Traps Agent 6.0 for Linux

The Traps™ agent protects Linux servers by preventing known and unknown malware from running by halting any attempts to leverage software exploits and vulnerabilities to compromise the server. Traps also extends exploit and malware protection to processes that run in Linux containers. When you install Traps on a Linux server that uses containers, Traps automatically protects any new and existing containerized processes regardless of the container solution (for example, docker). Because Traps management service issues the license per Linux server, each container does not consume any additional licenses.
The protection capabilities and features that Traps for Linux enables depend, in part, on your security policy configuration and the kernel version that is installed. If you deploy Traps on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, Traps will operate in asynchronous mode where:
  • ELF file examination occurs in parallel with the file execution. If the Traps agent obtains a malware verdict for the ELF file, it terminates the file execution. Security events for malware in asynchronous mode are assigned a high severity due to the potential for continued execution during the verdict request while security events in synchronous mode are medium severity.
  • All other exploit and malware protection is enabled per your Linux security policy.
The following topics describe how to install and use the Traps agent for Linux:

Related Documentation