Palo Alto Networks Knowledgebase: How to Enable Exploit Protection with Traps 4.1.2 and App Volumes 2.12

How to Enable Exploit Protection with Traps 4.1.2 and App Volumes 2.12

2147
Created On 02/07/19 23:34 PM - Last Updated 02/07/19 23:35 PM
Advanced Endpoint Protection Traps
Resolution

Description

This article applies to Traps 4.1.2 and later releases with App Volumes 2.12 and later releases.

The AppVolumes registry and file redirection mechanism interferes with Traps registry keys and files, which causes Traps process injection to fail. As a result, Traps exploit protection modules will not function.

As a workaround to address this issue, AppVolumes supplies a configurable file which you can update so that the AppVolumes redirection mechanism will not interfere with registry keys and file operations in specific locations:
 

Exclude Traps paths:

exclude_path=\Program Files (x86)\Palo Alto Networks\Traps

exclude_path=\Program Files\Palo Alto Networks\Traps

exclude_path=\ProgramData\Cyvera

 

Exclude Traps registry keys

exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\tlaservice

exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyserver

exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyveraservice

exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyverak

exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyvrfsfd

exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\cyvrmtgn

exclude_registry=\REGISTRY\MACHINE\SYSTEM\CYVERA

exclude_registry=\REGISTRY\MACHINE\SOFTWARE\CYVERA

 

Add the above values to the snapvol.cfg file according to the following VMware knowledge base article: https://kb.vmware.com/s/article/2149892

 

After you configure the file, Traps exploit protection functions as expected. 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOcCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language