Traps Endpoint Security Manager Known Issues

Known issues with the Traps Endpoint Security Manager and Traps agent 4.1.
The following table includes known issues in Traps Endpoint Security Manager and Traps agent in the 4.1 release.
Issue ID
On Windows XP and Windows Server 2003 endpoints with .NET 3.5, the Traps service fails to start when the machine.config file is missing or incorrectly configured.
CYV-13881When the IP address of the Endpoint Security Manager (ESM) is changed while the ESM service is running, the new IP address is not updated in the ESM database and Traps agents cannot connect to the ESM.
Workaround: Restart the ESM service or update the External Address through the web interface (SettingsESMMulti ESM).
CYV-13330Traps treats signed executable files as unsigned when the Windows Cryptographic Service (CryptSvc) is disabled on an endpoint.Workaround: Add executable files to the Hash Control policy and Treat as Benign (PoliciesMalwareHash Control) to make trusted publishers whitelisting work for those files.
CYV-13273On endpoints running Windows 10 Insider Preview, the Windows Defender Security Center displays Virus & threat protection as Unknown and displays Status unavailable for Traps even though Traps successfully registers with the Security Center and is available.
CYV-13267When you configure Traps to quarantine malicious executable files (in a WildFire® rule for executable files) and a prevention event is triggered by the DLL Files Protection module, Traps quarantines the DLL-loading process.
Microsoft Outlook 2007 closes abruptly when installed in parallel with Traps.
Outlook 2007 workaround: Create a condition for Outlook 2007 (Path: %programfiles%\Microsoft Office\office12\outlook.exe). Then disable the JIT Mitigation and ROP Mitigation exploit protection modules (EPMs) on the Outlook process and apply your Outlook 2007 condition.
Outlook 2010 workaround: Install content release version 22 or a later version to take advantage of the updated compatibility rules in the default policy.
CYV-11503Traps is registered as an Antivirus Protection Module and not as an Antispyware Protection Module on Japanese Windows operating systems. This causes the Action Center to indicate antivirus protection is off, even though the Traps agent is up and running.
CYV-11486On the ESM Console, the additional details view of a security event on the Malware Post Detected page labels the unique ID associated with the security event as the Prevention Key. Because no prevention event occurred, the label is inaccurate.
CYV-11440When you configure a Child Process Protection rule, setting the Action to Notification causes performance issues on Windows endpoints.
If Traps protection is disabled on a Windows 7 endpoint, either by intentionally disabling it or due to an error, the Action Center correctly indicates the endpoint is not protected. However, if the user tries to enable protection from the Action Center, Traps will not resume protection.
Workaround: To enable Traps protection, configure a Service Protection agent settings rule from the ESM Console. You can also enable service protection on a specific endpoint using Cytool.
CYV-11177On Windows endpoints, Traps displays prevention notifications for the DLL Security EPM when an Internal Error occurs instead of silently logging the issue and terminating the process.
CYV-11048Due to an internal IIS issue, after binding a new certificate to the ESM Server for secure communication between the server and the agents, Traps agents connect intermittently.
Workaround: When agents can’t connect, restart the ESM Server.
CYV-10664On Windows 10 endpoints, Internet Explorer 11 halts abruptly when an exploit protection module (EPM) triggers a prevention event. This occurs due to the built-in mechanism which attempts to reopen pages which closed suddenly thus causing a prevention loop.
CYV-10655When Traps quarantines a file whose filename contains Unicode characters, the ESM Console incorrectly indicates the file has not been quarantined.
CYV-10101After Traps quarantines malware, the operating system displays an error indicating that the quarantined file cannot be found. This issue occurs only when the current user does not have administrative rights on the endpoint.
CYV-9930The DB Configuration Tool allows you to save a user who is not a local administrator on the ESM Console server because it does not validate administrative users.Workaround: Validate that users are administrators on the ESM Console server before adding them as administrative accounts using the DB Configuration Tool.
CYV-9790When Service Protection is enabled and an administrator uninstalls Traps on the endpoint, some files remain in the ProgramData\cyvera folder. In some environments, these files are owned by SYSTEM and cannot be removed by the administrative user.
Workaround: Log off and log back in before attempting to delete these files.
CYV-9762To create a rule for network folder restriction, the ESM Console requires you to define a network folder whitelist before it permits you to save the rule.
