Endpoint Logs

Endpoint logs include entries for events that are monitored by the Traps agent and are classified with a the system record type. The Traps agent logs these endpoint events using one of the following categories:
  • Audit
    —Changes to the agent software, policy, or services as initiated by an administrator.
  • Monitoring
    —Change in status for actions carried out or monitored by the Traps agent, such as quarantine, log quota, or policy applications.
  • Scanning
    —Change in status for scanning actions carried out or monitored by the Traps agent.
  • Status
    —Changes to the agent protection status.
Each entry includes the event category that identifies the type of configuration event that occurred, the specific type of event, the severity of the event that corresponds to the event type, a descriptive message that describes the log event, the username of the local active user on the endpoint, and the date and time the event occurred.
The following table describes the endpoint logs that you can view on Traps management service.
Log Type
Severity
Record Type
Category
Endpoint Isolation Cancellation Failed
High
system
Audit
Message:
Traps Agent failed to cancel isolation on {machineName}
Endpoint Isolation Cancellation Succeeded
Medium
system
Audit
Message:
Traps Agent successfully cancelled isolation on {machineName}
Endpoint Isolation Failed
High
system
Audit
Message:
Traps Agent failed to isolate {machineName}
Endpoint Isolation Succeeded
High
system
Audit
Message:
Traps Agent successfully isolated {machineName}
Endpoint OS Incompatibility
Critical
system
Status
Message:
Traps is disabled on {machineName} due to OS incompatibility
Endpoint Software Incompatibility
Critical
system
Status
Message:
Traps is disabled on {machineName} due to software incompatibility
File Scan Failed
High
system
Scanning
Message:
Could not scan file: {path}, error: {errorDescription}
Full Disc Access missing
High
system
Status
Message:
Traps is disabled on machine {machineName}. To resolve this, approve full disc access for Traps in System Preferences / Security and Privacy / Privacy
Hash Exceptions Updated Successfully
Info
system
Audit
Message:
Hash exception created for hash {processHash}, verdict changed to {verdict}
Kernel Driver Initialization Failed
High
system
Status
Message:
Kernel driver initialization failed on machine {machineName}
Kernel Extension Initialization Failed
High
system
Status
Message:
Traps is disabled on machine {machineName}. To resolve this, approve Traps as a kernel extension provider in System Preferences / Security and Privacy / General
Live Terminal Session Initiation Failed
High
system
Audit
Message:
Failed to initiate Live Terminal session with endpoint {machineName}{extra}
Live Terminal Session Initiation Succeeded
Info
system
Audit
Message:
Successfully initiated a Live Terminal session with endpoint {machineName}
Local Analysis Feature Extraction Failed
Medium
system
Monitoring
Message:
Local Analysis failed to extract feature from process {processName} on machine {machineName}
Local Analysis Model Failed
Medium
system
Monitoring
Message:
Local Analysis failed to extract model on machine {machineName}
Module Initialization Failed
Medium
system
Monitoring
Message:
Module {moduleName} initiation failed on process {processName} on machine {machineName}
Process Exceptions Updated Successfully
Info
system
Audit
Message:
{Support/Process} exception applied on process {processName}, on module {moduleName}
Quarantine File Failed
Medium
system
Monitoring
Message:
Failed to quarantine file {fileName} on machine {machineName}
Quarantine File Succeeded
Info
system
Monitoring
Message:
Successfully quarantined file {fileName} on machine {machineName}
Reboot needed
High
system
Status
Message:
Traps is disabled on machine {machineName}. To resolve this, reboot the endpoint
Restore Quarantined File Failed
Medium
system
Monitoring
Message:
Failed to restore file {fileName} on machine {machineName}
Restore Quarantined File Succeeded
Info
system
Monitoring
Message:
Successfully restored file {fileName} on machine {machineName}
Scanning Endpoint Completed
Info
system
Monitoring
Message:
Scanning for malicious files completed successfully on Machine {machineName}
Scanning Endpoint Failed to Complete
Medium
system
Monitoring
Message:
Scanning for malicious files failed on Machine {machineName}
Server Message Handing Error
Medium
system
Monitoring
Message:
Action {SAMName} failed on machine {machineName}
Server Message Handled Successfully
Info
system
Audit
Message:
Action {SAMName} execution completed successfully on machine {machineName}
Terminate Process Failed
High
system
Audit
Message:
Traps Agent failed to terminate process {path} on {machineName}
Terminate Process Succeeded
Medium
system
Audit
Message:
Traps Agent successfully terminated process {path} on {machineName}
Traps Agent Content Update Failed
Medium
system
Monitoring
Message:
Security Content failed to update on {machineName}
Traps Agent Content Updated Successfully
Info
system
Audit
Message:
Security Content updated successfully on {machineName}
Traps Agent Installation Failed
Critical
system
Audit
Message:
Traps Agent version {agentVersion} failed to install on {machineName}
Traps Agent Installed Successfully
Info
system
Audit
Message:
Traps Agent version {agentVersion} installed successfully on {machineName}
Traps Agent Local Configuration Changed
Info
system
Audit
Message:
Traps Agent configuration change locally: {newConfigurationDescription}, by user {localUser}
Traps Agent Policy Update Failed
Medium
system
Monitoring
Message:
Traps Agent policy failed to update on {machineName}
Traps Agent Policy Updated Successfully
Info
system
Audit
Message:
Traps Agent policy updated successfully on {machineName}
Traps Agent Quota Exceeded
Low
system
Monitoring
Message:
Traps Agent quota exceeded on machine {machineName}
Traps Agent Service Paused
High
system
Monitoring
Message:
Traps service {trapsServiceName} was paused on machine {machineName}
Traps Agent Service Start Failed
High
system
Audit
Message:
Failed to start Traps service {trapsServiceName} on machine {machineName}
Traps Agent Service Stopped
High
system
Audit
Message:
Traps service {trapsServiceName} was stopped on machine {machineName}
Traps Agent Uninstalled
Info
system
Audit
Message:
Traps Agent version {agentVersion} uninstalled successfully on {machineName}
Traps Agent Upgrade Failed
Medium
system
Monitoring
Message:
Traps Agent failed to upgrade from version {oldAgentVersion} to version {newAgentVersion} on {machineName}
Traps Agent Upgraded Successfully
Info
system
Audit
Message:
Traps Agent upgraded successfully from version {oldAgentVersion} to version {newAgentVersion} on {machineName}
Traps Fully Protected
Info
system
Status
Message:
Machine {machineName} is fully protected
Traps agent proxy communication failed
High
system
Status
Message:
Traps on machine {machineName} , failed to communicate with TMS via proxy : {1}

Recommended For You