Process Protection Types
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Process Protection Types
The ESM Console categorizes each process by a Protection
Type:
- Protected—Indicates that the process is actively protected by exploit protection rules that apply to all processes. You can also configure process-specific rules that only apply to select processes.
- Provisional—Indicates that the process is undergoing a test run as a protected process, usually on a small number of endpoints and with a small number of rules. After the test run completes and you make any necessary adjustments to the associated rules, you can change the protection type of the process to Protected.
- Unprotected—A process is categorized as Unprotected when Traps first discovers a new process on an endpoint in your organization. Although your malware protection and WildFire policies automatically protect these processes, you must categorize new processes as Protected or Provisional processes to apply the exploit protection policy.