Malware Protection Overview
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Malware Protection Overview
Malicious files, known as malware, are often disguised
as or embedded in non-malicious files. These files can attempt to
gain control, gather sensitive information, or disrupt the normal
operations of the system.
Traps prevents malware by reducing the attack surface and increasing
the accuracy of malware detection. This approach combines several
layers of protection, collectively known as the Malware Prevention
Engine. Using the following combination of mitigation techniques,
the Malware Prevention Engine can automatically prevent malicious
and unknown executable files—including Microsoft Windows screensaver
files (.scr) and Mac object files (Mach-os)—DLLs, and macros from
running and, when unable to prevent, halt malicious behavior:
- WildFire integration—Enables automatic detection of known malware and analysis of unknown malware to prevents threats quickly before an enterprise is compromised.
- DLL file protection—Enables you to block known and unknown DLLs on Windows endpoints.
- Office file protection—Enables you to block known and unknown macros when run from Microsoft Office files on Windows endpoints.
- Evaluation of trusted signers—Permits unknown files that are signed by trusted signers to run on the endpoint.
- Local static analysis—Enables Traps to use machine learning to analyze unknown files and issue a verdict. Traps uses the verdict returned by the local analysis module until it receives a verdict from the ESM Server.
- Malware protection modules—Targets specific malware behaviors such as from ransomware and enables you to block the creation of child processes.
- Policy-based restrictions—Enables you to block files from executing from specific local folders, network folders, or external media locations.
For additional information, see Malware
Protection Flow.