The Traps agent protects the endpoint by enforcing your
organization’s security policy as defined in the Endpoint Security
Manager. Depending on the configuration, Traps can protect against
attempts to exploit software vulnerabilities and bugs and can prevent
malicious executable files from running on your endpoints.
When a security event occurs on an endpoint, Traps collects forensic
information about that event and, optionally, can also notify the
user about the event and even display a custom notification message.
On a regular basis, Traps communicates the status of the endpoint
and transmits data related to any security events to the Endpoint
Security Manager. The following table describes the types of messages
that the Traps agent sends to the ESM Server:
The Traps agent periodically sends messages
to the ESM Server to indicate that it is operational and to request
the latest security policy. The Notifications and Health pages in
the Endpoint Security Manager display the status for each endpoint.
The duration between messages, known as the heartbeat period, is
The Traps agent sends notification messages
about changes in the agent, such as when a service starts or stops,
to the ESM Server. The server logs these notifications in the database
and you can view the notifications in the ESM Console.
An end user can request an immediate policy
update by clicking
Check In Now
on the Traps
Console. This causes the Traps agent to request the latest security
policy from the ESM Server without waiting for the end of the heartbeat
If a prevention event occurs on an endpoint
where the Traps agent is installed, the Traps agent reports all
of event-related information to the ESM Server in real-time.
Traps also provides a user interface that you can use to view
the protection status on the endpoint, security event history, running
processes, and current security policy rules. Usually, a user will
not need to run the Traps Console but the information can be useful
when investigating a security-related event. If needed, you can
choose to hide the console icon that launches the console or prevent
users from launching the console from an endpoint altogether. If
you provide access to the Traps Console, you can access it from
the notification area (system tray) on an endpoint.