Our organization is about to migrate to the Palo firewall platform, and also considering including Traps in this project. We have a corporate mandate to have an advanced endpoint product by early next year.
I dont know anybody personally running Traps, so I am coming here to get some feedback from the user community. What I would as is;
How well does it actually work?
Was the instalation and tuning difficult (we have around 2000 endpoints)?
How much daily care and feeding does it take?
Are false poitives a problem when applications/systems update, things like that?
And any other information you could provide that might be helpful.
Traps its a good choice, I have more than one year, in my opinion is an excellent protection, I'm planning to migrate at 4.x version for the next month.
For the false positives use the monitoring mode, then create the rules, once the rules are created believe me the platform works fine.
To deploy use a GPO policie.
It's been good for the past few months, without much of an issue. False-Positives are easy enough to correct and build out a policy to allow, and if it's a Wildfire false positive it usually fixes itself.
There is a fair bit of tuning that we needed to do in our enviroment, but we need to fine-tune every antivirus solution we deploy so that isn't that big of a deal and was to be expected.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!