The weather here in California is heating up, just like the July releases for Traps management service and Traps 5.0.2! These releases introduce the following new features:
Enhanced Visibility Into Protected Processes—You can now view and search processes protected by each capability in an Exploit Security Profile. This helps you better understand which processes are affected when you configure Exploit Security Profiles.
Search Security Events by Process or File Name—You can now search security events for a specific process or file name. The new search filters can help you determine which endpoints are affected by a specific malicious file or process.
Restricted Folder Whitelist—(Windows only) You can now configure Traps to ignore specific files and files executed from specific folders. This can be useful when you want to allow legitimate files to run from a local restricted folder. For example, if you block executables run from a browser’s %USERPROFILE%\Downloads* folder but need to allow specific just-in-time launchers to run, you can now whitelist any legitimate files. To add a file or folder path to the whitelist, configure a Restrictions security profile and assign it to a rule.
Search Term Persistence—The Traps management service now retains search filters as you move between different tabs and views. Now, when you return to a page, the Traps management service automatically applies any search criteria you applied previously. In addition, you can easily reset all search criteria with a single click.
TLS 1.2 Support—The Traps management service and client browser now enforce TLS 1.2 for secure communication. TLS 1.2, which is more secure than TLS 1.0, was introduced as early as 2013 for some browsers (Chrome 30 and Apple Safari 7, for example). Browsers that do not support TLS 1.2 are not supported with the Traps management service.
Traps for Linux Migration to Traps Management Service—You can now easily migrate the Traps agent on Linux endpoints from an on-premise management deployment (with the Endpoint Security Manager 4.2) to the cloud-based Traps management service. Now, you can create an upgrade package which contains Traps management service configuration settings and use it to upgrade the Traps agents to the 5.0 agent version on Linux endpoints.
Reverse Shell Protection for Linux—Traps 5.0.2 and later releases can now block malicious behavior on Linux endpoints with Reverse Shell Protection. This capability enables Traps to monitor shell processes for activity where an attacker redirects standard input and output streams to network sockets, and if detected, terminate the malicious shell process.
For more details on the new features, please refer to the following resources:
- Traps Management Service Release Notes
- Traps Management Service Administrator’s Guide
- Traps 5.0 Agent Release Notes
- Traps 5.0 Agent Administrator’s Guide
Happy reading!
Your friendly Technical Documentation team
Have questions? Contact us at documentation@paloaltonetworks.com.