Features Introduced in Traps Endpoint Security Manager
Table of Contents
4.2 (EoS)
Expand all | Collapse all
Features Introduced in Traps Endpoint Security Manager
The following topics describe the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2. For additional
information on how to use the new features in this release, refer
to the Traps Endpoint Security Manager
Administrator’s Guide.
Features Introduced in 4.2.8
There are no new features introduced in Traps Endpoint
Security Manager (ESM) and Traps 4.2.8.
Features Introduced in 4.2.7
Feature | Description |
|---|---|
| Proxy Support for Migration to Cortex XDR | When you upgrade the Traps agent using an action rule, you can now specify any proxy servers (either FQDN or IP address) through which the Cortex XDR agent must connect to communicate. The new Proxy List option is supported when upgrading from Traps agent 4.2.7 to an agent version supported by Cortex XDR. For each proxy server, use the format <proxyserverIPaddress>:<port>and separate multiple entries with commas. |
Features Introduced in 4.2.5-h1/4.2.6-h1
There are no new features introduced in Traps Endpoint
Security Manager (ESM) and Traps 4.2.5-h1/4.2.6-h1.
Features Introduced in 4.2.6
Feature | Description |
|---|---|
| Windows 10 Support | You can now install Traps on Windows 10 1909. For
complete compatibility information, see Palo Alto Networks Compatibility
Matrix. |
| Windows Server 2019 Support | You can now install the Endpoint Security Manager
and Traps on and Windows Server 2019. For complete compatibility
information, see Palo Alto Networks Compatibility
Matrix. |
| macOS 10.15 Support | You can now install Traps on macOS 10.15. To
use Traps on macOS 10.15, you must install the ESM and Traps versions
before upgrading the operating system:
If
you upgraded the operating system or Traps agent in a different
order, you must uninstall and reinstall the Traps agent on the endpoint
either using a third-party deployment tool such as JAMF or manually. For
complete compatibility information, see Palo Alto Networks Compatibility
Matrix. |
Features Introduced in 4.2.5
There are no new features introduced in Traps Endpoint
Security Manager (ESM) and Traps 4.2.5
Features Introduced in 4.2.4
The following table describes the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2.4.
Feature | Description |
|---|---|
| Search Operator Enhancement | You can now use the Starts with operator
to return matches that begin with a specific string value. You can
use the new Starts with operator to narrow
results for SHA256 hashes, endpoint host names, and file names. |
Features Introduced in 4.2.3
The following table describes the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2.3.
Feature | Description |
|---|---|
| Email Forwarding to Multiple Recipients | When you configure log forwarding to an
email, you can now specify more than one recipient. Use a
semicolon to separate email addresses (for example, name1@mail.com;name2@mail.com). |
| ESM Installation Notification | To avoid data and integrity loss and ensure a successful upgrade, the ESM installer now reminds you to view upgrade considerations before continuing with an upgrade to the new ESM version. |
Features Introduced in 4.2.2
The following table describes the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2.2.
Feature | Description |
|---|---|
| Pardus Support | You can now install Traps on the Turkish-localized
Linux distribution Pardus in release 17.3 (64-bit). For complete
compatibility information, see Palo Alto Networks Compatibility
Matrix. |
Features Introduced in 4.2.1-h3
The following table describes the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2.1-h3.
Feature | Description |
|---|---|
| macOS 10.14 Support | You can now install Traps on macOS 10.14. To
use Traps on macOS 10.14, you must install the ESM and Traps versions
before upgrading the operating system:
If
you upgraded the operating system or Traps agent in a different
order, you must uninstall and reinstall the Traps agent on the endpoint
either using a third-party deployment tool such as JAMF or manually. For
complete compatibility information, see Palo Alto Networks Compatibility
Matrix. |
Features Introduced in 4.2.1
The following table describes the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2.1.
Feature | Description |
|---|---|
| Server Certificate Monitoring | To monitor when your server certificate
expires, you can now enable log forwarding to an external syslog receiver
or email for Server Certificate Expiration events.
The ESM Server and ESM Console both check the expiration status
of the certificate and begin logging events a week before expiration. The
ESM Server and ESM Console continue to log events until you update
or replace the certificate. This enables you to monitor and preemptively
resolve expired certificate errors thus preventing Traps agents
from entering or remaining in a disconnected state for a prolonged
period of time. |
| Amazon Linux 2 Support | You can now install Traps on Amazon Linux
2. For complete compatibility information, see Palo Alto Networks Compatibility
Matrix. |
| Always On Support for SQL Server 2017 | The Endpoint Security Manager now supports
Always On with SQL Server 2017. |
Features Introduced in 4.2.0
The following table describes the new features introduced
in Traps Endpoint Security Manager (ESM) and Traps 4.2.0.
Feature | Description |
|---|---|
| Linux Support | You can now manage endpoint security policy
for Linux servers in the ESM Console. Traps for Linux extends exploit
protection using the following exploit protection modules: Brute
Force Protection, ROP Mitigation, Shellcode Protection, and Kernel
Privilege Escalation Protection. To monitor the Linux servers in your
organization, you can view security events that occur on your Linux
endpoints in the ESM Console. Traps for Linux is supported
on Linux distributions as listed in the Palo Alto Networks Compatibility
Matrix. |
| Trusted Signer Management | For Windows and Mac endpoints, you can now
add a signer to the trusted signer whitelist in the ESM Console.
When a file is signed by a trusted signer, Traps permits the file
to run. For Windows endpoints, Traps evaluates any trusted signers
you add as highly trusted signers in the malware evaluation flow. |
| Virtual Groups | To enable you to easily apply policy, agent
action, and agent settings rules to groups of endpoints, you can
now define virtual groups in the ESM Console. Virtual groups enable
you to group endpoints based on static characteristics such as hostname
or unique ID or dynamic characteristics such as domain, IP address,
range, or subnet. You can also add existing groups to a static virtual
group to create a nested virtual group of endpoints. In addition,
you can also search agent log pages by virtual group. |
| Granular Child Process Evaluation | You can now configure more
granular settings to define which processes are permitted to run
child processes on your endpoints. When you configure the child
process malware protection module, you can allow specific parent
processes to launch child processes and optionally configure additional
execution criteria such as command-line arguments. This can be helpful
if your organization uses applications in a way where Traps could
identify them as malicious when they are actually used for legitimate
purposes. For example, if you need to run script engines from an
intranet website running Internet Explorer, you can whitelist the
specific use while still protecting Internet Explorer from malicious
script engines. |
| Traps Support for Windows Server 2008 with .NET 4.5 | You can now install Traps on Windows Server
2008 with .NET 4.5. |