Cytool for Windows
To manage Traps functions from the command line on Windows endpoints, use Cytool.
Cytool is a command-line interface (CLI) that is integrated into Traps and enables you to query and manage both basic and advanced functions of Traps. Any changes you make using Cytool are active until Traps receives the next heartbeat communication from the Traps management service.
On Windows endpoints, you can access Cytool using a Microsoft MS-DOS command prompt that you run as an administrator. Cytool is located in the
C:\Program Files\Palo Alto Networks\Trapsfolder on the endpoint.
The following table displays the Cytool options available on Windows endpoints.
Enumerate protected processes.
Enable or disable a protection feature.
Enable, disable, or query the startup state of Traps components.
Stop or start product components.
Query or compare the applied policy for a process.
For example, to query the policy for future executions of notepad.exe:
For example, to compare the policy for future executions of notepad.exe to the default policy:
Operate product trace sessions.
View and restore quarantined files.
Query Traps statistics from a running process.
is the process ID (PID).
For example, to display statistics about the Chrome process identified by PID 4080:
View the history of the Traps local analysis module.
cytool tla query
Display general Traps information.
cytool info [query]
To display the Traps version, run the
cytool infocommand without any additional arguments. To display additional details about Traps, such as the version of the default policy and the specific build number, add the query argument. For example:
cytool wf query [<hash>]
Prepare a golden image by submitting files for cloud analysis and generate a threats report.
cytool imageprep [scan] [timeout
<scan timeout>] [upload
<upload timeout>] [path
Traps stores policy and security event information, such as the list of trusted signers, local verdicts, and one-time actions in local databases on the endpoint. To troubleshoot policy issues and security events, you can use cytool persist operations to import, export, and view information stored in the local database.
To view a list of all local databases, use the
cytool persist listcommand.
Set log level for the desired process.
cytool log <log_level> <components>
Then use the
cytool log collectcommand to generate a support file archive of all logs in a TGZ file.
Initiate check-in to the server.
To verify the checkin, view the check-in time on the Traps console.
Cytool for Mac
Cytool for Mac Cytool is a command-line interface that is integrated into Traps that enables you to query and manage both basic and advanced functions ...
Use the Traps Agent for Linux
Use the Traps Agent for Linux After you install Traps for Linux, Traps operates transparently in the background as a system process. Typically, it is ...
Install the Traps Agent for Windows
Use the following workflows to install the Traps agent 5.0 on Windows endpoints. This topic provides options to use the MSI, Msiexec, and how to ...
Troubleshooting Resources for the Traps Agent for Windows
Use the resources in this topic to troubleshoot the Traps agent 5.0 on Windows endpoints. ...
Troubleshooting Resources for the Traps Agent for Mac
Troubleshooting Resources for the Traps Agent for Mac Resource Description Traps Console log Indicates information, warnings, and errors related to the Traps console. The Console ...
Install the Traps Agent for Linux
Install the Traps Agent for Linux Traps for Linux is designed to protect Linux servers and operates transparently in the background as a system process. ...
Use the Traps Agent for Windows
Use the Traps console to view the agent status, initiate a connection to the server, view and send logs, view security events that occurred on ...
Use Traps for Android
Use Traps for Android When you first install Traps for Android, Traps scans all apps installed on the Android endpoint. For each app Traps detects, ...