Migrate from Traps Endpoint Security Manager to Traps Management Service
You can easily migrate the Traps agent from management by the Endpoint Security Manager (ESM) to Traps management service.
Before you migrate to Traps management service:
- Review Differences Between Endpoint Security Manager and Traps Management Service to determine whether upgrading to Traps management service is right for you.
- Upgrade the Traps agent to a release that supports migration:
- To upgrade to Traps 5.0.3 or a later release, you must first upgrade to ESM and Traps agent 4.2.1.
- To upgrade to Traps 5.0.2, 5.0.1, or 5.0.0 on Windows or Mac endpoints, you must first upgrade to ESM 4.1.3 and Traps agent 4.1.0 or later versions. On Linux endpoints, you must first upgrade to ESM and Traps agent 4.2.0 or a later version.
- Sanitize your security policy. Because the policy structure for Traps management service is different than ESM, you cannot migrate rules from an existing deployment. Before migrating to Traps management service, we recommend that you review existing user rules for each policy type and remove any that are no longer required. For example, remove any rules that are resolved in content updates or that apply to earlier versions of the Traps agent.
- Review restore candidates. Before migrating to Traps management service, review any files that were quarantined and determine whether the file needs to be restored or you need to take any additional action to remediate the endpoint. After you upgrade the agent version to a Traps version supported by Traps management service, the agent will not communicate with the ESM and, therefore, will not respond to requests from the ESM to restore files.
- Review security events. Review and address any events that require remediation before migrating to Traps management service. Note that security events that were not sent to the ESM before installing the new agents are not sent to Traps management service.
- Locate your ESM Auth code. You can locate the Auth code in the Customer Support Portal (AssetsAdvanced Endpoint Protection).
- Activate the Traps Management Service.As an existing ESM customer, you can use your ESM Auth code to activate Traps management service without purchasing additional licenses. Using the same Auth code enables you to apply the same license pool and expiration specifications to your Traps management service instance.Log into the Cortex Hub to activate Traps management service. During activation you can also associate Traps management service with a Cortex Data Lake instance and Directory Sync Service instance.
- Import hash overrides as hash exceptions in the Traps
- From the ESM Console, select Settings.
- Generate a Tech Support File and download it when it finishes.
- Extract the TechSupport ZIP file which contains two zipped files (one for Core and one for Console).
- Extract the Console ZIP file.
- Open the DBQueries folder and
locate the Verdict_Override_Exports.csv file.This file contains all the hash overrides defined in the ESM Console.
- Log in to Traps management service and select SecurityExceptionsHash Exceptions.
- Select ActionsImport CVS.
- Select and then Upload the Verdict_Override_Exports.csv file.If necessary, resolve any conflicts encountered during the upload and retry.
- Select Import to confirm and then click OK when Traps management service finishes importing the hash exceptions.
- Migrate trusted signers and whitelisted paths.
- From Traps management service, Add a New Malware Security Profile for any platforms to which you want to add whitelisted signers or paths. Use the default profile settings, or modify an existing profile that you already created.
- To allow trusted signers previously seen in your environment, add the signer name (Windows) or SHA256 of the certificate that signs the file (macOS) to the Whitelist Signers list of the relevant Malware Security Profile.
- Evaluate the WildFire rule(s) for each platform on
the ESM Console and identify any whitelisted paths that are still
relevant and add them to the Whitelist Folders area
of the appropriate Malware Security Profile on Traps management
service.There may be more than one WildFire rule with whitelists. While the ESM merges WildFire rules, this capability is not available in Traps management service.Ensure that you migrate paths to the relevant Malware Security Profile for each platform:
- Copy paths in macOS WildFire rules to the Mach-O Files whitelist in a macOS profile.
- Copy paths in Windows WildFire rules for Executables or DLL files to the Portable Executables and DLLs whitelist in a Windows profile.
- Copy paths in Windows WildFire rules for Office files to the Office Files whitelist in a Windows profile.
- Configure a Policy Rule for
each group of target objects to which the profile (and any associated
hash exceptions) applies.You can return to SecurityProfilesMalware Profile to specify the target objects after you upgrade the Traps agent.
- Migrate rules which disable protection on processes.For each remaining rule which disables protection on a specific process or disables a specific protection module on the process, record the endpoints target endpoints to which the exception applies, and then Create a Process Exception on the Traps management service. You can return to Process Exceptions to apply the exception to the specific endpoints after you upgrade the Traps agent.
- Upgrade the Traps agent to Traps 5.0 or a later release.To upgrade to Traps agent 5.0.3 or a later release, you must first upgrade Traps to 4.2.1 for all operating systems. To upgrade to Traps 5.0.0, 5,0.1, or 5.0.2 use the following guidelines for your Traps version:
After the upgraded Traps agent begins communicating with Traps management service. Endpoints that successfully check in with Traps management service are displayed on the Endpoints page and are eligible for assignment in Endpoint Groups and policy rules.
- Traps 4.1 (Windows and Mac) or Traps 4.2 (Linux) and later releases
- From Traps management service, Create an Installation Package with an installation type as Upgrade from ESM.
- Download the package to a location reachable to the ESM.
- From the ESM Console, disable services protection and then create an agent action rule to upgrade the Traps agent using the package created from Traps management service.Because this procedure is valid only for a specific version of Traps agents, we recommend using a condition for the action rule to upgrade the agents which specifies the Traps agent version.
- Save and Apply the rule.
- Earlier Traps versionsThere are three options for upgrading earlier Traps versions:
- Upgrade the earlier version to a version which supports migration using action rules, and then use the previous workflow to upgrade the Traps agent.
- Upgrade the Traps agent using a third-party software deployment tool such as JAMF or SCCM. With this method you must uninstall the agent and install a fresh installation package of Traps 5.0 instead of an upgrade package.
- Manually uninstall the earlier Traps agent and install a fresh installation package of Traps 5.0.
- Return to Policy Rules and Exceptions to restrict by specific endpoints.
Traps™ Endpoint Security Manager 4.1 Release Notes
Traps™ Endpoint Security Manager 4.1 Release Notes ...
Traps™ Endpoint Security Manager Release Notes
Traps 3.4 Endpoint Security Manager Release Notes ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...
Traps Evaluation and Protection Flow
Traps Evaluation and Protection Flow Traps utilizes advanced multi-method protection and prevention techniques to protect your endpoints from both known and unknown malware and software ...
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) and Traps 4.2. For ...
Traps Agent 5.0 for Windows
To uninstall, use, and upgrade the Traps agent 5.0 on Windows endpoints, see the references in this topic. ...
Traps Agent 6.0 for Windows
To uninstall, use, and upgrade the Traps agent 6.0 on Windows endpoints, see the references in this topic. ...
Traps Agent 5.0 for Linux
Traps Agent 5.0 for Linux The Traps agent protects Linux servers by preventing attackers from leveraging software exploits or vulnerabilities to compromise an endpoint. The ...