Enable or Disable Traps File Protection Settings on the Endpoint

To prevent attackers from tampering with the Traps files, use the
cytool protect enable file
command to restrict access to the system files stored in
%Program Files%\Palo Alto Networks\Traps
and
%ProgramData%\Cyvera
(or
C:\ Documents and Settings\All Users\Application Data\Cyvera on Windows XP
). To disable protection of Traps files, use the
cytool protect disable file
command.
Making changes to the Traps file protection settings requires you to enter the supervisor (uninstall) password when prompted.
  1. Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
  2. To manage the protection settings of Traps files on the endpoint, use the following command:
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect [enable|disable] file
    The following example displays output for enabling protection of files. The
    Mode
    column displays the revised protection status, either
    Enabled
    or
    Disabled
    , or
    Policy
    when using the settings in the local security policy to protect Traps files.
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect enable file
    Enter supervisor password: Protection Mode State Process Policy Disabled Registry Policy Disabled File Enabled Enabled Service Policy Disabled
    To use the default policy rule settings to protect Traps files on the endpoint, see Use the Security Policy to Manage Service Protection.

Related Documentation