Features Introduced in Traps Agent 5.0
The following topics describe the new features introduced in Traps agent 5.0 releases.
For additional information on how to use the new features in this release, refer to the Traps Agent 5.0 Administrator’s Guide.
Features Introduced in Traps Agent 5.0.7
The following table describes the new features introduced in Traps agent 5.0.7 release.
Hardened Passwords Using PBKDF2 Encryption
For increased security, the Traps agent uninstall password is now encrypted using a stronger encryption algorithm (PBKDF2) when transferred between Traps management service and the Windows agents. Traps management service automatically applies the stronger algorithm to the password for new installation packages (no password reset is required). The stronger encryption helps prevent attempts to obtain the password.
Content Update Distribution Enhancement
To reduce bandwidth load when distributing the latest content update, the Traps agent now staggers the time at which it will retrieve the content update from Traps management service. When a new content update is available, Traps agents randomly choose a time within a six hour window to retrieve the content update. This prevents bandwidth saturation due to a high volume and size of content updates.
Features Introduced in Traps Agent 5.0.6
There are no new features introduced in Traps agent 5.0.6.
Features Introduced in Traps Agent 5.0.5
There are no new features introduced in Traps agent 5.0.5.
Features Introduced in Traps Agent 5.0.4
The following table describes the new features introduced in Traps agent 5.0.4 release.
To prevent attackers from leveraging the Mimikatz tool to extract passwords from memory, Traps introduces a new
Password Theft Protectionmodule. The new protection module, which you can enable in a Malware Security profile for Windows endpoints, silently prevents attempts to steal credentials and does not currently provide notifications when these events occur. Mimikatz prevention is available with Windows Vista and later Windows releases.
After you enable this protection module, this module is active following the next reboot on the endpoint.
Enhanced Support for Traps on Temporary Sessions
To enable you to logically distinguish temporary sessions from other VDI or standard installations, you can now identify a temporary session such as to a Remote Desktop Server. To identify temporary sessions that replicate from a snapshot, you specify the
TS_ENABLED=1Msiexec parameter when you install Traps. The Traps management service then issues a license to the Traps agent on the snapshot. A license returns to the license pool when the Traps agent is disconnected from the Traps management service for more than 90 minutes or the agent is uninstalled.
For more information about managing endpoints identified as temporary sessions, see the Traps Management Service Release Notes.
Local Analysis Verdicts by Feature Vector
To prevent Traps from blocking unknown files that are likely benign but for which local analysis suspects as malware, Support can now deliver a verdict for the feature vector of a file. A feature vector is a group or family of files that share similar characteristics but have different hashes. For example if you change a few bytes at the end of the file, that file and the original could be grouped under the same feature vector. After Support delivers a support exception to define a benign verdict for a feature vector, the Traps local analysis module can use the verdict to allow similar files to run.
New Operating System Support
Traps extends support to the following operating systems:
For complete compatibility information, see Palo Alto Networks Compatibility Matrix.
Features Introduced in Traps Agent 5.0.3-h1
The following table describes the new features introduced in Traps agent 5.0.3-h1 release.
macOS 10.14 Support
You can now install Traps on macOS 10.14. For complete compatibility information, see Palo Alto Networks Compatibility Matrix.
User-Agent Identification for Traps Agent-Proxy Traffic
You can now exclude traffic between Amazon S3 (s3.amazonaws.com) and a proxy server from SSL decryption. To enable you to filter the agent-proxy traffic, Traps adds a new request header field to the
HTTP CONNECTrequest it sends to the proxy server. The new
User-Agentheader field has a value of
PaloAltoNetworks-Traps. Traps adds this new field only to HTTP CONNECT requests to the proxy server; the field is not added in requests sent to Amazon S3 or to the Traps management service.
Features Introduced in Traps Agent 5.0.3
The following table describes the new features introduced in Traps agent 5.0.3 release.
Local Analysis of .NET Samples
To prevent unknown malware developed using the Microsoft .NET framework from running on Windows endpoints, local analysis can now analyze characteristics of .NET samples to determine the likelihood of malware. This enables Traps to identify and block malicious .NET samples before receiving an official WildFire verdict. This capability is automatically included when you enable local analysis in a malware security profile for Windows. As with the existing local analysis models, changes or updates to the models used to analyze .NET samples can be delivered by Palo Alto Networks in content updates.
Features Introduced in Traps Agent 5.0.2
The following table describes the new features introduced in Traps agent 5.0.2 release.
Reverse Shell Protection for Linux
Traps now extends malware protection to Linux servers with Reverse Shell Protection. With this module, Traps detects suspicious or abnormal network activity from shell processes and terminates the malicious shell process.
Features Introduced in Traps Agent 5.0.1
The following table describes the new features introduced in Traps agent 5.0.1 release.
Shellcode Protection for Linux
Traps extends its exploit protection for Linux servers to include shellcode protection. This capability enables Traps to monitor processes that run code from unmapped locations and prevent processes from calling operating system functions that these processes shouldn't commonly use.
Extended Linux OS Support
Traps now supports Amazon Linux 2 LTS Candidate (2017.12) and Amazon Linux 2 LTS Candidate 2, Debian 8 and 9, and Oracle 6 and 7. For full OS compatibility, see the Palo Alto Networks Compatibility Matrix.
Features Introduced in Traps Agent 22.214.171.124
The following table describes the new features introduced in Traps agent 126.96.36.199 release.
Traps for Android Installation Enhancement
The Traps app for Android now allows end users to supply the installation URL or distribution ID during activation. This enhancement allows users to complete activation if the distribution ID was not supplied or if the user attempts to install directly from the Google Play Store. For more information, see Install Traps App for Android in the
Traps Agent 5.0 Administrator’s Guide.
Features Introduced in Traps Agent 5.0.0
The following table describes the new features introduced in Traps agent 5.0.0 release.
Traps for Android
The new Traps app for Android extends malware detection and prevention to Android endpoints. Traps for Android leverages both local analysis and threat-intelligence from WildFire to detect known malware. Traps for Android can also optionally submit the unknown apps to the Traps management service for further in-depth analysis by WildFire. From the Traps management service, you can monitor the health of the Traps app and view details about security events that occur on the Android endpoints in your organization. Traps for Android is supported on Android 4.4 and later releases.