Changes to Default Behavior
Changes to Default Behavior in Traps 4.1.3
Traps™ 4.1.3 includes the following changes to default behavior:
Feature Change to Default Behavior
Forensics folder For enhanced security, files in the web-based forensics (BITS upload) folder are no longer accessible to any device except the Endpoint Security Manager (ESM) Server and Console. Now, when you install or upgrade to ESM 4.1.3, the installer creates a user account (TrapsDownloader) and uses that account for accessing files in the BITS folder.
Traps upgrades on VDI machines In a virtual desktop infrastructure (VDI) environment, upgrade packages apply only to persistent VDI machines, and therefore the ESM Server no longer sends the packages to non-persistent VDI machines or to the golden image when you configure one-time action rules for Agent Installation ( Settings > Agent > Actions).
Changes to Default Behavior in Traps 4.1.2
Traps™ 4.1.2 includes the following changes to default behavior:
Feature Change to Default Behavior
Content Update To better reflect the purpose of the field, the Release Date label associated with each content update is now Creation Date. The Creation Date identifies the date on which Palo Alto Networks® created the content update build.
Cytool To get started quickly using the Cytool command-line tool on Mac endpoints, you no longer need to enable remote process calls (RPCs) before you run Cytool commands. Now, Cytool automatically enables RPCs when you install Traps on a Mac endpoint. As a result, the cytool rpc command has been deprecated.
ESM Server in DMZ In Active Directory environments, to enable Traps agents to connect with an Endpoint Security Manager (ESM) Server located in a DMZ, you must now enter an LDAP address for the Domain Name of the ESM Server ( Settings > ESM > Multi ESM > <ESM_Server>).
Automated Monitoring of Traps Services The watchdog service that monitors the status of critical Traps services such as local analysis now runs only when the endpoint boots. Previously, the watchdog service ran only when the user logged in to the endpoint. The change enables Traps services to restart earlier, thereby ensuring Traps protection is enabled before the user logs in.
Changes to Default Behavior in Traps 4.1.1
Traps 4.1.1 includes the following changes to default behavior:
Feature Change to Default Behavior
DLL Files Protection The DLL rule configuration has now changed to support two rule types. For more information, see Features Introduced in Traps 4.1.1.
Kernel APC Protection You can no longer configure Kernel APC Protection to apply to any processes. Now, when you configure a new exploit protection rule for Kernel APC Protection, you enter a single source process to which the rule applies. The ESM Console provides auto-completion based on the list of processes defined in the ESM Console.
Changes to Default Behavior in Traps 4.1.0
There are no changes to default behavior in Traps 4.1.0.

Related Documentation