This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Trap can be investigate or forensic anti-spyware or mallicious exploit registry
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Endpoint (Traps) Discussions
- Re: Trap can be investigate or forensic anti-spyware or mallicious exploit registry
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Trap can be investigate or forensic anti-spyware or mallicious exploit registry
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-21-2018 05:34 PM - edited 02-21-2018 05:37 PM
Hi all, I would like to know Trap can be investigated or forensic anti-spyware or malicious exploit via registry? because I have an issue with a client which it seems was a delete with malware which client can't delete yourself
2 REPLIES 2
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-23-2018 12:09 PM
Hi,
I'm not sure if I undertood very well, but you want to know if Traps can perform a forensic analysis, if is yes, Traps client take the events and send it to ESM, but you can create a rule on ESM to collect forensic or files from the client.
If the issue (registry deleted) was perform when traps was enabled, you need to check your policies, first 'cause traps has the option to protect the services against malware or malintentioned actions, then second if that happend you don't have configured traps correctly.
Check Policies>Forensics, on ESM console.
The best regards,
wtobar
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-25-2018 06:27 PM
@wtobarThanks for the suggestions for me, I'll try using the following information
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks