Download PDF - Palo Alto Networks

Set Up the Traps Infrastructure
The following topics describe how to set up the Traps infrastructure components:

Endpoint Infrastructure Setup Tasks

Set Up the Endpoint Security Manager

Set Up the Endpoints

Verify a Successful Installation
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
21
Endpoint Infrastructure Setup Tasks
Set Up the Traps Infrastructure
Endpoint Infrastructure Setup Tasks
Use the following workflow to set up the Endpoint infrastructure:
Task
Step 1
For More Information
Review the prerequisites of the software. Prerequisites to Install the ESM Server
Prerequisites to Install Traps on an Endpoint
Step 2
Review the recommended
implementation stages.
Traps Deployment Stages
Step 3
(Optional) Configure the Internet
Information Services (IIS) with .NET
services.
Enable IIS with .NET
Configure SSL on the ESM Console
Step 4
(Optional) Configure the MS-SQL Server. Configure the MS-SQL Server Database
Step 5
Install the ESM Server software.
Install the Endpoint Security Manager Server Software
Step 6
Install the Endpoint Security Manager
web interface.
Install the Endpoint Security Manager Console Software
Step 7
Install the base security policy.
Upload the Base Security Policies
Step 8
Install Traps on the endpoints.
Install Traps on the Endpoint
Install Traps on the Endpoint Using Msiexec
Step 9
22
Verify a successful installation.
Verify a Successful Installation
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoint Security Manager
Set Up the Endpoint Security Manager

Prerequisites to Install the ESM Server

Enable IIS with .NET

Configure SSL on the ESM Console

Configure the MS-SQL Server Database

Install the Endpoint Security Manager Server Software

Install the Endpoint Security Manager Console Software

Upload the Base Security Policies
Prerequisites to Install the ESM Server
Before installing software on the ESM Server, make sure that the server meets the following prerequisites:

300MB disk space plus additional space for the forensic (quarantine) folder; 60GB disk space
recommended


2GB memory; 4GB recommended
Physical or virtual Windows Server. Use one of the following:
–
Windows Server 2008 R2
–
Windows Server 2012
–
Windows Server 2012 R2

Internet Information Services (IIS) 7.0 or above with ASP.NET and Static Content Compressions
components

.NET Framework:

–
Windows Server 2008 R2: .NET Framework 4 patched with KB2468871
–
Windows Server 2012: .NET Framework 3.5 and 4.5
Database applications—The server-side applications require an SQL database that can either be a local
database installed on the same server as the Endpoint Security Manager, or an external database installed
on another machine. Use one of the following database applications:
–
SQLite 1.0.82.0 or later for the evaluation stage. Find the SQLite setup file in the Tools folder of your
endpoint installation package, or download it from the Internet.
–
MS-SQL 2008
–
MS-SQL 2012
Consult with the Palo Alto Networks support team if integration with an existing database is
required.

SSL certificate from a trusted certificate authority (CA) with Server Authentication and Client
Authentication (recommended).
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
23
Set Up the Endpoint Security Manager


Set Up the Traps Infrastructure
Allow communication on TCP port 2125 from clients to server.
Shared forensic folder with NTFS and share permissions (write-only permission for all users is
recommended).
Enable IIS with .NET
The Internet Information Services (IIS) role on a Windows Server allows you to share information with users
on the Internet, an intranet, or an extranet. Windows Servers with IIS 7.5 provide a unified web platform that
integrates IIS, ASP.NET, and Windows Communication Foundation (WCF). To access the Endpoint Security
Manager over the web, enable IIS with .NET.

