1. Home
Location
    Techdocs Logo Techdocs Logo
    • Documentation Home
    • Palo Alto Networks
    • Support
    • Live Community
    • Knowledge Base
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Administer the ESM Server
    5. Multi-ESM Deployments
    6. Manage Multiple ESM Servers
    Download PDF
    Last Updated:
    Wed Sep 30 09:32:21 PDT 2020
    Current Version:
    4.2 (EoS)
    • Version 4.2 (EoS)

    Table of Contents


    Search the Table of Contents
    Traps Overview
    About Traps
    Malware Protection Overview
    Exploit Protection Overview
    Traps Components
    ESM Console
    ESM Server
    Database
    Endpoints
    Traps Agent
    External Logging Platform
    WildFire
    Forensic Folder
    Traps Deployment Scenarios
    Standalone Deployment
    Small Deployments
    Small Single-Site Deployment
    Small Multi-Site Deployment
    Large Deployments
    Large Single-Site Deployment
    Large Multi-Site Deployment with One Endpoint Security Mana...
    Large Multi-Site Deployment with Roaming Agents (Without VP...
    Large Multi-Site Deployment with Roaming Agents (With VPN)
    Prerequisites
    Hardware Requirements
    Standalone Endpoint Security Manager Hardware Requirements
    Distributed Endpoint Security Manager Hardware Requirements
    Software Requirements
    ESM Console Software Requirements
    ESM Server Software Requirements
    Database Software Requirements
    Set Up the Traps Infrastructure
    Set Up the Endpoint Infrastructure
    Activate Traps Licenses
    Set Up the Endpoint Security Manager
    Endpoint Infrastructure Installation Considerations
    TLS/SSL Encryption for Traps Components
    Configure the MS-SQL Server Database
    Install the Endpoint Security Manager Server Software
    Install the Endpoint Security Manager Console Software
    Manage Proxy Communication with the Endpoint Security Manager
    Load Balance Traffic to ESM Servers
    Install ESM Components Using Windows Msiexec
    Install ESM Components
    Uninstall ESM Components
    Set Up the Endpoints
    Recommended Traps Deployment Process
    Traps Installation Options
    Manage Traps Installation Packages
    Verify Connectivity from the ESM Console
    VDI
    VDI Overview
    Virtualized Applications and Desktops
    VDI Modes
    Set Up Traps in a VDI Environment
    Administer the ESM
    Manage ESM Server Settings
    Manage ESM Console Settings
    Multi-ESM Deployments
    Known Limitations with Multi-ESM Deployments
    What Logic Does the Agent Use When Selecting an ESM Server?
    Manage Multiple ESM Servers
    Traps Licenses
    Add a Traps License Using the ESM Console
    Add a Traps License Using the DB Configuration Tool
    Manage Administrator Access to the ESM Console
    Administrative Roles
    Administrative Privileges
    Administrative Users
    Administrative Authentication
    Configure Administrative Accounts and Authentication
    Configure Administrative Roles
    Configure Administrative Users, Groups, or Organizational U...
    Configure the Authentication Mode
    Change the Ninja-Mode Password
    Export and Import Policy Files
    User-Defined Rules
    Content Updates
    Manage Content Updates
    Monitoring
    Maintain the Endpoints and Traps
    Use the Endpoint Security Manager Dashboard
    Monitor Security Events
    Use the Security Events Dashboard
    Manage Security Events
    View Security Error Log Details
    View the Security Event History on an Endpoint
    Monitor the Endpoints
    View Endpoint Health Details
    View Notifications About Changes in the Agent Status
    View the Rule History of an Endpoint
    View the Service Status History of an Endpoint
    Remove an Endpoint from the Health Page
    Monitor the ESM Servers
    View the Health of the ESM Servers
    View Notifications About the ESM Server
    View the Rule Summary
    Monitor Data Retrieval
    Get Started with Rules
    Endpoint Policy Rule Concepts
    Policy Rule Types
    Policy Enforcement
    Default Protection Policy
    Common Rule Components and Actions
    Conditions
    Define Activation Conditions for a Rule on Windows Endpoint...
