Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.1.
The following table includes known issues in Traps Endpoint Security Manager and Traps agent in the 4.1 release.
On Windows XP and Windows Server 2003 endpoints with .NET 3.5, the Traps service fails to start when the machine.config file is missing or incorrectly configured.
|CYV-13881||When the IP address of the Endpoint Security
Manager (ESM) is changed while the ESM service is running, the new
IP address is not updated in the ESM database and Traps agents cannot
connect to the ESM.|
Workaround: Restart the ESM service or update the External Address through the web interface (SettingsESMMulti ESM).
This issue is now resolved. See Issues Addressed in Traps Endpoint Security Manager 4.1.2.
|Traps treats signed executable files as unsigned when the Windows Cryptographic Service (CryptSvc) is disabled on an endpoint.Workaround: Add executable files to the Hash Control policy and Treat as Benign (PoliciesMalwareHash Control) to make trusted publishers whitelisting work for those files.|
|CYV-13273||On endpoints running Windows 10 Insider Preview, the Windows Defender Security Center displays Virus & threat protection as Unknown and displays Status unavailable for Traps even though Traps successfully registers with the Security Center and is available.|
This issue is now resolved. See Issues Addressed in Traps Endpoint Security Manager 4.1.1.
|When you configure Traps to quarantine malicious executable files (in a WildFire® rule for executable files) and a prevention event is triggered by the DLL Files Protection module, Traps quarantines the DLL-loading process.|
This issue is now resolved. See Issues Addressed in Traps Endpoint Security Manager 4.1.1.
Microsoft Outlook 2007 closes abruptly when installed in parallel with Traps.
Outlook 2007 workaround: Create a condition for Outlook 2007 (Path: %programfiles%\Microsoft Office\office12\outlook.exe). Then disable the JIT Mitigation and ROP Mitigation exploit protection modules (EPMs) on the Outlook process and apply your Outlook 2007 condition.
Outlook 2010 workaround: Install content release version 22 or a later version to take advantage of the updated compatibility rules in the default policy.
|CYV-11503||Traps is registered as an Antivirus Protection Module and not as an Antispyware Protection Module on Japanese Windows operating systems. This causes the Action Center to indicate antivirus protection is off, even though the Traps agent is up and running.|
|CYV-11486||On the ESM Console, the additional details view of a security event on the Malware Post Detected page labels the unique ID associated with the security event as the Prevention Key. Because no prevention event occurred, the label is inaccurate.|
|CYV-11440||When you configure a Child Process Protection rule, setting the Action to Notification causes performance issues on Windows endpoints.|
If Traps protection is disabled on a Windows 7 endpoint, either by intentionally disabling it or due to an error, the Action Center correctly indicates the endpoint is not protected. However, if the user tries to enable protection from the Action Center, Traps will not resume protection.
Workaround: To enable Traps protection, configure a Service Protection agent settings rule from the ESM Console. You can also enable service protection on a specific endpoint using Cytool.
|CYV-11177||On Windows endpoints, Traps displays prevention notifications for the DLL Security EPM when an Internal Error occurs instead of silently logging the issue and terminating the process.|
|CYV-11048||Due to an internal IIS issue, after binding
a new certificate to the ESM Server for secure communication between
the server and the agents, Traps agents connect intermittently.|
Workaround: When agents can’t connect, restart the ESM Server.
|CYV-10664||On Windows 10 endpoints, Internet Explorer 11 halts abruptly when an exploit protection module (EPM) triggers a prevention event. This occurs due to the built-in mechanism which attempts to reopen pages which closed suddenly thus causing a prevention loop.|
|CYV-10655||When Traps quarantines a file whose filename contains Unicode characters, the ESM Console incorrectly indicates the file has not been quarantined.|
|CYV-10101||After Traps quarantines malware, the operating system displays an error indicating that the quarantined file cannot be found. This issue occurs only when the current user does not have administrative rights on the endpoint.|
|CYV-9930||The DB Configuration Tool allows you to save a user who is not a local administrator on the ESM Console server because it does not validate administrative users.Workaround: Validate that users are administrators on the ESM Console server before adding them as administrative accounts using the DB Configuration Tool.|
|CYV-9790||When Service Protection is enabled and an administrator
uninstalls Traps on the endpoint, some files remain in the ProgramData\cyvera folder. In
some environments, these files are owned by SYSTEM and cannot be
removed by the administrative user.|
Workaround: Log off and log back in before attempting to delete these files.
|CYV-9762||To create a rule for network folder restriction, the ESM Console requires you to define a network folder whitelist before it permits you to save the rule.|
|CYV-9751||In an environment where a secondary ESM Console is installed on an ESM Server, the ESM Server inherits the proxy settings from the secondary console.|
|CYV-9723||On Windows XP endpoints, when you click Send Support File from the Traps console, the agent fails to collect logs from the event viewer and instead sends only a partial collection of logs.|
|CYV-9705||When you configure rules to use target objects
that use the Windows User logon name in
UPN format (User@Domain.com), the ESM Console omits these objects
and displays only sAMAccount names.|
Workaround: To apply a rule to a target object with a UPN account name, specify the full Active Directory distinguished name.
