Agent tampering protection allows you to protect
the Traps agents running on your endpoints. For flexible, granular
control over agent tampering protection, you can configure agent
tampering protection for individual Traps components including Traps
services, processes, registry keys, and files.
Traps restricts access to the agent components so that they cannot be
modified, stopped, or tampered with in any way.
Create a new agent settings rule.
Agent Tampering Protection
then enable one or more of the options:
Enable Services protection
services including Traps, Traps Local Analysis Service, and Traps
Enable Processes protection
services such as Cyserver.exe, CyveraConsole.exe, CyveraService.exe,
Enable Files protection
system files stored in
%Program Files%\Palo Alto Networks\Traps
Documents and Settings\All Users\Application Data\Cyvera on Windows
Enable Registry Values protection
all Traps registry values stored in
Add Conditions to
the rule. By default, a new rule does not contain any conditions.
To specify a condition, select the
select the condition in the Conditions list, and then
to the Selected Conditions list. Repeat this step to add more conditions,
as needed. You can also define new Conditions.
To define a smaller subset of target objects, select the
and then enter one or more
in the Include or Exclude areas.
The Endpoint Security Manager queries Active Directory to verify
the users, computers, groups, or organizational units. The ESM Console
also offers autocompletion as you type for existing endpoints and
existing virtual groups.
Review the rule name and description. The ESM Console automatically
generates the rule name and description based on the rule details
but permits you to change these fields, if needed.
To override the autogenerated name, select the
Activate automatic description
and then enter a rule name and description of your choice.
Save the agent settings rule.
Do either of the following:
rule without activating it. This option is only available for inactive,
cloned, or new rules. When you are ready to activate the rule, select
the rule from the
and then click
the rule to activate it immediately.
saving or applying a rule, you can return to the