    Define Activation Condition for a Rule on Mac Endpoints
    Define Activation Conditions for Linux
    Include or Exclude Endpoints Using Conditions
    Delete or Modify a Rule Condition
    Target Objects
    Manage Endpoint Groups
    Name or Rename a Rule
    Save Rules
    Manage Saved Rules
    Filter Rules
    Disable or Enable All Protection Rules
    Show or Hide the Default Policy Rules
    Wildcards and Variables in Policy Rules
    Wildcards in Policy Rules
    Environment Variables in Policy Rules
    Environment Variable Support for Windows Vista and Later Re...
    Environment Variable Support for Windows XP
    Example: Using Wildcards and Variables in Restriction Rules
    Process Management
    Process Protection Types
    Processes Protected by the Default Policy
    Add a New Protected Process
    Import or Export a Process
    View, Modify, or Delete a Process
    View Processes Currently Protected by Traps
    Malware Protection
    Malware Protection Policy Best Practices
    Malware Protection Flow
    Manage Malware Protection Rules
    Malware Protection Rules
    Configure Child Process Protection
    Configure Anti-Ransomware Protection
    Configure the Gatekeeper Enhancement MPM
    Manage Restriction Rules
    Block Execution from Local Folders
    Define External Media Restrictions
    Manage Global Whitelists
    Add a New Restriction Rule
    Whitelist a Network Folder
    Restriction Rules
    WildFire Integration
    WildFire Integration Concepts
    ESM Forwarding
    Verdicts
    Verdict Caches
    File Type Analysis
    Set Up the ESM to Communicate with WildFire
    Set Up a Private WildFire Cloud
    Configure a WildFire Rule
    Manage Hashes for Files
    View and Search Hashes
    Filter File Hash Records
    File Hash Search Conditions
    Export and Import Hashes
    View a WildFire Report
    View the History of a Verdict
    Override a WildFire Verdict
    Recheck a WildFire Decision
    Report an Incorrect Verdict
    Upload a File to WildFire for Analysis
    Manage Quarantine Settings
    Restore a Quarantined File
    Manage Trusted Signers
    Exploit Protection
    Exploit Protection Rules
    Windows Exploit Protection Modules (EPMs)
    Mac Exploit Protection Modules (EPMs)
    Linux Exploit Protection Modules
    Create an Exploit Protection Rule
    Exclude an Endpoint from an Exploit Protection Rule
    Manage the Endpoints
    Manage Traps Action Rules
    Traps Action Rules
    Add a New Action Rule
    Manage Data Collected by Traps
    Uninstall or Upgrade Traps on the Endpoint
    Manage Agent Settings Rules
    Traps Agent Settings Rules
    Add a New Agent Settings Rule
    Define Event Logging Preferences
    Hide or Restrict Access to the Traps Console
    Define Communication Settings Between the Endpoint and the ESM Server
    Define Heartbeat Settings Between the Agent and the ESM Ser...
    Define Communication Settings Between the Agent and the ESM...
    Collect New Process Information
    Manage Service Protection
    Change the Uninstall Password
    Create a Custom User Alert Message
    Remove an Endpoint from the Health Page
    Install an End-of-Life Traps Agent Version
    Forensics
    Forensics Overview
    Forensics Flow
    Phase 1: Prevention Event Triggered
    Phase 2: Automated Analysis
    Phase 3: Automated Detection
    Phase 4: Collection of Forensic Data
    Forensic Data Types
    Best Practices for Managing Forensic Data
    Manage Forensics Rules and Settings
    Forensics Rules
    Change the Default Forensic Folder
    Change the Forensic Folder Destination Using the ESM Consol...
    Change the Forensic Folder Destination Using the DB Configu...
    Create a Forensics Rule
    Define Memory Dump Preferences
    Define Forensics Collection Preferences
    Retrieve Data About a Security Event
    Agent Query
    Agent Query Flow
    Search Endpoints for a File, Folder, or Registry Key
    View the Results of an Agent Query
    Reports and Logging
    Event Log Types
    Security Events
    Policies - General
    Policies - Rules
    Policies - Process Management
    Policies - Restriction Settings
    Policies - Hash Control
    Monitor - Agent
    Monitor ESM
    Settings - Administration
    Settings - Agent
    Settings - ESM
    Settings - Conditions
    Settings - Licenses
    Settings - Installation Package
    Common Variables Used in Events
    Agent Change Event Variables
    ESM Configuration Change Event Variables
    Policy Change Event Variables
    ESM Server Event Variables
    Security Event Monitoring Variables
    Forward Logs to an External Logging Platform
    Enable Log Forwarding to an External Logging Platform
    Enable Log Forwarding to an External Logging Platform Using...
