Tech Docs: See What’s New with Traps 4.2

Charissa Fleischer


tech docs

This release of Traps 4.2 and Endpoint Security Manager 4.2 introduces the following new features.

 

Linux Support—You can now manage endpoint security policy for Linux servers in the ESM Console. Traps for Linux extends exploit protection using the following exploit protection modules: Brute Force Protection, ROP Mitigation, Shellcode Protection, and Kernel Privilege Escalation Protection. To monitor the Linux servers in your organization, you can view security events that occur on your Linux endpoints in the ESM Console.

Trusted Signer Management—For Windows and Mac endpoints, you can now add a signer to the trusted signer whitelist in the ESM Console.

tech_1

When a file is signed by a trusted signer, Traps permits the file to run. For Windows endpoints, Traps evaluates any trusted signers you add as highly trusted signers in the malware evaluation flow.

Virtual Groups—To enable you to easily apply policy, agent action, and agent settings rules to groups of endpoints, you can now define virtual groups in the ESM Console. Virtual groups enable you to group endpoints based on static characteristics such as hostname or unique ID or dynamic characteristics such as domain, IP address, range, or subnet. You can also add existing groups to a static virtual group to create a nested virtual group of endpoints.

Granular Child Process Evaluation—You can now configure more granular settings to define which processes are permitted to run child processes on your endpoints. When you configure the child process malware protection module, you can allow specific parent processes to launch child processes and optionally configure additional execution criteria such as command-line arguments. This can be helpful if your organization uses applications in a way where Traps could identify them as malicious when they are actually used for legitimate purposes. For example, if you need to run script engines from an intranet website running Internet Explorer, you can whitelist the specific use while still protecting Internet Explorer from malicious script engines.

For more details on the new features, please refer to the following resources:

 

Happy reading!
Your friendly Technical Documentation team

Have questions? Contact us at documentation@paloaltonetworks.com.
 

2 Reader Comments

  1. Hi Palo Alto,

    is there a possibility to receive this notifications in the mail automatically?
    And is Proactive scanning only available in Traps 5.0?
    I need it also on-premise.

  2. Charissa Fleischer

    If you mean email notifications for logs, yes, you can configure log forwarding to an email. Or do you mean the blog notifications?
    Yes, the scanning feature is available in Traps 5.0 and later. To see if there are plans to add scanning for the ESM, I would recommend you contact your Account Representative. Thanks!

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.


© 2018 Palo Alto Networks, Inc. All rights reserved.