Traps VDI Tool CLI
The Traps VDI Tool requests verdicts for all the PE files detected on the golden image and outputs the verdicts to a WildFire cache file. You can use the command-line interface (CLI) version of the Traps VDI Tool to automate the creation of this file.
Consider the following usage guidelines for the Traps VDI Tool CLI:
- If you run the Traps VDI Tool with at least one command line argument, it will run in unattended mode (no user interface). If you issue the TrapsVdiTool command without any arguments, the user interface opens.
- By default, arguments with flag values—yes or no—default to yes. Therefore, to use the default value, you can specify the argument without the value (e.g. use -ssl instead of -ssl:y).
- If a path value contains one or more spaces, surround the entire path argument with double quotes, for example: "-i:c:\temp\sig file.csv"
- You cannot use the Traps VDI Tool to check hashes and mark the computer as a VDI—using the -m argument—at the same time. Therefore, you must execute these actions separately.
- To write output to a log file, use the > redirect to send output to a filename of your choice, for example: TrapsVdiTool -m > TrapsVDI.log
- Download the Traps VDI Tool package from the Support \Portal.
- Copy and then unzip the package on the golden image.
- Open a command prompt as an administrator:
- Select StartAll ProgramsAccessories. Right-click Command prompt, and then select Run as administrator.
- Select Start. In the Start Search box, type cmd. Then, to open the command prompt as an administrator, press CTRL+SHIFT+ENTER.
- Navigate to the folder that contains the Traps VDI Tool
- View usage and options for the DB Configuration Tool:
c:\TrapsVDItool> TrapsVdiTool -help TrapsVdiTool -i:path [-o:path] [-e:address] [-p:port] [-ssl] [-b:size] [-to: hours] [-v] [-c:minutes] [-r] [-m] [-silent] [-s:password] TrapsVdiTool -m:password -help Displays the help screen. -silent Perform tasks in silent mode (no log displays). -i:path Input file (must be CSV). Specifies the path of the file produced by the sigcheck tool. No default. Surround the entire path argument with double quotes to specify a path that contains spaces, for example: "-i:c:\temp\sig file.csv". -e:address Specifies the ESM server address (FQDN or IP). Default: ESMSERVER -p:port Specifies the ESM server port. Default: 2125 -ssl[:flag] ESM server SSL binding. Indicates use of secured server connection. 'y' for using SSL, 'n' otherwise. Default: n -b:size Hash bulk size. Specifies the bulk size for hash transfers. Default: 300 -to:hours Tool timeout in hours. Limits execution time to specified number of hours. Default: 24 -v[:flag] Wait for WildFire verdicts. Indicates if should wait for WildFire verdicts. 'y' for waiting, 'n' - otherwise. Default: n -c:minutes Specifies WildFire verdicts check interval in minutes. Default: 10 -r[:flag] Instructs the tool to continue from where it left off previously. Default: n -w[:flag] Write malware verdicts to cache. Default: n -g[:flag] Write grayware verdicts to cache. Default: y -s:password The agent's uninstall password. Required to read data from protected locations when Service Protection is enabled. -m: Instructs the Traps VDI Tool to identify this computer as VDI using the uninstall password and skips performing hash checks. No default. Do not use this option if you want the Traps VDI Tool to perform hash checks. CLI execution examples. TrapsVdiTool -i:c:\temp\sig.csv -e:192.168.70.100 -ssl -to:1 Submits the list of executable files in the 'c:\temp\sig.csv' input file t o the ESM Server with the IP address 192.168.70.100 over a secured connection and limits the execution time to 1 hour. All the other arguments will be set to their default values. TrapsVdiTool "-i:c:\temp\sig file.csv" -v -w Submits the list of executable files in the 'c:\temp\sig file.csv' input f ile to the default ESMServer and waits for all WildFire verdicts before writing them to cache. TrapsVdiTool -s:password -m Identify the computer as VDI without performing hash checks.
- Specify arguments to create the WildFire cache file or
to mark the golden image as a VDI instance. For example:
TrapsVdiTool -i:c:\temp\sig.csv -e:192.168.70.100 -ssl -to:1The Traps VDI Tool requests verdicts for the hashes in the c:\temp\sig.csv input file, from the ESM Server with the IP address 192.168.70.100, over a secure connection, and limits the execution time to 1 hour.All the other arguments are set to their default values.
TrapsVdiTool "-i:c:\temp\sig file.csv" -v -wThe Traps VDI Tool requests verdicts for the hashes in the c:\temp\sig file.csv input file from the default ESM Server, and creates the cache file only after it has received verdicts for all hashes. Note the file path is enclosed in quotes because the filename contains a space.
TrapsVdiTool -m:passwordThe Traps VDI Tool identifies the golden image as a VDI instance without performing hash checks.
Configure the Golden Image for Non-Persistent VDI
Configure the Golden Image for Non-Persistent VDI To avoid starting your VDI with a cache of unknown executable files, you can use the Traps VDI ...
Set Up a Non-Persistent VDI
Set Up a Non-Persistent VDI To set up a non-persistent virtual machine, you must configure a template policy known as a golden image. The settings ...
VDI Installation Considerations
VDI Installation Considerations Optimize the default session policy on the VDI test pool to assure stable session spawning when the VDI is recompiled. Every new ...
VDI Modes A VDI environment can run in the following modes: Non-Persistent VDI Mode Persistent VDI Mode Non-Persistent VDI Mode In non-persistent VDI mode, each ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...
Verdict Caches Traps stores hashes and the corresponding Verdicts for all executable files that open on the endpoint in its local cache . The local ...
Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.2. ...
Tune and Test the VDI Policy
Tune and Test the VDI Policy After you configure the golden image, tune and test the policy using the following workflow. Fine-tune the exploit and ...