Features Introduced in Traps Endpoint Security Manager

The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2. For additional information on how to use the new features in this release, refer to the Traps Endpoint Security Manager Administrator’s Guide.

Features Introduced in 4.2.4

The following table describes the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2.4.
Feature
Description
Search Operator Enhancement
You can now use the Starts with operator to return matches that begin with a specific string value. You can use the new Starts with operator to narrow results for SHA256 hashes, endpoint host names, and file names.

Features Introduced in 4.2.3

The following table describes the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2.3.
Feature
Description
Email Forwarding to Multiple Recipients
When you configure log forwarding to an email, you can now specify more than one recipient. Use a semicolon to separate email addresses (for example, name1@mail.com;name2@mail.com).
ESM Installation NotificationTo avoid data and integrity loss and ensure a successful upgrade, the ESM installer now reminds you to view upgrade considerations before continuing with an upgrade to the new ESM version.

Features Introduced in 4.2.2

The following table describes the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2.2.
Feature
Description
Pardus Support
You can now install Traps on the Turkish-localized Linux distribution Pardus in release 17.3 (64-bit).
For complete compatibility information, see Palo Alto Networks Compatibility Matrix.

Features Introduced in 4.2.1-h3

The following table describes the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2.1-h3.
Feature
Description
macOS 10.14 Support
You can now install Traps on macOS 10.14.
To use Traps on macOS 10.14, you must install the ESM and Traps versions before upgrading the operating system:
  1. Upgrade the ESM to 4.2.1-h2. For additional information, see ESM 4.2 Upgrade Considerations.
  2. Upgrade the Traps agent to Traps 4.2.1-h3 using one-time action rules or the deployment method of your choice.
  3. Upgrade the Mac endpoint to macOS 10.14.
If you upgraded the operating system or Traps agent in a different order, you must uninstall and reinstall the Traps agent on the endpoint either using a third-party deployment tool such as JAMF or manually.
For complete compatibility information, see Palo Alto Networks Compatibility Matrix.

Features Introduced in 4.2.1

The following table describes the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2.1.
Feature
Description
Server Certificate Monitoring
To monitor when your server certificate expires, you can now enable log forwarding to an external syslog receiver or email for Server Certificate Expiration events. The ESM Server and ESM Console both check the expiration status of the certificate and begin logging events a week before expiration. The ESM Server and ESM Console continue to log events until you update or replace the certificate. This enables you to monitor and preemptively resolve expired certificate errors thus preventing Traps agents from entering or remaining in a disconnected state for a prolonged period of time.
Amazon Linux 2 Support
You can now install Traps on Amazon Linux 2. For complete compatibility information, see Palo Alto Networks Compatibility Matrix.
Always On Support for SQL Server 2017
The Endpoint Security Manager now supports Always On with SQL Server 2017.

Features Introduced in 4.2.0

The following table describes the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2.0.
Feature
Description
Linux Support
You can now manage endpoint security policy for Linux servers in the ESM Console. Traps for Linux extends exploit protection using the following exploit protection modules: Brute Force Protection, ROP Mitigation, Shellcode Protection, and Kernel Privilege Escalation Protection. To monitor the Linux servers in your organization, you can view security events that occur on your Linux endpoints in the ESM Console.
Traps for Linux is supported on Linux distributions as listed in the Palo Alto Networks Compatibility Matrix.
Trusted Signer Management
For Windows and Mac endpoints, you can now add a signer to the trusted signer whitelist in the ESM Console. When a file is signed by a trusted signer, Traps permits the file to run. For Windows endpoints, Traps evaluates any trusted signers you add as highly trusted signers in the malware evaluation flow.
Virtual Groups
To enable you to easily apply policy, agent action, and agent settings rules to groups of endpoints, you can now define virtual groups in the ESM Console. Virtual groups enable you to group endpoints based on static characteristics such as hostname or unique ID or dynamic characteristics such as domain, IP address, range, or subnet. You can also add existing groups to a static virtual group to create a nested virtual group of endpoints.
In addition, you can also search agent log pages by virtual group.
Granular Child Process Evaluation
You can now configure more granular settings to define which processes are permitted to run child processes on your endpoints. When you configure the child process malware protection module, you can allow specific parent processes to launch child processes and optionally configure additional execution criteria such as command-line arguments. This can be helpful if your organization uses applications in a way where Traps could identify them as malicious when they are actually used for legitimate purposes. For example, if you need to run script engines from an intranet website running Internet Explorer, you can whitelist the specific use while still protecting Internet Explorer from malicious script engines.
Traps Support for Windows Server 2008 with .NET 4.5
You can now install Traps on Windows Server 2008 with .NET 4.5.

Related Documentation