Features Introduced in Traps Agent 5.0.12
There are no new features introduced in Traps agent 5.0.12.
Features Introduced in Traps Agent 5.0.11
There are no new features introduced in Traps agent 5.0.11.
Features Introduced in Traps Agent 5.0.10
There are no new features introduced in Traps agent 5.0.10.
Features Introduced in Traps Agent 5.0.9
The following table describes the new features introduced in Traps agent 5.0.9 release. Traps agent 5.0.9 is a Windows release supported only by the Cortex XDR app, and cannot be installed or supported using the Traps management service.
Agent Proxy Settings in WPAD Environments
You can now install the Traps agent on endpoints that acquire their proxy settings through Web Proxy Auto-Discovery (WPAD) protocol. When the endpoint is set to Automatically detect settings in its network configuration, either manually or scripted, the Traps agent is now able to use the settings as automatically received through the defined PAC file. No additional agent settings are required for this use case.
Extending Configurable Agent Proxy Settings to Traps 5.0.9
In environments where Traps agents communicate with Cortex XDR through a wide-system proxy, you can now set an Set an Application Proxy for Cortex XDR Agents for the Traps agent without affecting the communication of other applications on the endpoint. You can assign set the proxy in one of three ways: during the Traps agent installation, or later on using Cytool on the endpoint or from Endpoints Management in Cortex XDR. You can assign up to five different proxies per agent, and the proxy for communication is selected randomly with equal probability. If the communication through the app-specific proxies fails, the Traps agent tries to use the system-wide proxy defined on the endpoint. If that fails as well, the Traps agent will try to communicate with Cortex XDR directly.
Features Introduced in Traps Agent 5.0.8
The following table describes the new features introduced in Traps agent 5.0.8 release.
Support by Cortex XDR
You can now use Traps 5.0.8 and later 5.0 releases with Cortex XDR.
Features Introduced in Traps Agent 5.0.7
The following table describes the new features introduced in Traps agent 5.0.7 release.
Hardened Passwords Using PBKDF2 Encryption
For increased security, the Traps agent uninstall password is now encrypted using a stronger encryption algorithm (PBKDF2) when transferred between Traps management service and the Windows agents. Traps management service automatically applies the stronger algorithm to the password for new installation packages (no password reset is required). The stronger encryption helps prevent attempts to obtain the password.
Content Update Distribution Enhancement
To reduce bandwidth load when distributing the latest content update, the Traps agent now staggers the time at which it will retrieve the content update from Traps management service. When a new content update is available, Traps agents randomly choose a time within a six hour window to retrieve the content update. This prevents bandwidth saturation due to a high volume and size of content updates.
Features Introduced in Traps Agent 5.0.6
There are no new features introduced in Traps agent 5.0.6.
Features Introduced in Traps Agent 5.0.5
There are no new features introduced in Traps agent 5.0.5.
Features Introduced in Traps Agent 5.0.4
The following table describes the new features introduced in Traps agent 5.0.4 release.
To prevent attackers from leveraging the Mimikatz tool to extract passwords from memory, Traps introduces a new Password Theft Protection module. The new protection module, which you can enable in a Malware Security profile for Windows endpoints, silently prevents attempts to steal credentials and does not currently provide notifications when these events occur. Mimikatz prevention is available with Windows Vista and later Windows releases.
After you enable this protection module, this module is active following the next reboot on the endpoint.
Enhanced Support for Traps on Temporary Sessions
To enable you to logically distinguish temporary sessions from other VDI or standard installations, you can now identify a temporary session such as to a Remote Desktop Server. To identify temporary sessions that replicate from a snapshot, you specify the
Local Analysis Verdicts by Feature Vector
To prevent Traps from blocking unknown files that are likely benign but for which local analysis suspects as malware, Support can now deliver a verdict for the feature vector of a file. A feature vector is a group or family of files that share similar characteristics but have different hashes. For example if you change a few bytes at the end of the file, that file and the original could be grouped under the same feature vector. After Support delivers a support exception to define a benign verdict for a feature vector, the Traps local analysis module can use the verdict to allow similar files to run.
New Operating System Support
Traps extends support to the following operating systems:
For complete compatibility information, refer to the Palo Alto Networks Compatibility Matrix.
Features Introduced in Traps Agent 5.0.3-h1
The following table describes the new features introduced in Traps agent 5.0.3-h1 release.
macOS 10.14 Support
You can now install Traps on macOS 10.14. For complete compatibility information, refer to the Palo Alto Networks Compatibility Matrix.
User-Agent Identification for Traps Agent-Proxy Traffic
You can now exclude traffic between Amazon S3 (s3.amazonaws.com) and a proxy server from SSL decryption. To enable you to filter the agent-proxy traffic, Traps adds a new request header field to the
Features Introduced in Traps Agent 5.0.3
The following table describes the new features introduced in Traps agent 5.0.3 release.
Local Analysis of .NET Samples
To prevent unknown malware developed using the Microsoft .NET framework from running on Windows endpoints, local analysis can now analyze characteristics of .NET samples to determine the likelihood of malware. This enables Traps to identify and block malicious .NET samples before receiving an official WildFire verdict. This capability is automatically included when you enable local analysis in a malware security profile for Windows. As with the existing local analysis models, changes or updates to the models used to analyze .NET samples can be delivered by Palo Alto Networks in content updates.
Features Introduced in Traps Agent 5.0.2
The following table describes the new features introduced in Traps agent 5.0.2 release.
Reverse Shell Protection for Linux
Traps now extends malware protection to Linux servers with Reverse Shell Protection. With this module, Traps detects suspicious or abnormal network activity from shell processes and terminates the malicious shell process.
Features Introduced in Traps Agent 5.0.1
The following table describes the new features introduced in Traps agent 5.0.1 release.
Shellcode Protection for Linux
Traps extends its exploit protection for Linux servers to include shellcode protection. This capability enables Traps to monitor processes that run code from unmapped locations and prevent processes from calling operating system functions that these processes shouldn't commonly use.
Extended Linux OS Support
Traps now supports Amazon Linux 2 LTS Candidate (2017.12) and Amazon Linux 2 LTS Candidate 2, Debian 8 and 9, and Oracle 6 and 7. For full OS compatibility, refer to the Palo Alto Networks Compatibility Matrix.
Features Introduced in Traps Agent 18.104.22.168
The following table describes the new features introduced in Traps agent 22.214.171.124 release.
Traps for Android Installation Enhancement
The Traps app for Android now allows end users to supply the installation URL or distribution ID during activation. This enhancement allows users to complete activation if the distribution ID was not supplied or if the user attempts to install directly from the Google Play Store. For more information, see Install Traps App for Android in the Traps Agent 5.0 Administrator’s Guide.
Features Introduced in Traps Agent 5.0.0
The following table describes the new features introduced in Traps agent 5.0.0 release.
Traps for Android
The new Traps app for Android extends malware detection and prevention to Android endpoints. Traps for Android leverages both local analysis and threat-intelligence from WildFire to detect known malware. Traps for Android can also optionally submit the unknown apps to the Traps management service for further in-depth analysis by WildFire. From the Traps management service, you can monitor the health of the Traps app and view details about security events that occur on the Android endpoints in your organization. Traps for Android is supported on Android 4.4 and later releases.