    CEF Format
    LEEF Format
    Syslog (RFC5424) Format
    Forward Logs to Panorama
    Set Up Secure Communication With Panorama
    Enable Log Forwarding to Panorama
    View ESM Logs and Correlation Events on Panorama
    Forward Logs to Email
    Enable Log Forwarding to Email
    Email Format
    Troubleshooting
    Traps Troubleshooting Resources
    Traps and Endpoint Security Manager Processes
    ESM Tech Support File
    Database (DB) Configuration Tool
    Access the Database Configuration Tool
    Configure Administrative Access to the ESM Console Using th...
    Configure ESM Server Settings Using the DB Configuration To...
    Customizable ESM Server Settings
    Cytool
    Access Cytool
    View the Status of the Agent Using Cytool
    View Processes Currently Protected by Traps Using Cytool
    Manage Protection Settings on the Endpoint Using Cytool
    Enable or Disable Core Process Protection on the Endpoint
    Enable or Disable Registry Protection Settings on the Endpo...
    Enable or Disable Traps File Protection Settings on the End...
    Enable or Disable Service Protection Settings on the Endpoi...
    Use the Security Policy to Manage Service Protection
    Manage Traps Drivers and Services on the Endpoint Using Cytool
    View Traps Startup Components on the Endpoint
    Enable or Disable the Startup of Traps Components on the En...
    View Traps Runtime Components on the Endpoint
    Start or Stop Traps Runtime Components on the Endpoint
    Enable or Disable RPC Services Using Cytool
    View and Compare Security Policies on an Endpoint Using Cyt...
    View Details About an Active Policy
    Compare Policies
    Manage Logging of Traps Components Using Cytool
    Restore a Quarantined File Using Cytool
    View Statistics for a Protected Process Using Cytool
    View Details About the Traps Local Analysis Module Using Cy...
    View Hash Details About a File Using Cytool
    Troubleshoot Traps Issues
    Why can’t I install Traps?
    Why can’t I upgrade or uninstall Traps?
    Why can’t Traps connect to the ESM Server?
    How do I fix a Traps server certificate error?
    Troubleshoot ESM Console Issues
    Why can’t I log in to the ESM Console?
    Why do I get a server error when launching the ESM Console?
    Why do all endpoints appear as disconnected in the ESM Cons...
    • Traps Overview
      • About Traps
        • Malware Protection Overview
        • Exploit Protection Overview
      • Traps Components
        • ESM Console
        • ESM Server
        • Database
        • Endpoints
        • Traps Agent
        • External Logging Platform
        • WildFire
        • Forensic Folder
    • Traps Deployment Scenarios
      • Standalone Deployment
      • Small Deployments
        • Small Single-Site Deployment
        • Small Multi-Site Deployment
      • Large Deployments
        • Large Single-Site Deployment
        • Large Multi-Site Deployment with One Endpoint Security Mana...
        • Large Multi-Site Deployment with Roaming Agents (Without VP...
        • Large Multi-Site Deployment with Roaming Agents (With VPN)
    • Prerequisites
      • Hardware Requirements
        • Standalone Endpoint Security Manager Hardware Requirements
        • Distributed Endpoint Security Manager Hardware Requirements
      • Software Requirements
        • ESM Console Software Requirements
        • ESM Server Software Requirements
        • Database Software Requirements
    • Set Up the Traps Infrastructure
      • Set Up the Endpoint Infrastructure
      • Activate Traps Licenses
      • Set Up the Endpoint Security Manager
        • Endpoint Infrastructure Installation Considerations
        • TLS/SSL Encryption for Traps Components
        • Configure the MS-SQL Server Database
        • Install the Endpoint Security Manager Server Software
        • Install the Endpoint Security Manager Console Software
        • Manage Proxy Communication with the Endpoint Security Manager
        • Load Balance Traffic to ESM Servers
        • Install ESM Components Using Windows Msiexec
          • Install ESM Components
          • Uninstall ESM Components
      • Set Up the Endpoints
        • Recommended Traps Deployment Process
        • Traps Installation Options
        • Manage Traps Installation Packages
        • Verify Connectivity from the ESM Console
    • VDI
      • VDI Overview
        • Virtualized Applications and Desktops
        • VDI Modes
      • Set Up Traps in a VDI Environment
    • Administer the ESM
      • Manage ESM Server Settings
      • Manage ESM Console Settings
      • Multi-ESM Deployments
        • Known Limitations with Multi-ESM Deployments
        • What Logic Does the Agent Use When Selecting an ESM Server?
