Traps Management Service Known Issues

Known issues with the Traps management service.
The following table includes known issues in the Traps management service.
Issue ID
Description
AP-13108
When you quarantine a file reported as malware by WildFire, and the malware file is still running on the endpoint, you will see a duplicate quarantine action in the Actions Tracker window.
AP-12986
In the Management service logs window, long logs are cut off on both ends.
AP-12968
When you configure dynamic group rules and select criteria, the Traps management service includes in the group agents with either selected criteria (OR rule) instead of including endpoints matching all selected criteria (AND rule).
AP-12807
Addressed in the Traps management service September 2019 release.
Sometimes the Traps management service retrieves files from endpoints without the last character in the file name.
AP-12617
Addressed in the Traps management service September 2019 release.
In order for the Traps management service to identify logged-in users and apply policy rules to endpoints, the user section of the UPN (User Principal Name) must be the same as the user section of the SAM (Security Accounts Manager).
AP-12034
When multiple Traps agents simultaneously request verdicts for the same hash or upload an EVR file with similar hashes, Traps management service creates multiple upload sessions for a single unknown file.
AP-11979
Addressed in the Traps management service August 2019 release.
From
File
Analytics
, when you open the details view of a file and select endpoints, the column titles (
Endpoint
,
User
, etc) appear to be active for sorting when you hover over the title.
AP-11079
Addressed in the Traps management service August 2019 release.
When you export the data on the
Endpoints
page, the comma-separated values (CSV) file contains duplicate results for endpoints if the endpoint is included in multiple groups and you filter the Endpoints results by those groups.
AP-11061
Addressed in the Traps management service June 2019 release.
When an endpoint belongs to more than one group and you use filters to target those groups in a bulk action (for example retrieve data), Traps management service initiates multiple actions for the same endpoint. When this occurs, the first action succeeds, but the subsequent actions fail.
AP-11059
Addressed in the Traps management service August 2019 release.
For bulk actions, Traps management service does not provide a complete log of the affected endpoints in Management Service logs. In addition, when a bulk action is not triggered on a targeted endpoint, the
Action Tracker
provides a summary of the number of endpoints that were skipped with the reasons, but does not break out the list by endpoints to indicate the reason the action on each endpoint was skipped.
AP-10968
Addressed in the Traps management service June 2019 release.
When Traps fails to quarantine a file and reports an error, the
Actions Tracker
displays an empty status that doesn’t provide any details about the error when you hover over the status indicator.
AP-10786
When you sort by endpoint name, Traps management service presents results in order of the original endpoint name and does not take into account any defined aliases.
AP-9870
Addressed in the Traps management service September 2019 release.
When you edit the Agent settings profile in Traps management service, sometimes the console UI breaks.
AP-5379
When the Traps agent cannot retrieve the FQDN of the user domain, the Traps agent cannot receive policies that apply to Active Directory objects, thus introducing the potential for the local endpoint policy to become outdated.
AP-4817
When editing or creating a policy rule that applies to endpoints of
Type
:
AD OU
(Active Directory organizational units), specifying a wildcard in the middle of a search term causes the Traps management service to display inconsistent results.
Workaround
: Specify the search term without wildcards in the middle of search terms when filtering the endpoint
Type
by
AD OU
. If necessary, you can use wildcards at the beginning or end of your search term. Or, to use wildcards in the middle of a search term, remove the
Type
filter to apply to all endpoints.
AP-4082
After the PingID session expires, there is no option to resubmit credentials to log back in to the Traps management service. As a result, you must close and open a new browser to log back in to the Traps management service.
DIT-3383
Addressed in the Cortex Data Lake August 2019 release.
Cortex Data Lake requires you to allocate log storage for Endpoint Data even if you do not have a valid Cortex XDR license or enable data collection and monitoring. As a result, when Endpoint Data is set to 0, you are prevented from completing the activation of a new Traps management service tenant.
Workaround
: Allocate 1% of log storage for Endpoint Data to complete activation.

Related Documentation