Traps Action Rules
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Traps Action Rules
Action rules enable you to perform one-time actions
on the Traps agent that runs on each endpoint. For each action rule,
you must specify target object(s), condition(s), and one of the
following administrative actions to take on each endpoint:
Action Rules | Description |
|---|---|
Manage data files that the Traps agent creates | Each endpoint stores prevention and security
information that includes historical data, memory dumps, and quarantined
files. Using this type of action rule, you can erase or retrieve
data files that the Traps agent creates on the endpoint. For more
information, see Manage Data Collected by Traps. |
Uninstall or upgrade the Traps software | Create an action rule to uninstall or upgrade
Traps from the Endpoint Security Manager. To upgrade the Traps software
on an endpoint, upload the software zip file to the ESM (ESM) Server
and specify the path when configuring the action rule. For more
information, see Uninstall or Upgrade Traps on the Endpoint. |
Traps does not apply action rules until the Traps agent
receives the updated security policy, typically with the next heartbeat
communication with the server. To manually retrieve the latest security
policy from the ESM Server, select Check In Now on
the Traps Console.
You can manage action rules on the Actions summary
and management page (SettingsAgentActions).
Select a rule to display additional information about that rule
and other actions that you can take on the rule (Duplicate, Delete,
or Activate/Deactivate).
For more information, see Manage Traps Action
Rules.