View Processes Currently Protected by Traps Using Cytool

To view processes that Traps is currently injected into, run the
enum
command using Cytool or view the Protection tab on the Traps Console (see View Processes Currently Protected by Traps). By default, both the Traps Console and Cytool display only the protected processes run by the current user. To view protected processes run by all users, specify the
/a
option.
Viewing protected processes run by all users requires you to enter the supervisor (uninstall) password.
  1. Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
  2. View protected processes initiated by the current user by entering the
    cytool enum
    command. To view protected processes for all users on the endpoint, specify the
    /a
    option, and enter the supervisor password when prompted.
    c:\Program Files\Palo Alto Networks\Traps>
    cytool /a enum
    Enter supervisor password: Process ID Agent Version 1000 3.1.1546 1468 3.1.1546 452 3.1.1546 [...]

Related Documentation