yosinyc 0 Posted August 13 Hello, sorry for my ignorance... I'm new to Automate.... The attached is my config for TRAPS AV.... the Monitors showing NO AV... Does all the fields have to match in order for a good detection? Basically what if I just check to see if the process is running, if it runs, monitor should display "Palo Alto AV" any help would be greatly appreciated... ty Name: Palo Alto Traps Program Location: "%programfiles%\Palo Alto Networks\Traps\cytool.exe" Def Location: {%-HKLM\SOFTWARE\Cyvera\Client:Product Version-%} Update cmd: "%programfiles%\Palo Alto Networks\Traps\cytool.exe" (couldn't find it, so I put the same as program location...) version check: {%-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5DA19C5737C8344D9FE02D6D5808099\InstallProperties:DisplayVersion-%} AP Process: cyserver* Date Mask: (.*) Quote Share this post Link to post Share on other sites
zfx0 0 Posted August 30 (edited) Here's my definition (any fields which aren't mentioned below are left as blank): Name: Palo Alto Traps Program Location: %programfiles%\Palo Alto Networks\Traps\CyveraService.exe Definition Location: %programdata%\Cyvera\LocalSystem\ClientPolicy.xml Version Check: {%-HKLM\SOFTWARE\Cyvera\Client:Product Version-%} AP Process: CyveraService* Date Mask: (.*) Edited August 30 by zfx0 Quote Share this post Link to post Share on other sites
yosinyc 0 Posted September 12 Sorry for the late response, thank you for sharing I will give it a shot & give feedback... ty Quote Share this post Link to post Share on other sites