Enable IIS with .NET on a Windows Server 2008 R2

Enable IIS with .NET on a Windows Server 2012
Enable IIS with .NET on a Windows Server 2008 R2
When installing IIS with .NET on a Windows Server 2008 R2, you must install .NET Framework 4 patched
with KB2468871.
Enable IIS with .NET on a Windows Server 2008
Step 1
Open the Server Manager on the
Windows Server.
Select Server Manager from the Start menu.
Step 2
Add a new role.
1.
Select Roles > Add Roles and then click Next.
2.
Select the Web Server (IIS) option and then click Next.
3.
Click Next and then select Role Services from the menu on the
left.
24
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoint Security Manager
Enable IIS with .NET on a Windows Server 2008
Step 3
Step 4
Define role services.
Confirm the installation services.
1.
Select the Application Development option.
2.
Leave the remaining options at their default settings.
3.
Click Next.
1.
Verify that the Application Development services appear in the
list of Installation Selections and then click Install.
2.
Click Close to exit the wizard.
Enable IIS with .NET on a Windows Server 2012
When installing IIS with .NET on a Windows Server 2012, you must install .NET Framework 3.5 and 4.5.
Enable IIS with .NET on a Windows Server 2012
Step 1
Step 2
Open the Server Manager on the
Windows Server.
Select the installation type.
1.
Select Server Manager from the Start menu.
2.
Select Add roles and features and then click Next.
Select Role-based or feature-based installation and then click
Next.
Step 3
Specify the server.
Select the server from the Server Pool and then click Next.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
25
Set Up the Endpoint Security Manager
Set Up the Traps Infrastructure
Enable IIS with .NET on a Windows Server 2012
Step 4
Add the Web Services role and features.
1.
Select the Web Server (IIS) option.
2.
Click Add Features.
3.
Click Next.
4.
Select .NET Framework 3.5 Features.
5.
Select .NET Framework 4.5 Features and ASP.NET 4.5.
6.
Click Next. Click Next again.
7.
Under Web Server, select Application Development and then
expand the feature to reveal additional selections. Select the
following features. If prompted, click Add Features.
• ASP.NET 3.5
• ASP.NET 4.5
• ISAPI Extensions
• ISAPI Filters
• .NET Extensibility 3.5
• .NET Extensibility 4.5
8.
Step 5
Confirm the installation services.
1.
Click Next.
Verify that the features appear in the list of installation
selections and then click Install.
2.
Click Close to exit the wizard.
Configure SSL on the ESM Console
To secure your ESM console and protect user’s privacy using Secure Sockets Layer (SSL), install a server
certificate and then add an HTTPS binding on port 443.
26
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoint Security Manager
Configure SSL on the ESM Console
Step 1
Open the IIS Manager.
1.
Click Start, and then Control Panel.
2.
Do one of the following:
• Click System and Security > Administrative Tools.
• From the Start Search, type inetmgr and press ENTER.
Step 2
To request or install a server certificate, see:
(Optional) If your site requires SSL,
install an SSL certificate on the server that • Request an Internet Server Certificate
runs the ESM console.
• Install an Internet Server Certificate
The server certificate enables users to
confirm the identity of a Web server
before they transmit sensitive data, and
uses the server's public key information
to encrypt data and send it back to the
server.
Skip this step if your site does not require
SSL or if you have previously installed the
SSL certificate.
Step 3
Add an HTTPS binding.
1.
Under Connections, expand the Sites node in the tree, and then
click to select the site for which you want to add a binding.
2.
Under Actions > Edit Site, click Bindings > Add.
3.
Specify the type as https and then add the remaining binding
information including IP address, Port (the default is 443), and
Host name.
4.
(Optional for Windows Server 2012 only) Select the option to
Require Server Name Indication.
5.
Select the SSL certificate from the drop-down, and click OK.
Configure the MS-SQL Server Database
The Endpoint Security Manager requires a database that is managed over the MS-SQL platform, either MS SQL
2008 or MS SQL 2012. The Endpoint Security Manager uses the database to store administrative information,
security policy rules, information about security events, and other information that the Endpoint Security
Manager uses.
During the proof-of-concept stage, the SQLite database is also supported.
Before installing the Endpoint Security Manager, you must configure the MS-SQL database with the required
permissions. When using Windows Authentication as the user authentication method, the owner must have Log
on as a service rights.
The following procedure is recommended as a best practice for creating and configuring the MS-SQL Server
database.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
27
Set Up the Endpoint Security Manager
Set Up the Traps Infrastructure
Configure the MS-SQL Server Database
Step 1
Step 2
Create a new database.
Configure the database settings.
1.
Select SQL Server Management Studio from the Start menu.
2.
Click Connect to open Microsoft SQL Server Management
Studio.
3.
Select Database > New Database….
1.
Enter the following information:
• Database name
• Owner (including domain)
When using Windows Authentication as the user
authentication method, the owner must have “Log on as
a service” rights.
2.
28
Click OK.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoint Security Manager
Configure the MS-SQL Server Database (Continued)
Step 3
Verify the database owner.
1.
Enter the login name of the owner and then click Check
Names.
2.
Select the matching name and then click OK to return to the
Select Database Owner page, and again to return to the
Microsoft SQL Server Management Studio page.
3.
Select the database you created, then select Security > Users
> dbo.
4.
Verify that the db_owner is selected in the Owned Schemas
and Role Members sections of the Database User dialog box
and then click OK.
Install the Endpoint Security Manager Server Software
Before installing the Endpoint Security Manager (ESM) Server software, verify that the system meets the
requirements described in Prerequisites to Install the ESM Server.
Install the Endpoint Security Manager Server Software
Step 1
Initiate the ESM Server software
installation.
1.
Obtain the software from your Palo Alto Networks Account
Manager, reseller, or from
https://support.paloaltonetworks.com.
2.
Unzip the file and then double click the ESMCore installation
file.
3.
On the End User License Agreement dialog, select the I accept
the terms in the License Agreement check box and then click
Next.
4.
Leave the default installation folder, or click Change to specify
a different installation folder and then click Next.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
29
Set Up the Endpoint Security Manager
Set Up the Traps Infrastructure
Install the Endpoint Security Manager Server Software (Continued)
Step 2
Configure the settings for the
administrative user.
1.
Choose the type of authentication you want to use:
