About Content Updates

To increase security coverage and quickly resolve any issues in policy, Palo Alto Networks can seamlessly deliver software packages for Traps called content updates. Content updates can contain changes or updates to any of the following:
  • Default security policy including exploit, malware, restriction, and agent settings profiles
  • Default compatibility rules per module
  • Protected processes
  • Local analysis logic
  • Trusted signers
  • Blacklisted processes by signers
  • Behavioral threat protection rules
  • Ransomware module logic including Windows network folders susceptible to ransomware attacks
  • Windows Event Logs
Each Traps installation package includes the latest content update version available, however, Palo Alto Networks can also release additional content updates to Traps management service between agent versions. This ensures your Traps agents stay up-to-date with the latest updates published by Palo Alto Networks.
When a new update is available, Traps management service notifies the Traps agent. The Traps agent then randomly chooses a time within a six-hour window during which it will retrieve the content update from Traps management service. By staggering the distribution of content updates, Traps reduces the bandwidth load and prevents bandwidth saturation due to the high volume and size of the content updates across many endpoints.
You can view the distribution of endpoints by content update version from the Dashboard.

Related Documentation