Hate your antivirus (AV) solution? You are in luck! Earlier this month we announced Traps v3.4, the next step in the evolution to replace traditional antivirus software.
This release includes several major features that enable you to take the plunge to eliminate traditional antivirus.
To ensure your legitimate files are never prevented from executing on the endpoint, Traps advanced endpoint protection now evaluates whether files are signed by a trusted signer. The list of trusted signers is based on the official trusted signer list in WildFire. That means executable files that are signed by trusted signers are exempt from additional analysis and verdict evaluation. This feature is useful in situations where unknown executable files, such as new software updates for the operating system or for applications, are signed by a trusted signer but have not, yet, been analyzed by WildFire.
Local analysis uses a statistical model that was developed using machine learning on WildFire threat intelligence. Traps uses local analysis to examine hundreds of characteristics associated with an unknown executable file to determine if the file is likely to be malware. With this feature, Traps quickly analyzes and assigns a local verdict to an unknown executable file when the endpoint is offline or while waiting for the official verdict from WildFire. Traps continues to use the local verdict to block or allow the execution of the unknown executable file until the agent receives an updated verdict from the ESM Server.
Traps now takes malware protection one step further with a new capability to transparentlyquarantine malicious executable files on the endpoint. To determine if an executable file is malicious and should be quarantined, Traps uses information from the following sources: WildFire threat intelligence, local analysis, and hash control policy. When malware is identified, Traps notifies the user about the quarantined file (if you enabled user alerts), removes the malware from the local folder or removable hard-drive, and stores the file in a local quarantine folder. With this feature, you can also restore a quarantined file to its original location.
Here are a few resources to add to your Traps v3.4 reading list!
- New Features Guide: Your go-to resource for all the new features in Traps v3.4.
- Administrator’s Guide: Contains installation procedures and configuration workflows to get you up and running quickly.
- Release Notes: Provides important information about the Traps advanced endpoint protection v3.4 software including known issues and limitations.
Pro tip: On the documentation search, use the facet to filter results for only documentation about Traps v3.4.
[Palo Alto Networks Research Center]