Phase 1: Prevention Event Triggered
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Phase 1: Prevention Event Triggered
When an attacker attempts to exploit a software vulnerability,
the Traps protection modules spring into action to halt malicious
process behavior and ultimately block the attack. For example, consider
the case where a file tries to access crucial DLL metadata from
untrusted code locations. If the DLL Security module is enabled
to protect processes in your organization, Traps immediately halts
the process attempting to access the DLL metadata. Traps records
the event in its event log and notifies the user about the security
event. If configured, Traps displays a customized notification message
(for more information, see Create a Custom User Alert Message).
After successfully halting an exploit attempt, Traps collects
and analyzes data related to the event as described in Phase 2: Automated Analysis.