        • Manage Multiple ESM Servers
      • Traps Licenses
        • Add a Traps License Using the ESM Console
        • Add a Traps License Using the DB Configuration Tool
      • Manage Administrator Access to the ESM Console
        • Administrative Roles
        • Administrative Privileges
        • Administrative Users
        • Administrative Authentication
        • Configure Administrative Accounts and Authentication
          • Configure Administrative Roles
          • Configure Administrative Users, Groups, or Organizational U...
          • Configure the Authentication Mode
          • Change the Ninja-Mode Password
      • Export and Import Policy Files
        • User-Defined Rules
        • Content Updates
          • Manage Content Updates
    • Monitoring
      • Maintain the Endpoints and Traps
      • Use the Endpoint Security Manager Dashboard
      • Monitor Security Events
        • Use the Security Events Dashboard
          • Manage Security Events
          • View Security Error Log Details
        • View the Security Event History on an Endpoint
      • Monitor the Endpoints
        • View Endpoint Health Details
        • View Notifications About Changes in the Agent Status
        • View the Rule History of an Endpoint
        • View the Service Status History of an Endpoint
        • Remove an Endpoint from the Health Page
      • Monitor the ESM Servers
        • View the Health of the ESM Servers
        • View Notifications About the ESM Server
      • View the Rule Summary
      • Monitor Data Retrieval
    • Get Started with Rules
      • Endpoint Policy Rule Concepts
        • Policy Rule Types
        • Policy Enforcement
        • Default Protection Policy
      • Common Rule Components and Actions
        • Conditions
          • Define Activation Conditions for a Rule on Windows Endpoint...
          • Define Activation Condition for a Rule on Mac Endpoints
          • Define Activation Conditions for Linux
          • Include or Exclude Endpoints Using Conditions
          • Delete or Modify a Rule Condition
        • Target Objects
        • Manage Endpoint Groups
        • Name or Rename a Rule
        • Save Rules
        • Manage Saved Rules
        • Filter Rules
        • Disable or Enable All Protection Rules
        • Show or Hide the Default Policy Rules
      • Wildcards and Variables in Policy Rules
        • Wildcards in Policy Rules
        • Environment Variables in Policy Rules
        • Environment Variable Support for Windows Vista and Later Re...
        • Environment Variable Support for Windows XP
        • Example: Using Wildcards and Variables in Restriction Rules
      • Process Management
        • Process Protection Types
        • Processes Protected by the Default Policy
        • Add a New Protected Process
        • Import or Export a Process
        • View, Modify, or Delete a Process
        • View Processes Currently Protected by Traps
    • Malware Protection
      • Malware Protection Policy Best Practices
      • Malware Protection Flow
      • Manage Malware Protection Rules
        • Malware Protection Rules
        • Configure Child Process Protection
        • Configure Anti-Ransomware Protection
        • Configure the Gatekeeper Enhancement MPM
      • Manage Restriction Rules
        • Block Execution from Local Folders
        • Define External Media Restrictions
        • Manage Global Whitelists
        • Add a New Restriction Rule
        • Whitelist a Network Folder
        • Restriction Rules
      • WildFire Integration
        • WildFire Integration Concepts
          • ESM Forwarding
          • Verdicts
          • Verdict Caches
          • File Type Analysis
        • Set Up the ESM to Communicate with WildFire
        • Set Up a Private WildFire Cloud
        • Configure a WildFire Rule
      • Manage Hashes for Files
        • View and Search Hashes
          • Filter File Hash Records
          • File Hash Search Conditions
        • Export and Import Hashes
        • View a WildFire Report
        • View the History of a Verdict
        • Override a WildFire Verdict
        • Recheck a WildFire Decision
        • Report an Incorrect Verdict
        • Upload a File to WildFire for Analysis
        • Manage Quarantine Settings
        • Restore a Quarantined File
      • Manage Trusted Signers
    • Exploit Protection
      • Exploit Protection Rules
      • Windows Exploit Protection Modules (EPMs)
      • Mac Exploit Protection Modules (EPMs)
      • Linux Exploit Protection Modules
      • Create an Exploit Protection Rule
      • Exclude an Endpoint from an Exploit Protection Rule
    • Manage the Endpoints
      • Manage Traps Action Rules
        • Traps Action Rules
        • Add a New Action Rule
        • Manage Data Collected by Traps
        • Uninstall or Upgrade Traps on the Endpoint
      • Manage Agent Settings Rules
        • Traps Agent Settings Rules
        • Add a New Agent Settings Rule
        • Define Event Logging Preferences
        • Hide or Restrict Access to the Traps Console
        • Define Communication Settings Between the Endpoint and the ESM Server
          • Define Heartbeat Settings Between the Agent and the ESM Ser...