• Machine—The Endpoint Security Manager authenticates
using users and groups on the local machine.
• Domain—The Endpoint Security Manager authenticates
using users and groups belonging to the domain of the
machine.
Step 3
Configure the database settings.
2.
Enter the account name for the user who will administer the
server in the Please specify an administrative user field and
then click Next.
1.
Select the type of database that you installed for use with the
Endpoint Security Manager.
If you select SQL Server, you must provide the following
configuration information:
• SQL Server Name or IP address and database instance (for
example, ESMServer/database).
• Authentication type (Windows or SQL).
• Username including domain (for example,
ESMServer\administrator) and password for the server for
the user who will administer the database. The user account
that you specify must have permissions to create a database
on the server.
2.
Step 4
Specify the security level for
1.
communication between the ESM Server
components.
Click Verify to confirm that the server can connect to the
database using the authentication credentials. If successful, click
Next.
Select one of the following options:
• No Certificate (no SSL)—Communication is not encrypted
(not recommended).
• External Certificate (SSL)—All communication is
encrypted over SSL. If you select this option, browse to the
certificate file (in PFX format) and enter the password
required to decrypt the private key in the PFX file.
2.
30
Click Next.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoint Security Manager
Install the Endpoint Security Manager Server Software (Continued)
Step 5
Specify the quarantine folder.
1.
Enter or Browse to the Quarantine Folder location.
The endpoint must be able to access and write to the
Quarantine Folder location.
Step 6
Configure additional settings for your
ESM Server.
2.
Click Next.
1.
Configure the following settings as necessary for your
environment:
• ESM Console port—Specify the port to use for access to the
web interface or leave the default setting (2125).
• (Optional) Select one or more external reporting tool
options:
– Report to event viewer—Report all events to the
Windows event viewer.
– Report to Syslog—Report all events to an external syslog
server. Enter the syslog Server Name, communication
Port, and Scheduled heartbeat frequency in minutes.
Specify a value of 0 if you do not want to send heartbeat
information to the syslog server.
2.
Step 7
Step 8
Set a required password for uninstalling 1.
the Endpoint Security Manager software. 2.
Complete the installation.
Click Next.
Enter and confirm a password that is eight characters or more.
Click Next.
1.
Click Install.
2.
When the installation is complete, click Finish.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
31
Set Up the Endpoint Security Manager
Set Up the Traps Infrastructure
Install the Endpoint Security Manager Console Software
Before installing the Endpoint Security Manager (ESM) Console software, verify that the system meets the
requirements described in Prerequisites to Install the ESM Server.
Install the Endpoint Security Manager Console Software
Step 1
Initiate the ESM Console software
installation.
1.
Obtain the software from your Palo Alto Networks Account
Manager, reseller, or from
https://support.paloaltonetworks.com.
2.
Unzip the zip file and then double click the ESMConsole
installation file.
3.
Click Next to begin the setup process.
4.
Select the I accept the terms of the License Agreement check
box and then click Next.
Step 2
Specify the installation folder for the
Endpoint Security Manager.
Leave the default installation folder, or click Change to specify a
different installation folder and then click Next.
Step 3
Specify the database configuration
settings.
1.
Select the type of database that you installed for use with the
Endpoint Security Manager. For an SQL database configure:
• SQL Server Name or IP address followed by the database
instance (for example, ESMServer\database).
• Authentication type (Windows or SQL).
• User Name including the domain (for example,
ESMServer/administrator) and Password for the server to
access the database. The user account that you specify must
have permissions to create a database on the server.
Step 4
Step 5
Complete the installation.
Install the license.
2.
Click Verify to confirm that the server can connect to the
database using the authentication credentials. If successful, click
Next.
1.
Click Install.
2.
When the installation is complete, click Finish.
1.
Double click the Endpoint Security Manager Console icon
from the desktop or navigate to the web interface
(http://localhost/EndpointSecurityManager/).
You must install the license key
within five minutes of installing
2.
the Endpoint Security Manager
software. If you wait to install the 3.
license key, you must restart the
Endpoint Security Manager
4.
service.
32
Enter your login and password.
When prompted, click the link to Browse to the license key file,
and then click Upload.
Log in again to access the Endpoint Security Manager
Dashboard.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoint Security Manager
Install the Endpoint Security Manager Console Software (Continued)
Step 6
Verify that the Endpoint Security
Manager Core service is running.
1.
Open the Services Manager:
• Windows Server 2008: From the Start Menu, select Control
Panel > Administrative Tools > Services.
• Windows Server 2012: From the Start Menu, select Control
Panel > System and Security > Administrative Tools >
Services.
2.
If the Endpoint Security Manager Core service is stopped or
disabled, double click the service and click Start.
Upload the Base Security Policies
By default the endpoint security policy contains a set of predefined rules that protect common processes that
run on your endpoints. After installing the Endpoint Security Manager software and successfully uploading the
license, it is highly recommended to import the base security policy files provided by Palo Alto Networks. The
policies address compatibility issues, fix stability issues with malware prevention and thread injection modules,
and configure notifications about executables that run from external media and operating system folders.
Import the Base Security Policies
Step 1
Download the policies from https://live.paloaltonetworks.com/docs/DOC-7829 and save them to a local or
network folder that you can access from the Endpoint Security Manager.
Step 2
From the Endpoint Security Manager, select Manage > Overview.
Step 3
Select Import rules from the
click Upload.
menu at the top of the Overview table. Browse to the policy file, and then
The Endpoint Security Manager appends the new rule(s) to the existing security policy and assigns each rule a
unique ID number. Repeat Step 3 for each policy file.
For more information about importing or exporting policy rules, see Export and Import Policy Files.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
33
Set Up the Endpoints
Set Up the Traps Infrastructure
Set Up the Endpoints
To set up Traps on the endpoints within your organization, see the following topics:

