Limitations

Limitations with Traps 4.1.

Traps for Windows Limitations

The following table describes considerations related to third-party software integration with Traps 4.1. This table includes products that are tested and have known limitations or require additional action to integrate with Traps. Additional third-party apps may be compatible with Traps but are not tested and, so, are not included in the list of supported third-party applications.
Security ProductDescriptionImplications and Required Actions
Antivirus engines (such as Avira and AVG)Because Palo Alto Networks® Traps™ components are detected by antivirus engines, some antivirus engines may falsely recognize Traps components as a threat.If a Traps component is suspected as a threat, we recommend excluding the component in the product's management tools. If required, please contact Support.
AppVolumesOn endpoints running Windows 8.1 or a later release, the Traps anti-ransomware malware protection module (MPM) collides with the AppVolumes writeable volume and AppStack features.Running Traps anti-ransomware protection and AppVolumes in parallel is not supported on endpoints running Windows 8.1 or a later release.
AppVolumesAppVolumes collides with Traps injection mechanism.Configure AppVolumes to remove Traps registry keys and files that interfere with Traps injection. For more information, see KB-189193.
Bitdefender Total SecurityWhen Traps is installed on Windows 7 and Windows 8 64-bit systems, installing Bitdefender causes a startup issue on the next reboot. When Bitdefender is installed, installing Traps causes Windows Explorer to crash.Running Traps exploit protection and Bitdefender in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire® analysis, and restriction rules—works as expected.
BUFFERZONEBUFFERZONE collides with the Traps injection mechanism.Running Traps and BUFFERZONE in parallel is not supported.
McAfee SolidifierSolidifier collides with the Traps injection mechanism.Running Traps exploit protection and Solidifier in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Microsoft Enhanced Mitigation Experience Toolkit (EMET)Microsoft EMET collides with the Traps injection mechanism.Running Traps exploit protection and Microsoft EMET in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Panda AntivirusPanda Antivirus collides with one of the Traps ROP Mitigation component checks.Running Traps exploit protection and Panda Antivirus in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Sophos InterceptOn Windows 10 endpoints, Sophos Intercept collides with the Traps injection mechanismRunning Traps exploit protection and Sophos Intercept exploit mitigation features in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
To enable Traps exploit protection, disable the following Runtime Protection options in the server policy of the cloud server for Sophos Intercept:
  • Mitigate exploits in vulnerable applications
  • Protect processes
Trend MicroOn Windows endpoints, Trend Micro XG can detect malware in the process memory collected by the Traps agent. To prevent Trend Micro XG from detecting malware in the process memory collected by Traps, disable the Enable program inspection to detect and block compromised executable files option in Behavior Monitoring Settings of Trend Micro.
Windows Control Flow Guard (CFG)
On Windows endpoints, the Traps agent cannot inject DLLs into processes (such as dllhost.exe, browser_broker.exe, and RuntimeBroker.exe) that have strict Control Flow Guard (CFG) enabled. This prevents Traps from applying exploit protection to those processes.
If possible, disable strict CFG for processes that require exploit protection.

Incompatible Operating Systems

For information on supported operating systems, see the Palo Alto Networks® Compatibility Matrix.

Related Documentation