Monitor - Agent
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Monitor - Agent
The following table displays the agent logs you can
forward to an external logging platform or email.
Event Name | Description |
|---|---|
Agent Access Violation | An agent reported an access violation.
|
Agent Service Start | The agent service was started on the endpoint.
|
Agent Service Stopped | The agent service was stopped on the endpoint.
|
Agent Shutdown | The endpoint was shut down.
|
Agent Service Start Failed | The agent service failed to start on the
endpoint.
|
Agent Service Warning | The agent service reported a warning.
|
Process Crash | A process has crashed on the endpoint.
|
Agent Process Injection Timeout | The agent exceeded the permissible amount
of time to inject into a process.
|
Agent Reporting Service Start Failed | The agent reporting service failed to start.
|
Agent File Upload Failed | The agent failed to upload a file.
|
Agent Installed to System | Traps was installed on an endpoint.
|
Agent Uninstalled from System | Traps was uninstalled from an endpoint.
|
Agent Upgraded | Traps was upgraded on an endpoint.
|
Agent Status Change | The agent status has changed.
|
Agent Policy Change | The agent policy has changed.
|
Local Analysis Feature Extraction Failed | The file that local analysis tried to examine
was corrupt and could not be examined using local analysis. When
this occurs, Traps identifies the file as malware until it receives
a verdict (either from WildFire or the administrative hash control
policy). |
Local Analysis Model Unavailable | The local analysis model was missing on
the endpoint and was therefore disabled. |
Local Analysis Module Succeeded | The local analysis model successfully analyzed
an unknown executable file and issued a verdict.
|
Local Analysis Module Failed | The local analysis model failed to analyze
an unknown executable file and issue a verdict.
|
Trusted Signer Changed | The local decision of a trusted signer on
the agent has changed. This can be due a change in the local certificate
store on the endpoint, a content update containing changes to the
trusted signer list, or a manual update to the trusted signers list.
|
Agent Content Update | The agent received a new content update
version.
|
Quarantine Quota Exceeded | The storage quota for quarantined files
on the endpoint has been exceeded.
|
Agent Authentication Failed | The agent failed to authenticate
with the ESM Server.
|
Agent Policy Update Failed | The agent failed to update
the local policy.
|
Agent Registration Conflict | An agent that has already registered
with the ESM Server has tried to re-register but lacks valid authentication
identification. This could indicate:
Formats:
|
ESM Cert Validation Warning | The agent could not authenticate
with the ESM Server using the provided client certificate.
|
Agent Migrated to Cloud | Future use |