Prerequisites to Install Traps on an Endpoint

Traps Deployment Stages

Install Traps on the Endpoint

Install Traps on the Endpoint Using Msiexec
Prerequisites to Install Traps on an Endpoint
Before installing Traps, make sure that the target endpoint meets the following prerequisites:





200MB disk space; 20GB disk space recommended
512MB memory; 2GB memory recommended
Operating system that is compatible with physical machines, virtual machines, mobile devices, and
Terminal Services environments (one of the following):
–
Windows XP with SP3
–
Windows 7
–
Windows 8.1
–
Windows Server 2003
–
Windows Server 2008
–
Windows Server 2008 R2
–
Windows Server 2012
–
Windows Server 2012 R2
.NET 3.5 SP1
Allow communication on port 2125 TCP from clients to server.
Traps Deployment Stages
The Traps software is usually deployed to endpoints across a network after an initial proof of concept (POC),
which simulates the corporate production environment. During the POC or deployment stage, you analyze
security events to determine which are due to malicious activity, and which are due to legitimate processes
behaving in a risky or incorrect manner. You also simulate the number and types of endpoints in the
organization, the user profiles, and the types of applications that run on the endpoints. According to these
factors, you define, test, and adjust the security policy accordingly for your organization.
The goal of the multi-step process is to provide maximum protection to the organization, while not interfering
with legitimate workflows.
34
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoints
After the initial POC, we recommend a multi-step implementation for the following reasons:

The POC doesn't always reflect all the environments in production.

