Maintain the Endpoints and Traps
On a daily or weekly basis, perform the following actions:
- Examine the Dashboard to verify that the Traps agent is active on all endpoints. See Use the Endpoint Security Manager Dashboard .
- Review Security Events reported by Traps. After analyzing a security event, you might want to do any of the following tasks:
- Investigate whether the indicators are related to malicious executable files and then use the Agent Query to search for artifacts on Windows endpoints.
- Disable rules temporarily that interfere with day-to-day work. In cases where a security event does not indicate an attack and is interfering with day-to-day work, you can disable an exploit protection or restriction rule on a specific endpoint. See Exclude an Endpoint from an Exploit Protection Rule .
- Patch, upgrade, or fix a bug in software that indicates erroneous behavior or a security vulnerability. Patching or upgrading third-party applications or fixing bugs in applications that are developed in-house can reduce the number of security events reported to the ESM Console.
- Activate protection for an unprotected application. See View, Modify, or Delete a Process .
- Review post-detection events and take additional action to remediate the endpoint.
- Examine the Monitor pages and investigate reports of crashes and security events.
After a change in the organization or in available Traps software versions, you can: