Services and Processes | Services: Processes: /opt/traps/bin/dypd or /opt/traps/bin/dypdng (depending on the Linux kernel version) - Running with root privileges, pmd starts and stops a single dypd helper process.
/opt/traps/analyzerd/clad - Unprivileged process running inside the sandbox, pmd starts and stops a single analyzerd helper process.
/opt/traps/analyzerd/spmd ‑ Unprivileged process running inside the sandbox, pmd starts and stops a single analyzerd helper process.
/opt/traps/python/payload/lted ‑ Unprivileged process running inside the sandbox, pmd starts and stops multiple lted processes on demand.
/opt/traps/python/payload/pyxd
|
Memory usage of lted processes | All lted instances are forks of the same process, sharing most of the physical memory pages. Using ps and sum of RSS of all lted instances could be misleading, since the same shared memory pages will be counted several times. The correct way to analyze memory usage of lted processes is using PSS (Proportional set size), which can be calculated by the smem utility. |
Cortex XDR agent logs | Indicates information, warnings, and errors related to Cortex XDR that are stored on the endpoint, accessible to privileged users only. |
Kernel Module | The installed Cortex XDR agent kernel module. Kernel modules are updated through Content updates. See the admin guide for more information about content updates. Latest content releases are listed here. For supported Kernel Modules see here. |