Protection Capabilities

Each security profile provides a tailored list of protection capabilities that you can configure for the platform you select. The following table describes the protection capabilities you can customize in a security profile. The table also indicates which platforms support the protection capability (a dash (—) indicates the capability is not supported).
Protection CapabilityWindowsMacLinuxAndroid
Exploit Security Profiles
Browser Exploits Protection
Browsers can be subject to exploitation attempts from malicious web pages and exploit kits that are embedded in compromised websites. By enabling this capability, Traps automatically protects browsers from common exploitation attempts.
check-mark.png
check-mark.png
Logical Exploits Protection
Attackers can use existing mechanisms in the operating system—such as DLL-loading processes or built in system processes—to execute malicious code. By enabling this capability, Traps automatically protects endpoints from attacks that try to leverage common operating system mechanisms for malicious purposes.
check-mark.png
check-mark.png
Known Vulnerable Processes Protection
Common applications in the operating system, such as PDF readers, Office applications, and even processes that are a part of the operating system itself can contains bugs and vulnerabilities that an attacker can exploit. By enabling this capability, Traps protects these processes from attacks which try to exploit known process vulnerabilities.
check-mark.png
check-mark.png
check-mark.png
Exploit Protection for Additional Processes
To extend protection to third-party processes that are not protected by the default policy from exploitation attempts, you can add additional processes to this capability.
check-mark.png
check-mark.png
check-mark.png
Operating System Exploits Protection
Attackers commonly leverage the operating system itself to accomplish a malicious action. By enabling this capability, Traps protects operating system mechanisms such as privilege escalation and prevents them from being used for malicious purposes.
check-mark.png
check-mark.png
check-mark.png
Malware Security Profiles
Behavioral Threat Protection
Prevents sophisticated attacks that leverage built-in OS executables and common administration utilities by continuously monitoring endpoint activity for malicious causality chains.
check-mark.png
Ransomware Protection
Targets encryption based activity associated with ransomware to analyze and halt ransomware before any data loss occurs.
check-mark.png
Prevent Malicious Child Process Execution
Prevents script-based attacks used to deliver malware by blocking known targeted processes from launching child processes commonly used to bypass traditional security approaches.
check-mark.png
Portable Executables and DLLs Examination
Analyze and prevent malicious executable and DLL files from running.
check-mark.png
ELF Files Examination
Analyze and prevent malicious ELF files from running.
check-mark.png
Office Files Examination
Analyze and prevent malicious macros embedded in Microsoft Office files from running.
check-mark.png
Mach-O Files Examination
Analyze and prevent malicious mach-o files from running.
check-mark.png
APK Files Examination
Analyze and prevent malicious APK files from running.
check-mark.png
Restrictions Security Profiles
Execution Paths
Many attack scenarios are based on writing malicious executable files to certain folders such as the local temp or download folder and then running them. Use this capability to restrict the locations from which executable files can run.
check-mark.png
Network Locations
To prevent attack scenarios that are based on writing malicious files to remote folders, you can restrict access to all network locations except for those that you explicitly trust.
check-mark.png
Removable Media
To prevent malicious code from gaining access to endpoints using external media such as a removable drive, you can restrict the executable files, that users can launch from external drives attached to the endpoints in your network.
check-mark.png
Optical Drive
To prevent malicious code from gaining access to endpoints using optical disc drives (CD, DVD, and Blu-ray), you can restrict the executable files, that users can launch from optical disc drives connected to the endpoints in your network.
check-mark.png

Related Documentation