Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

cancel
Showing results for 
Search instead for 
Did you mean: 

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

Retired Member
Not applicable

A customer is seeing infected word files with macro in their network. The firewall is not able to block this file because the macro keeps changing file hash, even with WildFire enabled.

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

3 REPLIES 3

L5 Sessionator

Hello Emma,

It depends on the policy pushed to the client machine whether word process is protected or not.

If it is then yes, Traps will detect the exploit and won't display the file.

Regards,

Hari Yadavalli

L7 Applicator

Note that TRAPS works in a completely different way than current AV products.  AV using signatures that are evaded by the technique you note.  TRAPS watches the actual behavior against exploit behavior and stops the action or logs the activity.

Advanced Endpoint Protection Overview

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L4 Transporter

As already said, if the macro is malicious (exploit vulnerabilty on the endpoint) then most probably Traps will stop it from happening. I made a short video to demo Traps preventing an endpoint from being exploited by a vuln. in Adobe Flash just to give an idea.

Traps - Advanced Endpoint Protection by Palo Alto Networks - YouTube

One of the key advantages of Traps is that it does not require any remediation after prevention, although the malicious files should get deleted/quarantined on the endpoint once a legacy AV solution has a signature....

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!