Monitor - Agent

The following table displays the agent logs you can forward to an external logging platform or email.
Event Name
Description
Agent Access Violation
An agent reported an access violation.
Agent Heartbeat
A heartbeat was received from the agent.
Agent Service Start
The agent service was started on the endpoint.
Agent Service Stopped
The agent service was stopped on the endpoint.
Agent Shutdown
The endpoint was shut down.
Agent Service Start Failed
The agent service failed to start on the endpoint.
Agent Service Warning
The agent service reported a warning.
Process Crash
A process has crashed on the endpoint.
Agent Process Injection Timeout
The agent exceeded the permissible amount of time to inject into a process.
Agent Reporting Service Start Failed
The agent reporting service failed to start.
Agent File Upload Failed
The agent failed to upload a file.
Agent Installed to System
Traps was installed on an endpoint.
Agent Uninstalled from System
Traps was uninstalled from an endpoint.
Agent Upgraded
Traps was upgraded on an endpoint.
Agent Status Change
The agent status has changed.
Agent Policy Change
The agent policy has changed.
Local Analysis Feature Extraction Failed
The file that local analysis tried to examine was corrupt and could not be examined using local analysis. When this occurs, Traps identifies the file as malware until it receives a verdict (either from WildFire or the administrative hash control policy).
Local Analysis Model Unavailable
The local analysis model was missing on the endpoint and was therefore disabled.
Local Analysis Module Succeeded
The local analysis model successfully analyzed an unknown executable file and issued a verdict.
Local Analysis Module Failed
The local analysis model failed to analyze an unknown executable file and issue a verdict.
Trusted Signer Changed
The local decision of a trusted signer on the agent has changed. This can be due a change in the local certificate store on the endpoint, a content update containing changes to the trusted signer list, or a manual update to the trusted signers list.
Agent Content Update
The agent received a new content update version.
Quarantine Quota Exceeded
The storage quota for quarantined files on the endpoint has been exceeded.
Agent Authentication Failed
The agent failed to authenticate with the ESM Server.
Agent Policy Update Failed
The agent failed to update the local policy.
Agent Registration Conflict
An agent that has already registered with the ESM Server has tried to re-register but lacks valid authentication identification. This could indicate:
  • A duplicate machine name exists on the network (for Traps agents running pre-4.0.2 versions). When this occurs, ensure the machine name is unique or upgrade the agent to Traps 4.0.2 or a later release to ensure the agent receives a unique ID.
  • A malicious component is attempting to manipulate the endpoint protection policy. When this occurs, verify the validity of the agent and, if needed, remediate the component.
Formats:
ESM Cert Validation Warning
The agent could not authenticate with the ESM Server using the provided client certificate.
Agent Migrated to Cloud
Future use

Related Documentation