Change the Forensic Folder Destination Using the ESM Console
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Change the Forensic Folder Destination Using the ESM Console
To allow you to further troubleshoot or analyze
security events, such as a prevention or crash, Traps uploads the
forensic data to a web-based forensic folder. During installation of
the ESM Console, the installer enables the Background Intelligent
Transfer Service (BITS) which utilizes idle network bandwidth to
upload the data to forensic folder.
To analyze a security
event, create an action rule to retrieve the forensic data from
the endpoint (see Manage
Data Collected by Traps). When Traps receives the request
to send the data, it copies the files to the forensic folder (also
referred to in the Endpoint Security Manager as the quarantine folder),
which is a local or network path that you specify during the initial
installation.
You can change the path of the forensic folder
at any time using the Endpoint Security Manager or using the DB
Configuration Tool (see Change
the Forensic Folder Destination Using the DB Configuration Tool).
All endpoints must have write-permission to this folder.
- Select SettingsESMSettings.
- In the Server Configuration area, enter the web-based
URL, in the Forensic Folder URL field to
use BITS to upload forensic data.To encrypt forensic data, we strongly recommend that you use SSL to communicate with the forensic folder. To use SSL, include the fully qualified domain name (FQDN) and specify port 443, for example HTTPS://ESMserver.Domain.local:443/BitsUploads. If you are not using SSL, specify port 80, for example http://ESMSERVER:80/BitsUploads.