Traps Agent Addressed Issues

List of addressed issues in Traps agent 5.0 releases.
The following tables lists the issues that are addressed in Traps agent 5.0 releases.

Traps Agent 5.0.7 Addressed Issues

Issue ID
Description
CPA-6123Fixed an issue on Windows 10 endpoints that had AuditMicrosoftSignedOnly mitigation enabled where Traps injection caused services that have a load timeout (such as svchost.exe) to halt abruptly.
CPA-6084Fixed an issue on Windows endpoints where an endpoint scan could not complete due to a corrupted Object Linking and Embedding (OLE) file.
CPA-6015Fixed an issue with error handling on Windows endpoints where, in rare cases, Traps changed the Last Error value.
CPA-5985Fixed an issue on Windows 8 and Windows Server 2012 and later endpoints where if you used Offloaded Data Transfers (ODX), you experienced slowness copying and moving files between Intelligent Storage Arrays (ISAs). Now, you can copy and move files without experiencing any degradation in performance.
CPA-5933When you use a GPO to deploy Traps on Windows endpoints, assigning the policy to Active Directory users (instead of computers) causes subsequent attempts to uninstall or upgrade the Traps agents to fail. To ensure upgrades and uninstalls succeed, verify that the GPO command line does not include the ALLUSERS parameter (with any values).
CPA-5816Fixed an issue which caused high CPU utilization on Windows endpoints due to gRPC.
CPA-5733Fixed an issue where the Traps management service sent updates to Traps agents without the distribution ID, causing the agents to become disconnected.
CPA-5161Fixed an issue where TLAService—which is primarily responsible for the Traps local analysis module—failed to initialize when the system account specified in the %TMP% environment variable was not reachable.
CPA-4725Fixed an issue where periodic scanning caused the file streaming mechanisms of Microsoft OneDrive and Google Drive to sync locally, which resulted in high local disk space consumption for files that should have been stored in the cloud.
CPA-4724Fixed an issue where some Traps EPMs raised a security event for processes that were whitelisted instead of allowing them to run.
CPA-3358Fixed an issue on Windows endpoints, where the Traps management service prevented the completion of Microsoft Office application crash recovery.

Traps Agent 5.0.6 Addressed Issues

Issue ID
Description
CPA-4937Fixed an issue with error handling where multiple attempts to load Traps DLLs caused failures during the process initialization flow which resulted in a prevention or halted a Traps process.
CPA-4904Fixed an issue that occurred when Symantec Endpoint Protection was installed in parallel with Traps where the lsass.exe process halted suddenly and caused the endpoint to enter a reboot loop.
CPA-4861Fixed an issue where the DLL Security module raised a security event when a DLL on a stackwalk whitelist was also specified on a blacklist. Now, the whitelist takes precedence over the blacklist.
CPA-4813Fixed an issue on Linux endpoints that caused Traps installation to fail when the logic used to determine the hostname of the endpoint did not match the actual hostname.
CPA-4741 Fixed an issue on Windows endpoints where the Traps agent would be deactivated when the default policy file was found empty thereby preventing additional policy updates.
CPA-4675Fixed an issue where the Traps registry configuration could be overwritten when Traps Tampering Protection was enabled as part of an Agent Settings profile.
CPA-4604 Fixed an issue with the Ransomware Protection module which caused image loading delays with third-party applications.
CPA-4601Fixed an issue on Linux endpoints where Traps prevented a cron job from running shell scripts due to a compatibility issue with glibc version 2.22.
CPA-4583 Fixed an issue on Linux endpoints where the Shellcode Protection module raised security events when the module identified a return address in a non-executable region of the process. Now, the Shellcode Protection module only raises events when the return address is to an executable region.
CPA-3352 Fixed an issue on endpoints running Windows 10 Insider Preview where the Windows Defender Security Center displayed Virus & threat protection as Unknown and displayed Status unavailable for Traps even though Traps successfully registered with the Security Center and was available.
CPA-3134Fixed an issue where the local Traps database accepted unreadable data (serialized non-UTF8 strings) which could partially or fully corrupt the local database.

