Malware Protection Overview
Malicious files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather sensitive information, or disrupt the normal operations of the system.
Traps prevents malware by reducing the attack surface and increasing the accuracy of malware detection. This approach combines several layers of protection, collectively known as the Malware Prevention Engine. Using the following combination of mitigation techniques, the Malware Prevention Engine can automatically prevent malicious and unknown executable files—including Microsoft Windows screensaver files (.scr) and Mac object files (Mach-os)—DLLs, and macros from running and, when unable to prevent, halt malicious behavior:
- WildFire integration—Enables automatic detection of known malware and analysis of unknown malware to prevents threats quickly before an enterprise is compromised.
- DLL file protection—Enables you to block known and unknown DLLs on Windows endpoints.
- Office file protection—Enables you to block known and unknown macros when run from Microsoft Office files on Windows endpoints.
- Evaluation of trusted signers—Permits unknown files that are signed by trusted signers to run on the endpoint.
- Local static analysis—Enables Traps to use machine learning to analyze unknown files and issue a verdict. Traps uses the verdict returned by the local analysis module until it receives a verdict from the ESM Server.
- Malware protection modules—Targets specific malware behaviors such as from ransomware and enables you to block the creation of child processes.
- Policy-based restrictions—Enables you to block files from executing from specific local folders, network folders, or external media locations.
For additional information, see Malware Protection Flow .