Maintain the Endpoints and Traps
On a daily or weekly basis, perform the following actions:
- Examine the Dashboard to verify that the Traps agent is active on all endpoints. See Use the Endpoint Security Manager Dashboard.
- Review Security Events reported by Traps. After analyzing a security event, you might want to do any of the following tasks:
- Investigate whether the indicators are related to malicious executable files and then use the Agent Query to search for artifacts on Windows endpoints.
- Disable rules temporarily that interfere with day-to-day work. In cases where a security event does not indicate an attack and is interfering with day-to-day work, you can disable an exploit protection or restriction rule on a specific endpoint. See Exclude an Endpoint from an Exploit Protection Rule.
- Patch, upgrade, or fix a bug in software that indicates erroneous behavior or a security vulnerability. Patching or upgrading third-party applications or fixing bugs in applications that are developed in-house can reduce the number of security events reported to the ESM Console.
- Activate protection for an unprotected application. See View, Modify, or Delete a Process.
- Review post-detection events and take additional action to remediate the endpoint.
- Examine the Monitor pages and investigate reports of crashes and security events.
After a change in the organization or in available Traps software versions, you can:
Collect New Process Information
Collect New Process Information By default, Traps protects the most commonly used and well-known processes on your endpoints. In addition, when WildFire is enabled, Traps ...
Traps Agent The Traps agent protects the endpoint by enforcing your organization’s security policy as defined in the Endpoint Security Manager. Depending on the configuration, ...
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Add a New Protected Process
Add a New Protected Process A process is an active instance of a program that is executed by the operating system. From the Windows Task ...
Set Up the Endpoint Infrastructure
Set Up the Endpoint Infrastructure Use the following workflow to set up the Endpoint infrastructure or, to upgrade your existing Endpoint infrastructure, use the workflow ...
Issues Addressed in Traps Endpoint Security Manager 4.1.2
Issues Addressed in Traps Endpoint Security Manager 4.1.2 The following table lists the issues that are addressed in the Traps Endpoint Security Manager 4.1.2 release. ...
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) 4.1. For additional information ...
Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.1. ...
Traps Components The Traps solution centers around the Endpoint Security Manager (ESM), which comprises an ESM Console, a database, an ESM Server, and the Traps ...