          • Define Communication Settings Between the Agent and the ESM...
        • Collect New Process Information
        • Manage Service Protection
        • Change the Uninstall Password
        • Create a Custom User Alert Message
      • Remove an Endpoint from the Health Page
      • Install an End-of-Life Traps Agent Version
    • Forensics
      • Forensics Overview
        • Forensics Flow
          • Phase 1: Prevention Event Triggered
          • Phase 2: Automated Analysis
          • Phase 3: Automated Detection
          • Phase 4: Collection of Forensic Data
        • Forensic Data Types
      • Best Practices for Managing Forensic Data
      • Manage Forensics Rules and Settings
        • Forensics Rules
        • Change the Default Forensic Folder
          • Change the Forensic Folder Destination Using the ESM Consol...
          • Change the Forensic Folder Destination Using the DB Configu...
        • Create a Forensics Rule
        • Define Memory Dump Preferences
        • Define Forensics Collection Preferences
        • Retrieve Data About a Security Event
      • Agent Query
        • Agent Query Flow
        • Search Endpoints for a File, Folder, or Registry Key
        • View the Results of an Agent Query
    • Reports and Logging
      • Event Log Types
        • Security Events
        • Policies - General
        • Policies - Rules
        • Policies - Process Management
        • Policies - Restriction Settings
        • Policies - Hash Control
        • Monitor - Agent
        • Monitor ESM
        • Settings - Administration
        • Settings - Agent
        • Settings - ESM
        • Settings - Conditions
        • Settings - Licenses
        • Settings - Installation Package
      • Common Variables Used in Events
        • Agent Change Event Variables
        • ESM Configuration Change Event Variables
        • Policy Change Event Variables
        • ESM Server Event Variables
        • Security Event Monitoring Variables
      • Forward Logs to an External Logging Platform
        • Enable Log Forwarding to an External Logging Platform
        • Enable Log Forwarding to an External Logging Platform Using...
        • CEF Format
        • LEEF Format
        • Syslog (RFC5424) Format
      • Forward Logs to Panorama
        • Set Up Secure Communication With Panorama
        • Enable Log Forwarding to Panorama
        • View ESM Logs and Correlation Events on Panorama
      • Forward Logs to Email
        • Enable Log Forwarding to Email
        • Email Format
    • Troubleshooting
      • Traps Troubleshooting Resources
      • Traps and Endpoint Security Manager Processes
      • ESM Tech Support File
      • Database (DB) Configuration Tool
        • Access the Database Configuration Tool
        • Configure Administrative Access to the ESM Console Using th...
        • Configure ESM Server Settings Using the DB Configuration To...
        • Customizable ESM Server Settings
      • Cytool
        • Access Cytool
        • View the Status of the Agent Using Cytool
        • View Processes Currently Protected by Traps Using Cytool
        • Manage Protection Settings on the Endpoint Using Cytool
          • Enable or Disable Core Process Protection on the Endpoint
          • Enable or Disable Registry Protection Settings on the Endpo...
          • Enable or Disable Traps File Protection Settings on the End...
          • Enable or Disable Service Protection Settings on the Endpoi...
          • Use the Security Policy to Manage Service Protection
        • Manage Traps Drivers and Services on the Endpoint Using Cytool
          • View Traps Startup Components on the Endpoint
          • Enable or Disable the Startup of Traps Components on the En...
