Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Traps Agent
The Traps agent protects the endpoint by enforcing your
organization’s security policy as defined in the Endpoint Security
Manager. Depending on the configuration, Traps can protect against
attempts to exploit software vulnerabilities and bugs and can prevent
malicious executable files from running on your endpoints.
When a security event occurs on an endpoint, Traps collects forensic
information about that event and, optionally, can also notify the
user about the event and even display a custom notification message.
On a regular basis, Traps communicates the status of the endpoint
and transmits data related to any security events to the Endpoint
Security Manager. The following table describes the types of messages
that the Traps agent sends to the ESM Server:
Message Type | Description |
|---|---|
Traps status | The Traps agent periodically sends messages
to the ESM Server to indicate that it is operational and to request
the latest security policy. The Notifications and Health pages in
the Endpoint Security Manager display the status for each endpoint.
The duration between messages, known as the heartbeat period, is
configurable. |
Notifications | The Traps agent sends notification messages
about changes in the agent, such as when a service starts or stops,
to the ESM Server. The server logs these notifications in the database
and you can view the notifications in the ESM Console. |
Updates | An end user can request an immediate policy
update by clicking Check In Now on the Traps
Console. This causes the Traps agent to request the latest security
policy from the ESM Server without waiting for the end of the heartbeat
period. |
Prevention reports | If a prevention event occurs on an endpoint
where the Traps agent is installed, the Traps agent reports all
of event-related information to the ESM Server in real-time. |
Traps also provides a user interface that you can use to view
the protection status on the endpoint, security event history, running
processes, and current security policy rules. Usually, a user will
not need to run the Traps Console but the information can be useful
when investigating a security-related event. If needed, you can
choose to hide the console icon that launches the console or prevent
users from launching the console from an endpoint altogether. If
you provide access to the Traps Console, you can access it from
the notification area (system tray) on an endpoint.