Documentation