Traps Agent 5.0.5 Addressed Issues

Issue ID
Description
CPA-4485Fixed an issue on Mac endpoints where Traps reported security events for legitimate processes when the queue of protected processes became obsolete after a period of inactivity and a process ID (PID) was reused. Now, Traps clears the queue of terminated processes at regular intervals to prevent PID reuse.
CPA-4427Fixed an issue on Windows 10 virtual machines and new installations on macOS 10.14 where the Traps console did not reflect the current protection state on the endpoint when the network was disconnected or immediately following the end of the installation.
CPA-4422Fixed an issue where Traps did not apply tampering protection to the parent directory of the Traps installation.
CPA-4334Fixed a performance issue where Traps caused delays opening large files from network shares.
CPA-4232Fixed an issue on Mac endpoints where Traps did not provide visibility when Traps was not approved as a kernel extension provider and thus caused Traps to operate in incompatible mode. Now, Traps logs an event when the kernel extensions are not enabled so that you can remedy the issue on the endpoint.
CPA-4198Fixed an issue where the Traps agent experienced delays sending file reports to the Traps management service to obtain the WildFire verdict. Now, the Traps agent sends reports and verdict requests on the next periodic interval even if a security event was triggered in between.
CPA-4129Fixed an issue on Mac endpoints running macOS 10.14.1 where after installing Traps, the agent started in incompatible mode. This occurred in the following scenarios:
  • Fresh installation on 10.14.1 (or a later release) when Traps was never installed on the endpoint.
  • Traps was previously installed on an endpoint running macOS 10.12.6 or an earlier release and then upgraded to macOS 10.14.1 and then uninstalled. Later, Traps was reinstalled but Traps was not approved as a kernel extension provider.
CPA-3868Fixed an issue on endpoints running Windows 8 and later releases where Traps incorrectly DLL Security and UASLR exploit protection modules (EPMs) triggered events reported events incorrectly. This was due to a memory mapping issue with the EPMs.
CPA-3780Fixed an issue where you could not install Traps on a Windows Server 2003 SP2 x86 endpoints when third-party software that injects into similar processes—such as McAfee—was installed.
CPA-3779Fixed an issue where you could not install Traps on a Windows Server 2003 SP2 x86 endpoints when third-party software that injects into similar processes—such as McAfee—was installed.
CPA-3413Fixed an issue where the Traps agent reported the old agent version following an upgrade from the Endpoint Security Manager to Traps management service. Now, Traps uses the agent version from cyvera service and not from the registry.
CPA-3287Fixed an issue that occurred when Traps analyzed an Office file that contained a macro where Traps caused delays in the startup of the process opening the file.

Traps Agent 5.0.4 Addressed Issues

Issue ID
Description
CPA-3850Fixed an issue where the Actions Tracker on the Traps management service reported that successful agent upgrades had failed. With this fix, Traps agents running 5.0.4 and above will correctly report successful upgrades.
CPA-3833Fixed an issue that caused delays with Traps startup when a network error occurred on the endpoint.
CPA-3634Fixed an issue with VDI where after a user logged out and back in, the Traps agent did not re-register with the Traps management service.
CPA-3597Fixed an issue that occurred after you removed a hash exception from the Traps management service where the Traps agent failed to check in with the Traps management service, and therefore did not obtain the latest policy.
CPA-3555Fixed an issue on Mac endpoints, where the Traps icon was hidden intermittently in the menu bar following a reboot.
CPA-3497Fixed an issue on Windows 8.1, Windows 10, Windows Server 2012, and Windows Server 2016 where Sysprep failed and the endpoint could not finish booting when you enabled registry values protection.
CPA-3496Fixed an issue where some Traps EPMs—such as DLL Security—caused a process to crash if Traps could not analyze opcodes.
CPA-3440Fixed an issue on Windows endpoints where Traps did not apply policy to Active Directory users and groups.
CPA-3414Fixed an issue on remote desktop sessions to RDS servers where Traps reported the username of the console user instead of the logged on user with analytics for a file.
CPA-3404Fixed an issue on virtual machines where Traps reported changes to the unique ID associated with the endpoint resulting in excess license consumption.
CPA-3018Fixed an issue encountered during scanning where Traps reported file errors for page, swap, and hibernation system files.
CPA-1861Fixed an issue where the Traps agent took up to five minutes to send changes to endpoint details—such as username, user domain, or hostname—after an endpoint restarted.
CPA-1768Fixed an issue that occurred when a remote user logged into a Remote Desktop Server, where Traps did not capture the name of the remote user and, as a result, identified the user as undefined in logs.