          • View Traps Runtime Components on the Endpoint
          • Start or Stop Traps Runtime Components on the Endpoint
          • Enable or Disable RPC Services Using Cytool
        • View and Compare Security Policies on an Endpoint Using Cyt...
          • View Details About an Active Policy
          • Compare Policies
        • Manage Logging of Traps Components Using Cytool
        • Restore a Quarantined File Using Cytool
        • View Statistics for a Protected Process Using Cytool
        • View Details About the Traps Local Analysis Module Using Cy...
        • View Hash Details About a File Using Cytool
      • Troubleshoot Traps Issues
        • Why can’t I install Traps?
        • Why can’t I upgrade or uninstall Traps?
        • Why can’t Traps connect to the ESM Server?
        • How do I fix a Traps server certificate error?
      • Troubleshoot ESM Console Issues
        • Why can’t I log in to the ESM Console?
        • Why do I get a server error when launching the ESM Console?
        • Why do all endpoints appear as disconnected in the ESM Cons...

    Document:Traps Endpoint Security Manager Administrator's Guide


    Manage Multiple ESM Servers

    Download PDF
    Last Updated:
    Wed Sep 30 09:32:21 PDT 2020
    Current Version:
    4.2 (EoS)
    • Version 4.2 (EoS)

    Table of Contents


    Search the Table of Contents
    Traps Overview
    About Traps
    Malware Protection Overview
    Exploit Protection Overview
    Traps Components
    ESM Console
    ESM Server
    Database
    Endpoints
    Traps Agent
    External Logging Platform
    WildFire
    Forensic Folder
    Traps Deployment Scenarios
    Standalone Deployment
    Small Deployments
    Small Single-Site Deployment
    Small Multi-Site Deployment
    Large Deployments
    Large Single-Site Deployment
    Large Multi-Site Deployment with One Endpoint Security Mana...
    Large Multi-Site Deployment with Roaming Agents (Without VP...
    Large Multi-Site Deployment with Roaming Agents (With VPN)
    Prerequisites
    Hardware Requirements
    Standalone Endpoint Security Manager Hardware Requirements
    Distributed Endpoint Security Manager Hardware Requirements
    Software Requirements
    ESM Console Software Requirements
    ESM Server Software Requirements
    Database Software Requirements
    Set Up the Traps Infrastructure
    Set Up the Endpoint Infrastructure
    Activate Traps Licenses
    Set Up the Endpoint Security Manager
    Endpoint Infrastructure Installation Considerations
    TLS/SSL Encryption for Traps Components
    Configure the MS-SQL Server Database
    Install the Endpoint Security Manager Server Software
    Install the Endpoint Security Manager Console Software
    Manage Proxy Communication with the Endpoint Security Manager
    Load Balance Traffic to ESM Servers
    Install ESM Components Using Windows Msiexec
    Install ESM Components
    Uninstall ESM Components
    Set Up the Endpoints
    Recommended Traps Deployment Process
    Traps Installation Options
    Manage Traps Installation Packages
    Verify Connectivity from the ESM Console
    VDI
    VDI Overview
    Virtualized Applications and Desktops
    VDI Modes
    Set Up Traps in a VDI Environment
    Administer the ESM
    Manage ESM Server Settings
    Manage ESM Console Settings
    Multi-ESM Deployments
    Known Limitations with Multi-ESM Deployments
    What Logic Does the Agent Use When Selecting an ESM Server?
    Manage Multiple ESM Servers
    Traps Licenses
    Add a Traps License Using the ESM Console
    Add a Traps License Using the DB Configuration Tool
    Manage Administrator Access to the ESM Console
    Administrative Roles
    Administrative Privileges
    Administrative Users
    Administrative Authentication
    Configure Administrative Accounts and Authentication
    Configure Administrative Roles
    Configure Administrative Users, Groups, or Organizational U...
