The Traps agent protects the endpoint by enforcing your organization’s security policy as defined in the Endpoint Security Manager. Depending on the configuration, Traps can protect against attempts to exploit software vulnerabilities and bugs and can prevent malicious executable files from running on your endpoints.
When a security event occurs on an endpoint, Traps collects forensic information about that event and, optionally, can also notify the user about the event and even display a custom notification message. On a regular basis, Traps communicates the status of the endpoint and transmits data related to any security events to the Endpoint Security Manager. The following table describes the types of messages that the Traps agent sends to the ESM Server:
The Traps agent periodically sends messages to the ESM Server to indicate that it is operational and to request the latest security policy. The Notifications and Health pages in the Endpoint Security Manager display the status for each endpoint. The duration between messages, known as the heartbeat period, is configurable.
The Traps agent sends notification messages about changes in the agent, such as when a service starts or stops, to the ESM Server. The server logs these notifications in the database and you can view the notifications in the ESM Console.
An end user can request an immediate policy update by clicking Check In Now on the Traps Console. This causes the Traps agent to request the latest security policy from the ESM Server without waiting for the end of the heartbeat period.
If a prevention event occurs on an endpoint where the Traps agent is installed, the Traps agent reports all of event-related information to the ESM Server in real-time.
Traps also provides a user interface that you can use to view the protection status on the endpoint, security event history, running processes, and current security policy rules. Usually, a user will not need to run the Traps Console but the information can be useful when investigating a security-related event. If needed, you can choose to hide the console icon that launches the console or prevent users from launching the console from an endpoint altogether. If you provide access to the Traps Console, you can access it from the notification area (system tray) on an endpoint.