There is a rare chance that the Traps software will affect specific business applications, which can reveal
vulnerabilities in the software as a prevented attack.

Isolating arising issues that can appear and providing a solution will be much easier when not affecting a large
environment or potentially a large number of users.
The multi-step deployment ensures a smooth implementation and deployment of Traps software throughout
your network. These steps allow for better support and control over the added protection.
Step
Step 1
Install Traps on
endpoints.
Duration
Plan
1 week
Install the Endpoint Security Manager (ESM) including an MS SQL
database, ESM Console, and ESM Server, and install Traps on a few
(3-10) endpoints.
Test normal behavior of the Traps agents (injection, policy) and verify
that there is no change in the user experience.
Step 2
Expand the Traps
deployment.
2 weeks
Gradually expand agent distribution to larger groups that have similar
attributes (hardware, software, users). At the end of two weeks you
can have up to 100 endpoints installed.
Step 3
Complete the Traps
installation.
2 or more
weeks
Broadly distribute clients throughout the organization.
Step 4
Define corporate policy Up to a
and protected processes. week
Add protection rules for third-party or in-house applications and then
test them with the endpoint compatibility tester.
Step 5
Revise corporate policy Up to a
and protected processes. week
Deploy protection rules to a small number of endpoints that use the
applications frequently. Fine tune the policy as required.
Step 6
Finalize corporate policy Few minutes Deploy protection rules globally.
and protected processes.
Install Traps on the Endpoint
Before installing Traps, verify that the system meets the requirements described in Prerequisites to Install Traps
on an Endpoint.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
35
Set Up the Endpoints
Set Up the Traps Infrastructure
Install Traps on the Endpoint
Step 1
Step 2
Initiate the Traps software installation.
Configure the settings of the Endpoint
Security Manager Server.
1.
Obtain the software from your Palo Alto Networks Account
Manager, reseller, or from
https://support.paloaltonetworks.com
2.
Unzip the zip file and then double click the Traps installation
file, either x64 or x86.
3.
Click Next.
4.
Select the I accept the terms in the License Agreement check
box and then click Next.
You can configure the Traps agent to connect to a primary and
secondary server. In the event that the primary server is unreachable,
the Traps agent attempts to contact the secondary server.
1.
It is recommended that you use the Secondary Server
option to interact with a dedicated cloud server to monitor
prevention events when you cannot communicate with the
primary server.
Provide the following information for the primary server:
• Host Name—Enter the hostname or IP address of the ESM
Server.
• Port—Change the port number, if required (the default
value is 2125).
• Use—Select SSL to encrypt communication to the server or
No SSL not to encrypt communication.
2.
(Optional) Select the Secondary Server check box to configure
settings for a backup server and then provide the Host Name,
Port, and SSL preference information as described in Step 1.
3.
Click Next through the series of prompts to complete the
installation.
It is recommended that you restart the computer after
completing the installation.
Install Traps on the Endpoint Using Msiexec
Windows Msiexec provides you full control over the installation process and allows you to install, modify and
perform operations on a Windows Installer from the command line. When used in conjunction with a System
Center Configuration Manager (SCCM), Altiris, Group Policy Object (GPO), or other MSI deployment
software, Msiexec enables you to install Traps on multiple endpoints in your organization (for the first time).
After successfully installing Traps on an endpoint and establishing a connection with the Endpoint Security
Manager, you can configure rules to upgrade or uninstall Traps (see Uninstall or Upgrade Traps on the
Endpoint).
Before installing Traps, verify that the system meets the requirements described in Prerequisites to Install Traps
on an Endpoint.
36
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Set Up the Endpoints
Install Traps on the Endpoint Using Msiexec
Step 1
Open a command prompt as an administrator:
• Select Start > All Programs > Accessories. Right-click Command prompt, and then select Run as
administrator.
• Select Start. In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
Step 2
Run the Msiexec command followed by one or more of the following options or properties:
• Install, display, and logging options:
• /i <installpath>\<installerfilename>.msi—Install a package. For example, msiexec /i
c:\install\traps.msi.
• /qn—Displays no user interface (quiet installation). At minimum, you must also specify the host server
name or IP address using the CYVERA_SERVER property.
• /L*v <logpath>/<logfilename>.txt—Log verbose output to a file. For example, /L*v
c:\logs\install.txt.
• /x <installpath>\<installerfilename>.msi>.txt—Uninstall a package. For example, msiexec /x
c:\install\traps.msi.
For a full list of Msiexec parameters, see
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/msiexec.mspx
• Public properties:
• CYVERA_SERVER=“<servername>”—Primary host server name or IP address (the default is CyveraServer)
• CYVERA_SERVER_PORT=“<serverport>”—Primary host server port (the default is 2125)
• SSL_TYPE=“[No SSL|SSL]”—(Non-quiet installation only) Set encryption preferences on the primary
server by specifying No SSL (the default) or SSL
• USE_SSL_PRIMARY=“[0|1]”—(Quiet installation only) Set encryption preferences on the primary server
by specifying a 0 not to use SSL or a 1 to use SSL (the default)
• USE_BACKUP_SERVER=“[0|1]”—Set backup server preferences by specifying a 0 (the default) not to use
a backup server or a 1 to use a backup server
• CYVERA_BACKUP_SERVER=“<servername>”—Secondary server name or IP address (the default is
CyveraBackupServer)
• CYVERA_BACKUP_SERVER_PORT=“<serverport>”—Secondary host server port (the default is 2125)
• SSL_TYPE_BACKUP=“[No SSL|SSL]”—(Non-quiet installation only) Set encryption preferences on the
secondary server by specifying No SSL (the default) or SSL
• USE_SSL_BACKUP=“[0|1]”—(Quiet installation only) Set encryption preferences on the secondary server
by specifying a 0 not to use SSL or a 1 to use SSL (the default)
• UNINSTALL_PASSWORD=“<uninstallpassword>”—Specify the administrator password.
For example, to install Traps without a user interface and to specify a primary server named ESMServer, a
backup server named ESMServerBackup, and SSL encryption for both servers, enter the following:
msiexec /i c:\install\traps.msi /qn CYVERA_SERVER=”ESMServer” USE_SSL_PRIMARY=“1”
USE_BACKUP_SERVER=“1” CYVERA_BACKUP_SERVER=“ESMServer-Backup” USE_SSL_BACKUP=“1”
It is recommended that you restart the computer after completing the installation.
To uninstall Traps and log verbose output to a file called uninstallLogFile.txt, enter the following:
msiexec /x c:\install\traps.msi UNINSTALL_PASSWORD=[palo@lt0] /l*v
c:\install\uninstallLogFile.txt
You must specify the UNINSTALL_PASSWORD property to successfully uninstall a package.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
37
Verify a Successful Installation
Set Up the Traps Infrastructure
Verify a Successful Installation
You can verify the success of the server and endpoint installation by verifying connectivity between the server
and endpoint on both sides of the connection.

