The Traps agent protects the endpoint by enforcing your organization’s security policy as defined in the Endpoint Security Manager. Depending on the configuration, Traps can protect against attempts to exploit software vulnerabilities and bugs and can prevent malicious executable files from running on your endpoints.
When a security event occurs on an endpoint, Traps collects forensic information about that event and, optionally, can also notify the user about the event and even display a custom notification message. On a regular basis, Traps communicates the status of the endpoint and transmits data related to any security events to the Endpoint Security Manager. The following table describes the types of messages that the Traps agent sends to the ESM Server:
The Traps agent periodically sends messages to the ESM Server to indicate that it is operational and to request the latest security policy. The Notifications and Health pages in the Endpoint Security Manager display the status for each endpoint. The duration between messages, known as the heartbeat period, is configurable.
The Traps agent sends notification messages about changes in the agent, such as when a service starts or stops, to the ESM Server. The server logs these notifications in the database and you can view the notifications in the ESM Console.
An end user can request an immediate policy update by clicking Check In Now on the Traps Console. This causes the Traps agent to request the latest security policy from the ESM Server without waiting for the end of the heartbeat period.
If a prevention event occurs on an endpoint where the Traps agent is installed, the Traps agent reports all of event-related information to the ESM Server in real-time.
Traps also provides a user interface that you can use to view the protection status on the endpoint, security event history, running processes, and current security policy rules. Usually, a user will not need to run the Traps Console but the information can be useful when investigating a security-related event. If needed, you can choose to hide the console icon that launches the console or prevent users from launching the console from an endpoint altogether. If you provide access to the Traps Console, you can access it from the notification area (system tray) on an endpoint.
Traps Agent 4.2 for Mac
Traps Agent 4.2 for Mac The Traps agent protects Mac endpoints by preventing known and unknown malware from running and halting attempts to leverage software ...
Traps Agent 4.2 for Linux
Traps Agent 4.2 for Linux The Traps agent protects Linux servers by preventing attackers from leveraging software exploits or vulnerabilities to compromise an endpoint. The ...
Traps and Endpoint Security Manager Processes
Traps and Endpoint Security Manager Processes The following processes are initiated by Traps and the Endpoint Security Manager (ESM). Component Process Name Description ESM ESM ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...
Use the Traps Agent for Windows
Use the Traps console to view the agent status, initiate a connection to the server, view and send logs, view security events that occurred on ...
Hide or Restrict Access to the Traps Console
Hide or Restrict Access to the Traps Console By default, a user can access the Traps Console to view information about the current status of ...
Traps Agent 4.2 for Windows
To uninstall, use, and upgrade the Traps agent 4.2 on Windows endpoints, see the references in this topic. ...
Install the Traps Agent for Windows
Use the following workflows to install the Traps agent 4.2 on Windows endpoints. This topic provides options to use the MSI, Msiexec, and how to ...
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2. For ...