Changes to Default Behavior

Changes to Default Behavior in Traps 6.1 releases.
The following topics describe changes to default behavior in Traps 6.1 releases:

Changes to Default Behavior in Traps 6.1.6

Feature
Change to Behavior
Agent for Cortex XDR Only
Starting with the Traps agent 6.1.6 release, the agent is supported by Cortex XDR only.

Changes to Default Behavior in Traps 6.1.5

Feature
Change to Behavior
Random Selection of App-specific Proxy
If your agents communicate with the Cortex XDR server through app-specific proxies, now the proxy server for each communication is selected from the list of proxies randomly with equal probability, rather than according to their order of definition.

Changes to Default Behavior in Traps 6.1.4

Feature
Change to Behavior
Agent Installation for Citrix App Layering
Due to a Citrix App Layering limitation, you must install the Traps agent on the OS layer according to this flow to enable the Traps agent provide full protection to your endpoints:
  1. Install the Traps agent on OS layer during App Layering image preparation process, as a Terminal session, VDI or Standard installation.
    Traps agent installations on the Application layer or User layer are not supported.
  2. Before you finalize the OS layer, stop the Traps agent with the
    Cytool runtime stop
    command.
  3. Delete the
    c:\ProgramData\Cyvera\LocalSystem\Download\content
    folder.
  4. Delete the
    c:\ProgramData\Cyvera\LocalSystem\Persistence\cloud_frontend_db
    folder.
  5. Add the following entry to the Registry:
    HKLM\SYSTEM\CurrentControlSet\Services\Unirsd\ExcludeKey [REG_SZ] = "\Registry\Machine\System\Cyvera"
  6. Do not boot up the OS layer before it is finalized.

Changes to Default Behavior in Traps 6.1.3

There are no changes to default behavior in Traps 6.1.3.

Changes to Default Behavior in Traps 6.1.2

There are no changes to default behavior in Traps 6.1.2.

Changes to Default Behavior in Traps 6.1.1

There are no changes to default behavior in Traps 6.1.1.

Changes to Default Behavior in Traps 6.1.0

Feature
Change to Behavior
Immediate Response Actions Over Web Socket
Now when you perform the following response actions in the Traps management service or Cortex XDR for Traps agent 6.1 and later releases, they will be executed immediately on the endpoint through a web socket that is maintained between the sever and the Traps agent:
  • Quarantine file and restore file
  • Terminate process
  • Isolate endpoint and cancel endpoint isolation
  • Initiate Live Terminal
  • Set endpoint proxy disable endpoint proxy
  • Retrieve endpoint files
  • Retrieve security event data
  • Retrieve support file
The actions that can be performed via web socket are only actions that your current agent version already supports.
If the web socket communication fails, the action will be executed on the next successful Cortex XDR agent heartbeat. You can use Cytool to display the current websocket connection status by running the
websocket
command on the endpoint.

Recommended For You