Description
This article applies to Traps 4.1.2 and later releases with App Volumes 2.12 and later releases.
The AppVolumes registry and file redirection mechanism interferes with Traps registry keys and files, which causes Traps process injection to fail. As a result, Traps exploit protection modules will not function.
As a workaround to address this issue, AppVolumes supplies a configurable file which you can update so that the AppVolumes redirection mechanism will not interfere with registry keys and file operations in specific locations:
Exclude Traps paths:
exclude_path=\Program Files (x86)\Palo Alto Networks\Traps
exclude_path=\Program Files\Palo Alto Networks\Traps
exclude_path=\ProgramData\Cyvera
Exclude Traps registry keys
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\tlaservice
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyserver
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyveraservice
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyverak
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyvrfsfd
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyvrmtgn
exclude_registry=\REGISTRY\MACHINE\SYSTEM\CYVERA
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\CYVERA
Add the above values to the snapvol.cfg file according to the following VMware knowledge base article: https://kb.vmware.com/s/article/2149892.
After you configure the file, Traps exploit protection functions as expected.