Verify Connectivity from the Endpoint

Verify Connectivity from the ESM Console
Verify Connectivity from the Endpoint
After successfully installing Traps, the Traps agent should be able to connect to the server running the Endpoint
Security Manager.
Verify Connectivity from the Endpoint
Step 1
Launch the Traps console from the taskbar:
• From the Windows tray, right-click the Traps icon
and select Console, or double-click the icon.
• Run CyveraConsole.exe from the Traps installation folder.
Step 2
Verify the status of the server connection. If Traps is connected to the server, the Connection status reports that
the connection is successful. If the Traps agent is unable to establish a connection with the primary or secondary
server, the Traps console reports a disconnected status.
Step 3
Verify Connectivity from the ESM Console.
Verify Connectivity from the ESM Console
After successfully verifying that the endpoint can reach the Endpoint Security Manager (ESM) Server, verify
that the endpoint appears in the list of computers on the Health page of the ESM Console.
38
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
Set Up the Traps Infrastructure
Verify a Successful Installation
Verify Connectivity from the ESM Console
Step 1
Launch the ESM Console and then select Health.
Step 2
Verify the status of the endpoint:
• Locate the name of the endpoint in the list of computers.
• To view additional details about the endpoint, select the endpoint row. An
running on the endpoint.
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks
icon indicates that Traps is
39
Verify a Successful Installation
40
Set Up the Traps Infrastructure
Advanced Endpoint Protection Administrator’s Guide
Copyright © 2007-2014 Palo Alto Networks