Traps Action Rules

Action rules enable you to perform one-time actions on the Traps agent that runs on each endpoint. For each action rule, you must specify target object(s), condition(s), and one of the following administrative actions to take on each endpoint:
Action Rules
Description
Manage data files that the Traps agent creates
Each endpoint stores prevention and security information that includes historical data, memory dumps, and quarantined files. Using this type of action rule, you can erase or retrieve data files that the Traps agent creates on the endpoint. For more information, see Manage Data Collected by Traps.
Uninstall or upgrade the Traps software
Create an action rule to uninstall or upgrade Traps from the Endpoint Security Manager. To upgrade the Traps software on an endpoint, upload the software zip file to the ESM (ESM) Server and specify the path when configuring the action rule. For more information, see Uninstall or Upgrade Traps on the Endpoint.
Traps does not apply action rules until the Traps agent receives the updated security policy, typically with the next heartbeat communication with the server. To manually retrieve the latest security policy from the ESM Server, select
Check In Now
on the Traps Console.
You can manage action rules on the
Actions
summary and management page (
Settings
Agent
Actions
). Select a rule to display additional information about that rule and other actions that you can take on the rule (
Duplicate
,
Delete
, or
Activate
/
Deactivate
). For more information, see Manage Traps Action Rules.

Related Documentation