Enable or Disable Service Protection Settings on the Endpoint

To bypass the Traps security policy, attackers can attempt to disable or change the status of Traps services. Use the
cytool protect enable service
command to protect Traps services. To disable protection of Traps services, use the
cytool protect disable service
command.
Making changes to the service protection settings requires you to enter the supervisor (uninstall) password when prompted.
  1. Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
  2. To manage the protection settings of Traps services on the endpoint, use the following command:
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect [enable|disable] service
    The following example displays output for enabling protection of services. The
    Mode
    column displays the revised protection status, either
    Enabled
    or
    Disabled
    , or
    Policy
    when Traps uses the settings in the local security policy to protect Traps services.
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect enable service
    Enter supervisor password: Protection Mode State Process Policy Disabled Registry Policy Disabled File Policy Disabled Service Enabled Enabled
    To use the default policy rule settings to protect Traps services on the endpoint, see Use the Security Policy to Manage Service Protection.

Related Documentation