Limitations with Traps 4.1.
Traps for Windows Limitations
The following table describes considerations related to third-party software integration with Traps 4.1. This table includes products that are tested and have known limitations or require additional action to integrate with Traps. Additional third-party apps may be compatible with Traps but are not tested and, so, are not included in the list of supported third-party applications.
|Security Product||Description||Implications and Required Actions|
|Antivirus engines (such as Avira and AVG)||Because Palo Alto Networks® Traps™ components are detected by antivirus engines, some antivirus engines may falsely recognize Traps components as a threat.||If a Traps component is suspected as a threat, we recommend excluding the component in the product's management tools. If required, please contact Support.|
|AppVolumes||On endpoints running Windows 8.1 or a later release, the Traps anti-ransomware malware protection module (MPM) collides with the AppVolumes writeable volume and AppStack features.||Running Traps anti-ransomware protection and AppVolumes in parallel is not supported on endpoints running Windows 8.1 or a later release.|
|AppVolumes||AppVolumes collides with Traps injection mechanism.||Configure AppVolumes to remove Traps registry keys and files that interfere with Traps injection. For more information, see KB-189193.|
|Bitdefender Total Security||When Traps is installed on Windows 7 and Windows 8 64-bit systems, installing Bitdefender causes a startup issue on the next reboot. When Bitdefender is installed, installing Traps causes Windows Explorer to crash.||Running Traps exploit protection and Bitdefender in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire® analysis, and restriction rules—works as expected.|
|BUFFERZONE||BUFFERZONE collides with the Traps injection mechanism.||Running Traps and BUFFERZONE in parallel is not supported.|
|McAfee Solidifier||Solidifier collides with the Traps injection mechanism.||Running Traps exploit protection and Solidifier in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.|
|Microsoft Enhanced Mitigation Experience Toolkit (EMET)||Microsoft EMET collides with the Traps injection mechanism.||Running Traps exploit protection and Microsoft EMET in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.|
|Panda Antivirus||Panda Antivirus collides with one of the Traps ROP Mitigation component checks.||Running Traps exploit protection and Panda Antivirus in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.|
|Sophos Intercept||On Windows 10 endpoints, Sophos Intercept collides with the Traps injection mechanism||Running Traps exploit protection and Sophos Intercept
exploit mitigation features in parallel is not supported. All other
malware protection functionality—such as local analysis, WildFire analysis,
and restriction rules—works as expected. |
To enable Traps exploit protection, disable the following Runtime Protection options in the server policy of the cloud server for Sophos Intercept:
|Trend Micro||On Windows endpoints, Trend Micro XG can detect malware in the process memory collected by the Traps agent.||To prevent Trend Micro XG from detecting malware in the process memory collected by Traps, disable the Enable program inspection to detect and block compromised executable files option in Behavior Monitoring Settings of Trend Micro.|
|Windows Control Flow Guard (CFG)|
On Windows endpoints, the Traps agent cannot inject DLLs into processes (such as dllhost.exe, browser_broker.exe, and RuntimeBroker.exe) that have strict Control Flow Guard (CFG) enabled. This prevents Traps from applying exploit protection to those processes.
|If possible, disable strict CFG for processes that require exploit protection.|
Incompatible Operating Systems
For information on supported operating systems, see the Palo Alto Networks® Compatibility Matrix.
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) 4.1. For additional information ...
Where Can I Install the Traps Agent?
Install Traps on endpoint operating systems, virtual desktops, and virtual applications. ...
Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.1. ...
View Processes Currently Protected by Traps
View Processes Currently Protected by Traps The Protection tab on the Traps console displays processes run by the current user that are currently protected by ...
View the Security Event History on an Endpoint
View the Security Event History on an Endpoint When a user launches a process on the endpoint, Traps injects code into the process and activates ...
Policy Rule Types
Policy Rule Types A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies ...
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Kernel APC Protection
Kernel APC Protection Traps extends its kernel protection capabilities with the new Kernel APC Protection module. The exploit protection module (EPM) prevents attacks which leverage ...
Exploit Protection Overview
Exploit Protection Overview An exploit is a sequence of commands that take advantage of a bug or vulnerability in a software application or process. Attackers ...