Endpoint Logs

Endpoint logs include entries for events that are monitored by the Traps agent and are classified with a the system record type. The Traps agent logs these endpoint events using one of three categories:
  • Audit—Changes to the agent software, policy, or services as initiated by an administrator.
  • Monitoring—Change in status for actions carried out or monitored by the Traps agent, such as quarantine, log quota, or policy applications.
  • Scanning—Change in status for scanning actions carried out or monitored by the Traps agent.
  • Status—Changes to the agent protection status.
Each entry includes the event category that identifies the type of configuration event that occurred, the specific type of event, the severity of the event that corresponds to the event type, a descriptive message that describes the log event, the username of the local active user on the endpoint, and the date and time the event occurred.
The following table describes the endpoint logs that you can view on Traps management service.
Log TypeSeverityRecord TypeCategory
Endpoint Isolation Cancellation FailedHighsystemAudit
Message: Traps Agent failed to cancel isolation on {machineName}
Endpoint Isolation Cancellation SucceededMediumsystemAudit
Message: Traps Agent successfully cancelled isolation on {machineName}
Endpoint Isolation FailedHighsystemAudit
Message: Traps Agent failed to isolate {machineName}
Endpoint Isolation SucceededHighsystemAudit
Message: Traps Agent successfully isolated {machineName}
Endpoint OS IncompatibilityCriticalsystemStatus
Message: Traps is disabled on {machineName} due to OS incompatibility
Endpoint Software IncompatibilityCriticalsystemStatus
Message: Traps is disabled on {machineName} due to software incompatibility
File Scan FailedHighsystemScanning
Message: Could not scan file: {path}, error: {errorDescription}
Hash Exceptions Updated SuccessfullyInfosystemAudit
Message: Hash exception created for hash {processHash}, verdict changed to {verdict}
Kernel Driver Initialization FailedHighsystemStatus
Message: Kernel driver initialization failed on machine {machineName}
Kernel Extension Initialization FailedHighsystemStatus
Message: Traps is disabled on machine {machineName}. To resolve this, approve Traps as a kernel extension provider in System Preferences / Security and Privacy / General
Local Analysis Feature Extraction FailedMediumsystemMonitoring
Message: Local Analysis failed to extract feature from process {processName} on machine {machineName}
Local Analysis Model FailedMediumsystemMonitoring
Message: Local Analysis failed to extract model on machine {machineName}
Module Initialization FailedMediumsystemMonitoring
Message: Module {moduleName} initiation failed on process {processName} on machine {machineName}
Process Exceptions Updated SuccessfullyInfosystemAudit
Message: {Support/Process} exception applied on process {processName}, on module {moduleName}
Quarantine File FailedMediumsystemMonitoring
Message: Failed to quarantine file {fileName} on machine {machineName}
Quarantine File SucceededInfosystemMonitoring
Message: Successfully quarantined file {fileName} on machine {machineName}
Restore Quarantined File FailedMediumsystemMonitoring
Message: Failed to restore file {fileName} on machine {machineName}
Restore Quarantined File SucceededInfosystemMonitoring
Message: Successfully restored file {fileName} on machine {machineName}
Scanning Endpoint CompletedInfosystemMonitoring
Message: Scanning for malicious files completed successfully on Machine {machineName}
Scanning Endpoint Failed to CompleteMediumsystemMonitoring
Message: Scanning for malicious files failed on Machine {machineName}
Server Message Handing ErrorMediumsystemMonitoring
Message: Action {SAMName} failed on machine {machineName}
Server Message Handled SuccessfullyInfosystemAudit
Message: Action {SAMName} execution completed successfully on machine {machineName}
Terminate Process FailedHighsystemAudit
Message: Traps Agent failed to terminate process {path} on {machineName}
Terminate Process SucceededMediumsystemAudit
Message: Traps Agent successfully terminated process {path} on {machineName}
Traps Agent Content Update FailedMediumsystemMonitoring
Message: Security Content failed to update on {machineName}
Traps Agent Content Updated SuccessfullyInfosystemAudit
Message: Security Content updated successfully on {machineName}
Traps Agent Installation FailedCriticalsystemAudit
Message: Traps Agent version {agentVersion} failed to install on {machineName}
Traps Agent Installed SuccessfullyInfosystemAudit
Message: Traps Agent version {agentVersion} installed successfully on {machineName}
Traps Agent Local Configuration ChangedInfosystemAudit
Message: Traps Agent configuration change locally: {newConfigurationDescription}, by user {localUser}
Traps Agent Policy Update FailedMediumsystemMonitoring
Message: Traps Agent policy failed to update on {machineName}
Traps Agent Policy Updated SuccessfullyInfosystemAudit
Message: Traps Agent policy updated successfully on {machineName}
Traps Agent Quota ExceededLowsystemMonitoring
Message: Traps Agent quota exceeded on machine {machineName}
Traps Agent Service PausedHighsystemMonitoring
Message: Traps service {trapsServiceName} was paused on machine {machineName}
Traps Agent Service Start FailedHighsystemAudit
Message: Failed to start Traps service {trapsServiceName} on machine {machineName}
Traps Agent Service StoppedHighsystemAudit
Message: Traps service {trapsServiceName} was stopped on machine {machineName}
Traps Agent UninstalledInfosystemAudit
Message: Traps Agent version {agentVersion} uninstalled successfully on {machineName}
Traps Agent Upgrade FailedMediumsystemMonitoring
Message: Traps Agent failed to upgrade from version {oldAgentVersion} to version {newAgentVersion} on {machineName}
Traps Agent Upgraded SuccessfullyInfosystemAudit
Message: Traps Agent upgraded successfully from version {oldAgentVersion} to version {newAgentVersion} on {machineName}
Traps Fully ProtectedInfosystemStatus
Message: Machine {machineName} is fully protected

Related Documentation