    Configure the Authentication Mode
    Change the Ninja-Mode Password
    Export and Import Policy Files
    User-Defined Rules
    Content Updates
    Manage Content Updates
    Monitoring
    Maintain the Endpoints and Traps
    Use the Endpoint Security Manager Dashboard
    Monitor Security Events
    Use the Security Events Dashboard
    Manage Security Events
    View Security Error Log Details
    View the Security Event History on an Endpoint
    Monitor the Endpoints
    View Endpoint Health Details
    View Notifications About Changes in the Agent Status
    View the Rule History of an Endpoint
    View the Service Status History of an Endpoint
    Remove an Endpoint from the Health Page
    Monitor the ESM Servers
    View the Health of the ESM Servers
    View Notifications About the ESM Server
    View the Rule Summary
    Monitor Data Retrieval
    Get Started with Rules
    Endpoint Policy Rule Concepts
    Policy Rule Types
    Policy Enforcement
    Default Protection Policy
    Common Rule Components and Actions
    Conditions
    Define Activation Conditions for a Rule on Windows Endpoint...
    Define Activation Condition for a Rule on Mac Endpoints
    Define Activation Conditions for Linux
    Include or Exclude Endpoints Using Conditions
    Delete or Modify a Rule Condition
    Target Objects
    Manage Endpoint Groups
    Name or Rename a Rule
    Save Rules
    Manage Saved Rules
    Filter Rules
    Disable or Enable All Protection Rules
    Show or Hide the Default Policy Rules
    Wildcards and Variables in Policy Rules
    Wildcards in Policy Rules
    Environment Variables in Policy Rules
    Environment Variable Support for Windows Vista and Later Re...
    Environment Variable Support for Windows XP
    Example: Using Wildcards and Variables in Restriction Rules
    Process Management
    Process Protection Types
    Processes Protected by the Default Policy
    Add a New Protected Process
    Import or Export a Process
    View, Modify, or Delete a Process
    View Processes Currently Protected by Traps
    Malware Protection
    Malware Protection Policy Best Practices
    Malware Protection Flow
    Manage Malware Protection Rules
    Malware Protection Rules
    Configure Child Process Protection
    Configure Anti-Ransomware Protection
    Configure the Gatekeeper Enhancement MPM
    Manage Restriction Rules
    Block Execution from Local Folders
    Define External Media Restrictions
    Manage Global Whitelists
    Add a New Restriction Rule
    Whitelist a Network Folder
    Restriction Rules
    WildFire Integration
    WildFire Integration Concepts
    ESM Forwarding
    Verdicts
    Verdict Caches
    File Type Analysis
    Set Up the ESM to Communicate with WildFire
    Set Up a Private WildFire Cloud
    Configure a WildFire Rule
    Manage Hashes for Files
    View and Search Hashes
    Filter File Hash Records
    File Hash Search Conditions
    Export and Import Hashes
    View a WildFire Report
    View the History of a Verdict
    Override a WildFire Verdict
    Recheck a WildFire Decision
    Report an Incorrect Verdict
    Upload a File to WildFire for Analysis
    Manage Quarantine Settings
    Restore a Quarantined File
    Manage Trusted Signers
    Exploit Protection
    Exploit Protection Rules
    Windows Exploit Protection Modules (EPMs)
    Mac Exploit Protection Modules (EPMs)
    Linux Exploit Protection Modules
    Create an Exploit Protection Rule
    Exclude an Endpoint from an Exploit Protection Rule
    Manage the Endpoints
    Manage Traps Action Rules
    Traps Action Rules
    Add a New Action Rule
    Manage Data Collected by Traps
    Uninstall or Upgrade Traps on the Endpoint
    Manage Agent Settings Rules
    Traps Agent Settings Rules
    Add a New Agent Settings Rule
    Define Event Logging Preferences
    Hide or Restrict Access to the Traps Console
    Define Communication Settings Between the Endpoint and the ESM Server
    Define Heartbeat Settings Between the Agent and the ESM Ser...
    Define Communication Settings Between the Agent and the ESM...
    Collect New Process Information
    Manage Service Protection
    Change the Uninstall Password
    Create a Custom User Alert Message
    Remove an Endpoint from the Health Page
    Install an End-of-Life Traps Agent Version
    Forensics
    Forensics Overview
    Forensics Flow
    Phase 1: Prevention Event Triggered
    Phase 2: Automated Analysis
    Phase 3: Automated Detection
    Phase 4: Collection of Forensic Data
    Forensic Data Types
    Best Practices for Managing Forensic Data
    Manage Forensics Rules and Settings
    Forensics Rules
    Change the Default Forensic Folder
    Change the Forensic Folder Destination Using the ESM Consol...
    Change the Forensic Folder Destination Using the DB Configu...
    Create a Forensics Rule