Traps Agent 5.0.3-h1 Addressed Issues

Issue ID
Description
CPA-3569Fixed an issue that prevented you from excluding Traps agent traffic via a proxy server from SSL decryption. Now, you can use the agent-user information supplied during the Traps connection request to the server to filter out Traps agent traffic from SSL decryption.
CPA-3554Fixed an issue that caused high memory consumption on Windows endpoints.
CPA-3548Fixed an issue on 64-bit Windows endpoints with Traps 5.0 releases earlier than 5.0.3.38921, where memory consumption increased over time due to a leak of native 64-bit processes that are protected by Traps.
CPA-3436Fixed an issue with the Kernel Escalation Privilege exploit protection module which caused high CPU consumption on Linux endpoints.

Traps Agent 5.0.3 Addressed Issues

Issue ID
Description
CPA-2814
Fixed an issue on Linux endpoints where Traps installation failed when multiple OpenSSL Red-hat Package Manager (RPM) packages were also installed.

Traps Agent 5.0.2 Addressed Issues

Issue ID
Description
CPA-3130
Fixed an issue with identification of VDI in VMWare Horizon View and Hyper-V environments and made general back-end improvements for VDI deployments.

Traps Agent 5.0.1 Addressed Issues

Issue ID
Description
CPA-2723
Fixed an issue in the Traps management service web interface where the Endpoints page did not display the domain name for agents (in the host Name column) after the virtual machines they ran on were shut down.
CPA-2722
Fixed an issue on Windows Server 2003 endpoints where, after you migrated to Traps agent 5.0 from an earlier version, the endpoints could not connect to the Traps management service.
CPA-2697
Fixed an issue where, after you migrated to Traps agent 5.0, the Traps local analysis service consumed all the CPU usage on an endpoint.
CPA-2681
Fixed an issue where clicking Check In Now in the Traps agent console disconnected the agent from the Traps management service after you configured a malware profile with a Parent Process Name that exceeded 250 characters (ProfilesWindows<malware_profile>).
CPA-2679
Fixed an issue where the Traps local analysis service consumed high CPU usage on an endpoint that several users used simultaneously.
CPA-2559
Fixed an issue where the Traps Logs Utility (GetLogsUtilAgent.exe/Getlogsutil.exe) stopped working as soon as you ran it. (The utility is used to collect support logs when the Traps agent stops responding.)
CPA-2525
Fixed an issue where the CLI help for the cytool vdi command displayed the wrong description: Initiate Check-inNow <send heartbeat to server>. With this fix, the command help displays the following description:
> cytool vdi /?
Perform VDI operations
Usage: cytool vdi operation
operation   One of the following:
update   Update Golden Image name in registry
CPA-1942Fixed an issue that occurred when you first installed the Traps agent where the Traps management service took up to one hour to display the associated content and agent version.

Traps Agent 5.0.0 Addressed Issues

Addressed Issues in Traps agent 5.0.0
Issue ID
Description
CPA-2590
Fixed an issue on Windows 10 endpoints where, after you installed the latest Windows update and opened a Windows program, Traps injection caused WoW64 (Windows 32-bit on Windows 64-bit) processes to stop responding.

Related Documentation