CYV-9751In an environment where a secondary ESM Console is installed on an ESM Server, the ESM Server inherits the proxy settings from the secondary console.
CYV-9723On Windows XP endpoints, when you click Send Support File from the Traps console, the agent fails to collect logs from the event viewer and instead sends only a partial collection of logs.
CYV-9705When you configure rules to use target objects that use the Windows User logon name in UPN format (, the ESM Console omits these objects and displays only sAMAccount names.
Workaround: To apply a rule to a target object with a UPN account name, specify the full Active Directory distinguished name.
CYV-9621The BitsUpload manager fails to upload malware with a filename that contains the right-to-left override (RLO) character.
CYV-9595When you install Traps on a terminal server that is accessed by multiple users, user-specific rules do not work as expected. For example, in some cases, Traps fails to apply user-specific rules to the affected user. In other cases, Traps applies user-specific rules to all users on the terminal server.
CYV-9585Attempting to restore a file before Traps finishes retrieving relevant memory dumps causes delays in restoring the file to the original location.
CYV-9538In an environment with two ESM Consoles, when you attempt to generate an ESM tech support file, the ESM Console collects data only from the ESM Console on which you generated the file. As a result, the ESM tech support file does not contain any logs from the secondary console.
CYV-9368Traps fails to enforce local folder restrictions on endpoints that use the Japanese language version.
CYV-9360In an ESM deployment with multiple ESM Servers, after removing a server from the domain, the ESM Console does not update the Internal Address and continues to show the in-domain address.Workaround: From the ESM Console (SettingsESMMulti ESM), manually update the internal address of the ESM Server.
CYV-9355Because older versions of Traps did not support a grayware verdict, executable files received a benign verdict and were permitted to run. After upgrading to Traps 3.4 or 4.0, the local cache retains the benign verdict for any grayware that previously ran on the endpoint. As a result, subsequent attempts to run grayware that ran previously are permitted.
CYV-9350On some endpoints, the CPU spikes when the Traps console is open.
CYV-9284The first time a user opens an executable file that is larger than 50MB (such as an installer), the launch time increases due to the evaluation of trusted signers.
CYV-9215When an exploit event occurs, some EPMs configured in Notification mode can cause Traps to display multiple notification messages about the event.
CYV-9178After successfully installing the ESM Server or ESM Console software, the installer inconsistently logs the completion status of the installation.
CYV-9007When you generate an ESM Tech Support file and the ESM Console and the ESM Server are installed on the same device while service protection is enabled, some data cannot be retrieved. This is because service protection blocks access to specific folders.
CYV-8959When you change the state of a machine from workstation to virtual desktop infrastructure (VDI), Traps continues to use a license from the workstation license pool instead of obtaining a floating VDI license.
CYV-8923If you configure an exploit protection rule that uses the DLL Security EPM, the Flash player crashes on 64-bit Firefox.
CYV-8834When you upgrade .NET Framework in preparation for upgrading Traps and then remove the older .NET Framework version, the Traps upgrade fails.
Workaround: To avoid uninstall and upgrade issues, do not remove the older version of .NET Framework before upgrading to this version of Traps.
CYV-8732When you apply an action rule to an organizational unit and specify a group of machines as belonging to the organizational unit, endpoints in that group do not receive the agent rule.
CYV-5632An issue with the policy files prevents Traps from obtaining the latest security policy when the policy contains a large number of provisional processes. As a result, the security policy can become out-of-date and the ESM Console can display the status of the agent running on the endpoint as disconnected.
OSX-1252When no ESM Servers are available, the Traps console on a Mac endpoint appears to connect to the last known available ESM Server instead of displaying a status indicating an ESM Server could not be reached.
OSX-1131When you create an action rule to upgrade Traps on Mac endpoints, Traps reinstalls the agent software when the version in the rule matches the version which is already installed on the endpoint.
OSX-920The MonitorAgentHealth page omits the domain name (Base DN) for Mac endpoints. As a result, Group Policy (based on Active Directory) may not work on Mac endpoints.
OSX-890The Provisional Mode page of the ESM Console lists unknown executable files that are signed by a trusted signer instead of listing only unknown executable files that are unsigned by a trusted signer.

Related Documentation