Maintain the Endpoints and Traps
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Maintain the Endpoints and Traps
On a daily or weekly basis, perform the following actions:
- Examine the Dashboard to verify that the Traps agent is active on all endpoints. See Use the Endpoint Security Manager Dashboard.
- Review Security Events reported by Traps. After analyzing a security event, you might want to do any of the following tasks:
- Investigate whether the indicators are related to malicious executable files and then use the Agent Query to search for artifacts on Windows endpoints.
- Disable rules temporarily that interfere with day-to-day work. In cases where a security event does not indicate an attack and is interfering with day-to-day work, you can disable an exploit protection or restriction rule on a specific endpoint. See Exclude an Endpoint from an Exploit Protection Rule.
- Patch, upgrade, or fix a bug in software that indicates erroneous behavior or a security vulnerability. Patching or upgrading third-party applications or fixing bugs in applications that are developed in-house can reduce the number of security events reported to the ESM Console.
- Activate protection for an unprotected application. See View, Modify, or Delete a Process.
- Review post-detection events and take additional action to remediate the endpoint.
- Examine the Monitor pages and investigate reports of crashes and security events.
- If you configured your ESM Console to Collect New Process Information, review unprotected processes and decide whether to enable protection on them. See View, Modify, or Delete a Process.
After a change in the organization or in available Traps software
versions, you can:
- Add a newly-installed application to the list of protected processes. See Add a New Protected Process.
- Install Traps on a new endpoint. See Traps Agent Administrator’s Guide.
- Upgrade the Traps agent version on endpoints. See Uninstall or Upgrade Traps on the Endpoint.
- Allocate additional licenses for Traps agents. See Add a Traps License Using the ESM Console.