Features Introduced in Traps Agent 5.0

The following topics describe the new features introduced in Traps agent 5.0 releases.
For additional information on how to use the new features in this release, refer to the Traps Agent 5.0 Administrator’s Guide.

Features Introduced in Traps Agent 5.0.6

There are no new features introduced in Traps agent 5.0.6.

Features Introduced in Traps Agent 5.0.5

There are no new features introduced in Traps agent 5.0.5.

Features Introduced in Traps Agent 5.0.4

The following table describes the new features introduced in Traps agent 5.0.4 release.
Feature
Description
Mimikatz PreventionTo prevent attackers from leveraging the Mimikatz tool to extract passwords from memory, Traps introduces a new Password Theft Protection module. The new protection module, which you can enable in a Malware Security profile for Windows endpoints, silently prevents attempts to steal credentials and does not currently provide notifications when these events occur. Mimikatz prevention is available with Windows Vista and later Windows releases.
Enhanced Support for Traps on Temporary Sessions
To enable you to logically distinguish temporary sessions from other VDI or standard installations, you can now identify a temporary session such as to a Remote Desktop Server. To identify temporary sessions that replicate from a snapshot, you specify the TS_ENABLED=1 Msiexec parameter when you install Traps. The Traps management service then issues a license to the Traps agent on the snapshot. A license returns to the license pool when the Traps agent is disconnected from the Traps management service for more than 90 minutes or the agent is uninstalled.
For more information about managing endpoints identified as temporary sessions, see the Traps Management Service Release Notes.
Local Analysis Verdicts by Feature Vector
To prevent Traps from blocking unknown files that are likely benign but for which local analysis suspects as malware, Support can now deliver a verdict for the feature vector of a file. A feature vector is a group or family of files that share similar characteristics but have different hashes. For example if you change a few bytes at the end of the file, that file and the original could be grouped under the same feature vector. After Support delivers a support exception to define a benign verdict for a feature vector, the Traps local analysis module can use the verdict to allow similar files to run.
New Operating System Support
Traps extends support to the following operating systems:
  • Windows Server 2016 Datacenter edition
  • Windows 10 Education
  • Windows 10 Update 1809
For complete compatibility information, see Palo Alto Networks Compatibility Matrix.

Features Introduced in Traps Agent 5.0.3-h1

The following table describes the new features introduced in Traps agent 5.0.3-h1 release.
Feature
Description
macOS 10.14 SupportYou can now install Traps on macOS 10.14. For complete compatibility information, see Palo Alto Networks Compatibility Matrix.
User-Agent Identification for Traps Agent-Proxy TrafficYou can now exclude traffic between Amazon S3 (s3.amazonaws.com) and a proxy server from SSL decryption. To enable you to filter the agent-proxy traffic, Traps adds a new request header field to the HTTP CONNECT request it sends to the proxy server. The new User-Agent header field has a value of PaloAltoNetworks-Traps. Traps adds this new field only to HTTP CONNECT requests to the proxy server; the field is not added in requests sent to Amazon S3 or to the Traps management service.

Features Introduced in Traps Agent 5.0.3

The following table describes the new features introduced in Traps agent 5.0.3 release.
Feature
Description
Local Analysis of .NET Samples
To prevent unknown malware developed using the Microsoft .NET framework from running on Windows endpoints, local analysis can now analyze characteristics of .NET samples to determine the likelihood of malware. This enables Traps to identify and block malicious .NET samples before receiving an official WildFire verdict. This capability is automatically included when you enable local analysis in a malware security profile for Windows. As with the existing local analysis models, changes or updates to the models used to analyze .NET samples can be delivered by Palo Alto Networks in content updates.

Features Introduced in Traps Agent 5.0.2

The following table describes the new features introduced in Traps agent 5.0.2 release.
Feature
Description
Reverse Shell Protection for Linux
Traps now extends malware protection to Linux servers with Reverse Shell Protection. With this module, Traps detects suspicious or abnormal network activity from shell processes and terminates the malicious shell process.

Features Introduced in Traps Agent 5.0.1

The following table describes the new features introduced in Traps agent 5.0.1 release.
Feature
Description
Shellcode Protection for Linux
Traps extends its exploit protection for Linux servers to include shellcode protection. This capability enables Traps to monitor processes that run code from unmapped locations and prevent processes from calling operating system functions that these processes shouldn't commonly use.
Extended Linux OS Support
Traps now supports Amazon Linux 2 LTS Candidate (2017.12) and Amazon Linux 2 LTS Candidate 2, Debian 8 and 9, and Oracle 6 and 7. For full OS compatibility, see the Palo Alto Networks Compatibility Matrix.

Features Introduced in Traps Agent 5.0.0.77

The following table describes the new features introduced in Traps agent 5.0.0.77 release.
Feature
Description
Traps for Android Installation Enhancement
The Traps app for Android now allows end users to supply the installation URL or distribution ID during activation. This enhancement allows users to complete activation if the distribution ID was not supplied or if the user attempts to install directly from the Google Play Store. For more information, see Install Traps App for Android in the Traps Agent 5.0 Administrator’s Guide.
activation-by-url-id.png

Features Introduced in Traps Agent 5.0.0

The following table describes the new features introduced in Traps agent 5.0.0 release.
Feature
Description
Traps for Android
The new Traps app for Android extends malware detection and prevention to Android endpoints. Traps for Android leverages both local analysis and threat-intelligence from WildFire to detect known malware. Traps for Android can also optionally submit the unknown apps to the Traps management service for further in-depth analysis by WildFire. From the Traps management service, you can monitor the health of the Traps app and view details about security events that occur on the Android endpoints in your organization. Traps for Android is supported on Android 4.4 and later releases.
traps-app-summary.png

Related Documentation