Malware Protection Overview
Malicious files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather sensitive information, or disrupt the normal operations of the system.
Traps prevents malware by reducing the attack surface and increasing the accuracy of malware detection. This approach combines several layers of protection, collectively known as the Malware Prevention Engine. Using the following combination of mitigation techniques, the Malware Prevention Engine can automatically prevent malicious and unknown executable files—including Microsoft Windows screensaver files (.scr) and Mac object files (Mach-os)—DLLs, and macros from running and, when unable to prevent, halt malicious behavior:
- WildFire integration—Enables automatic detection of known malware and analysis of unknown malware to prevents threats quickly before an enterprise is compromised.
- DLL file protection—Enables you to block known and unknown DLLs on Windows endpoints.
- Office file protection—Enables you to block known and unknown macros when run from Microsoft Office files on Windows endpoints.
- Evaluation of trusted signers—Permits unknown files that are signed by trusted signers to run on the endpoint.
- Local static analysis—Enables Traps to use machine learning to analyze unknown files and issue a verdict. Traps uses the verdict returned by the local analysis module until it receives a verdict from the ESM Server.
- Malware protection modules—Targets specific malware behaviors such as from ransomware and enables you to block the creation of child processes.
- Policy-based restrictions—Enables you to block files from executing from specific local folders, network folders, or external media locations.
For additional information, see Malware Protection Flow.
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) 4.1. For additional information ...
WildFire The Traps agent is designed to block attacks before any malicious code can run on the endpoint. While this approach ensures the safety of ...
DLL File Protection
DLL File Protection Traps now extends its malware protection capabilities to block malicious DLL files on Windows endpoints. To provide a layered approach to DLL ...
Policy Rule Types
Policy Rule Types A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies ...
Malware Protection Policy Best Practices
Malware Protection Policy Best Practices The key principle when defining a malware protection policy is to minimize the chance of infection from known and unknown ...
Verdicts WildFire delivers verdicts to identify samples it analyzes as safe, malicious, or unwanted (grayware is considered obtrusive but not malicious): Unknown —Initial verdict for ...
Local Analysis Support on Mac Endpoints
Local Analysis Support on Mac Endpoints Local analysis is now available for Traps 4.1 and later releases on all supported Mac OS versions. Local analysis ...