|CYV-9621||The BitsUpload manager fails to upload malware with a filename that contains the right-to-left override (RLO) character.|
|CYV-9595||When you install Traps on a terminal server that is accessed by multiple users, user-specific rules do not work as expected. For example, in some cases, Traps fails to apply user-specific rules to the affected user. In other cases, Traps applies user-specific rules to all users on the terminal server.|
|CYV-9585||Attempting to restore a file before Traps finishes retrieving relevant memory dumps causes delays in restoring the file to the original location.|
|CYV-9538||In an environment with two ESM Consoles, when you attempt to generate an ESM tech support file, the ESM Console collects data only from the ESM Console on which you generated the file. As a result, the ESM tech support file does not contain any logs from the secondary console.|
|CYV-9368||Traps fails to enforce local folder restrictions on endpoints that use the Japanese language version.|
|CYV-9360||In an ESM deployment with multiple ESM Servers, after removing a server from the domain, the ESM Console does not update the Internal Address and continues to show the in-domain address.Workaround: From the ESM Console (SettingsESMMulti ESM), manually update the internal address of the ESM Server.|
|CYV-9355||Because older versions of Traps did not support a grayware verdict, executable files received a benign verdict and were permitted to run. After upgrading to Traps 3.4 or 4.0, the local cache retains the benign verdict for any grayware that previously ran on the endpoint. As a result, subsequent attempts to run grayware that ran previously are permitted.|
|CYV-9350||On some endpoints, the CPU spikes when the Traps console is open.|
|CYV-9284||The first time a user opens an executable file that is larger than 50MB (such as an installer), the launch time increases due to the evaluation of trusted signers.|
|CYV-9215||When an exploit event occurs, some EPMs configured in Notification mode can cause Traps to display multiple notification messages about the event.|
|CYV-9178||After successfully installing the ESM Server or ESM Console software, the installer inconsistently logs the completion status of the installation.|
|CYV-9007||When you generate an ESM Tech Support file and the ESM Console and the ESM Server are installed on the same device while service protection is enabled, some data cannot be retrieved. This is because service protection blocks access to specific folders.|
|CYV-8959||When you change the state of a machine from workstation to virtual desktop infrastructure (VDI), Traps continues to use a license from the workstation license pool instead of obtaining a floating VDI license.|
|CYV-8923||If you configure an exploit protection rule that uses the DLL Security EPM, the Flash player crashes on 64-bit Firefox.|
|CYV-8834||When you upgrade .NET Framework in preparation
for upgrading Traps and then remove the older .NET Framework version,
the Traps upgrade fails.|
Workaround: To avoid uninstall and upgrade issues, do not remove the older version of .NET Framework before upgrading to this version of Traps.
|CYV-8732||When you apply an action rule to an organizational unit and specify a group of machines as belonging to the organizational unit, endpoints in that group do not receive the agent rule.|
|CYV-5632||An issue with the policy files prevents Traps from obtaining the latest security policy when the policy contains a large number of provisional processes. As a result, the security policy can become out-of-date and the ESM Console can display the status of the agent running on the endpoint as disconnected.|
|OSX-1252||When no ESM Servers are available, the Traps console on a Mac endpoint appears to connect to the last known available ESM Server instead of displaying a status indicating an ESM Server could not be reached.|
|OSX-1131||When you create an action rule to upgrade Traps on Mac endpoints, Traps reinstalls the agent software when the version in the rule matches the version which is already installed on the endpoint.|
|OSX-920||The MonitorAgentHealth page omits the domain name (Base DN) for Mac endpoints. As a result, Group Policy (based on Active Directory) may not work on Mac endpoints.|
|OSX-890||The Provisional Mode page of the ESM Console lists unknown executable files that are signed by a trusted signer instead of listing only unknown executable files that are unsigned by a trusted signer.|
Issues Addressed in Traps Endpoint Security Manager 4.1.2
Issues Addressed in Traps Endpoint Security Manager 4.1.2 The following table lists the issues that are addressed in the Traps Endpoint Security Manager 4.1.2 release. ...
Issues Addressed in Traps Endpoint Security Manager 4.1.1
Issues Addressed in Traps Endpoint Security Manager 4.1.1 The following table lists the issues that are addressed in the Traps Endpoint Security Manager 4.1.1 release. ...
Issues Addressed in Traps Endpoint Security Manager 4.1.4
Issues Addressed in Traps Endpoint Security Manager 4.1.4 The following table lists the issues that are addressed in the Traps™ 4.1.4 release. For new features ...
Traps Troubleshooting Resources
Traps Troubleshooting Resources To troubleshoot Traps and the Endpoint Security Manager (comprising an ESM Server, the ESM Console, and a database), use the following resources: ...
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Troubleshooting Traps Troubleshooting Resources Traps and Endpoint Security Manager Processes ESM Tech Support File Database (DB) Configuration Tool Cytool Troubleshoot Traps Issues Troubleshoot ESM Console ...
Traps Agent The Traps agent protects the endpoint by enforcing your organization’s security policy as defined in the Endpoint Security Manager. Depending on the configuration, ...
Issues Addressed in Traps Endpoint Security Manager 4.1.3
Issues Addressed in Traps Endpoint Security Manager 4.1.3 The following table lists the issues that are addressed in the Traps™ 4.1.3 release. For new features ...
Maintain the Endpoints and Traps
Maintain the Endpoints and Traps On a daily or weekly basis, perform the following actions: Examine the Dashboard to verify that the Traps agent is ...