Focus

Traps Endpoint Security Manager Administrator's Guide

View Details About an Active Policy

Table of Contents

View Details About an Active Policy

Use the cytool policy query <process> command to view details about policies associated with a specific process on Windows endpoints. Specifying the process name displays details about the intended policy whereas specifying the process ID (PID) displays details about the active policy that is currently applied to the process. The output is helpful when you want to verify that a policy is implemented in the way you intended to configure it.

To view policy details, you must enter the supervisor (uninstall) password when prompted.

Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
To view the active policy for a process, use the following command:
```
C:\Program Files\Palo Alto Networks\Traps>cytool policy query <process>
```
where <process> is either the process name or PID. For example, to view details about a policy for notepad, enter cytool policy query notepad. The following example displays policy details for a process with PID 1234.
```
C:\Program Files\Palo Alto Networks\Traps> cytool policy query 1234
Enter supervisor password:
Generic
Enable 0x00000001
SuspendOnce 0x00000001
AdvancedHooks 0x00000001
[...]
```

View and Compare Security Policies on an Endpoint Using Cyt...

Compare Policies