Features Introduced in Traps Agent 5.0
The following topics describe the new features introduced in Traps agent 5.0 releases.
For additional information on how to use the new features in this release, refer to the Traps Agent 5.0 Administrator’s Guide.
Features Introduced in Traps Agent 5.0.6
There are no new features introduced in Traps agent 5.0.6.
Features Introduced in Traps Agent 5.0.5
There are no new features introduced in Traps agent 5.0.5.
Features Introduced in Traps Agent 5.0.4
The following table describes the new features introduced in Traps agent 5.0.4 release.
|Mimikatz Prevention||To prevent attackers from leveraging the Mimikatz tool to extract passwords from memory, Traps introduces a new Password Theft Protection module. The new protection module, which you can enable in a Malware Security profile for Windows endpoints, silently prevents attempts to steal credentials and does not currently provide notifications when these events occur. Mimikatz prevention is available with Windows Vista and later Windows releases.|
|Enhanced Support for Traps on Temporary Sessions|
To enable you to logically distinguish temporary sessions from other VDI or standard installations, you can now identify a temporary session such as to a Remote Desktop Server. To identify temporary sessions that replicate from a snapshot, you specify the TS_ENABLED=1 Msiexec parameter when you install Traps. The Traps management service then issues a license to the Traps agent on the snapshot. A license returns to the license pool when the Traps agent is disconnected from the Traps management service for more than 90 minutes or the agent is uninstalled.
For more information about managing endpoints identified as temporary sessions, see the Traps Management Service Release Notes.
|Local Analysis Verdicts by Feature Vector|
To prevent Traps from blocking unknown files that are likely benign but for which local analysis suspects as malware, Support can now deliver a verdict for the feature vector of a file. A feature vector is a group or family of files that share similar characteristics but have different hashes. For example if you change a few bytes at the end of the file, that file and the original could be grouped under the same feature vector. After Support delivers a support exception to define a benign verdict for a feature vector, the Traps local analysis module can use the verdict to allow similar files to run.
|New Operating System Support|
Traps extends support to the following operating systems:
For complete compatibility information, see Palo Alto Networks Compatibility Matrix.
Features Introduced in Traps Agent 5.0.3-h1
The following table describes the new features introduced in Traps agent 5.0.3-h1 release.
|macOS 10.14 Support||You can now install Traps on macOS 10.14. For complete compatibility information, see Palo Alto Networks Compatibility Matrix.|
|User-Agent Identification for Traps Agent-Proxy Traffic||You can now exclude traffic between Amazon S3 (s3.amazonaws.com) and a proxy server from SSL decryption. To enable you to filter the agent-proxy traffic, Traps adds a new request header field to the HTTP CONNECT request it sends to the proxy server. The new User-Agent header field has a value of PaloAltoNetworks-Traps. Traps adds this new field only to HTTP CONNECT requests to the proxy server; the field is not added in requests sent to Amazon S3 or to the Traps management service.|
Features Introduced in Traps Agent 5.0.3
The following table describes the new features introduced in Traps agent 5.0.3 release.
|Local Analysis of .NET Samples|
To prevent unknown malware developed using the Microsoft .NET framework from running on Windows endpoints, local analysis can now analyze characteristics of .NET samples to determine the likelihood of malware. This enables Traps to identify and block malicious .NET samples before receiving an official WildFire verdict. This capability is automatically included when you enable local analysis in a malware security profile for Windows. As with the existing local analysis models, changes or updates to the models used to analyze .NET samples can be delivered by Palo Alto Networks in content updates.
Features Introduced in Traps Agent 5.0.2
The following table describes the new features introduced in Traps agent 5.0.2 release.
|Reverse Shell Protection for Linux|
Traps now extends malware protection to Linux servers with Reverse Shell Protection. With this module, Traps detects suspicious or abnormal network activity from shell processes and terminates the malicious shell process.
Features Introduced in Traps Agent 5.0.1
The following table describes the new features introduced in Traps agent 5.0.1 release.
|Shellcode Protection for Linux|
Traps extends its exploit protection for Linux servers to include shellcode protection. This capability enables Traps to monitor processes that run code from unmapped locations and prevent processes from calling operating system functions that these processes shouldn't commonly use.
|Extended Linux OS Support|
Traps now supports Amazon Linux 2 LTS Candidate (2017.12) and Amazon Linux 2 LTS Candidate 2, Debian 8 and 9, and Oracle 6 and 7. For full OS compatibility, see the Palo Alto Networks Compatibility Matrix.
Features Introduced in Traps Agent 126.96.36.199
The following table describes the new features introduced in Traps agent 188.8.131.52 release.
|Traps for Android Installation Enhancement|
The Traps app for Android now allows end users to supply the installation URL or distribution ID during activation. This enhancement allows users to complete activation if the distribution ID was not supplied or if the user attempts to install directly from the Google Play Store. For more information, see Install Traps App for Android in the Traps Agent 5.0 Administrator’s Guide.
Features Introduced in Traps Agent 5.0.0
The following table describes the new features introduced in Traps agent 5.0.0 release.
|Traps for Android|
The new Traps app for Android extends malware detection and prevention to Android endpoints. Traps for Android leverages both local analysis and threat-intelligence from WildFire to detect known malware. Traps for Android can also optionally submit the unknown apps to the Traps management service for further in-depth analysis by WildFire. From the Traps management service, you can monitor the health of the Traps app and view details about security events that occur on the Android endpoints in your organization. Traps for Android is supported on Android 4.4 and later releases.
Traps Agent Release Information
Traps Agent Release Information Features Introduced in Traps Agent 5.0 Changes to Default Behavior Changes to Default Behavior in Traps 5.0 releases. Limitations Associated Software ...
Features Introduced in GlobalProtect App 5.0
Learn about the exciting new features introduced in the GlobalProtect™ App 5.0 release. ...
Traps Agent 5.0 for Linux
Traps Agent 5.0 for Linux The Traps agent protects Linux servers by preventing attackers from leveraging software exploits or vulnerabilities to compromise an endpoint. The ...
Use Traps for Android
Use Traps for Android When you first install Traps for Android, Traps scans all apps installed on the Android endpoint. For each app Traps detects, ...
Traps App for Android
Traps App 5.0 for Android The Traps app for Android prevents known malware and unknown APK files from running on your Android endpoints. The Traps ...
Troubleshooting Resources for the Traps Agent for Windows
Use the resources in this topic to troubleshoot the Traps agent 5.0 on Windows endpoints. ...