Maintain the Endpoints and Traps

On a daily or weekly basis, perform the following actions:
  • Examine the Dashboard to verify that the Traps agent is active on all endpoints. See Use the Endpoint Security Manager Dashboard.
  • Review Security Events reported by Traps. After analyzing a security event, you might want to do any of the following tasks:
    • Investigate whether the indicators are related to malicious executable files and then use the Agent Query to search for artifacts on Windows endpoints.
    • Disable rules temporarily that interfere with day-to-day work. In cases where a security event does not indicate an attack and is interfering with day-to-day work, you can disable an exploit protection or restriction rule on a specific endpoint. See Exclude an Endpoint from an Exploit Protection Rule.
    • Patch, upgrade, or fix a bug in software that indicates erroneous behavior or a security vulnerability. Patching or upgrading third-party applications or fixing bugs in applications that are developed in-house can reduce the number of security events reported to the ESM Console.
    • Activate protection for an unprotected application. See View, Modify, or Delete a Process.
    • Review post-detection events and take additional action to remediate the endpoint.
  • Examine the Monitor pages and investigate reports of crashes and security events.
  • If you configured your ESM Console to Collect New Process Information, review unprotected processes and decide whether to enable protection on them. See View, Modify, or Delete a Process.
After a change in the organization or in available Traps software versions, you can:

Related Documentation