* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [Endpoint](https://www2.paloaltonetworks.com/blog/category/endpoint-2/) * Introducing the New Traps... # Introducing the New Traps v4.0: Advancing Endpoint Security -- Again! [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2017%2F05%2Ftraps-40%2F) [](https://twitter.com/share?text=Introducing+the+New+Traps+v4.0%3A+Advancing+Endpoint+Security+%E2%80%93+Again%21&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2017%2F05%2Ftraps-40%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2017%2F05%2Ftraps-40%2F&title=Introducing+the+New+Traps+v4.0%3A+Advancing+Endpoint+Security+%E2%80%93+Again%21&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2017/05/traps-40/&ts=markdown) \[\](mailto:?subject=Introducing the New Traps v4.0: Advancing Endpoint Security – Again!) Link copied By [Michael Moshiri](https://www.paloaltonetworks.com/blog/author/michael-moshiri/?ts=markdown "Posts by Michael Moshiri") May 02, 2017 6 minutes [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [Advanced Endpoint Protection](https://www.paloaltonetworks.com/blog/tag/advanced-endpoint-protection/?ts=markdown) [Traps 4.0](https://www.paloaltonetworks.com/blog/tag/traps-4-0/?ts=markdown) Today, we're pleased to [announce](http://go.paloaltonetworks.com/Traps40PR) the release of [Traps advanced endpoint protection](https://www.paloaltonetworks.com/products/secure-the-endpoint/traps.html) version 4.0. With this release, Traps expands its multi-method prevention capabilities to secure macOS endpoints and Android devices as well as to cover several additional attack techniques. In this post, I'll go over some of the enhancements we've made to Traps and discuss how they help you to secure your endpoints against cyberattacks. For a deeper dive, I encourage you to download our [Traps Technology Overview](https://www.paloaltonetworks.com/resources/techbriefs/traps-technology-overview) white paper or [join us for a webinar](http://go.paloaltonetworks.com/Endpoint050217) to see how Traps protects your organization against the imminent shifts in endpoint attacks. ### Expanded Multi-Method Approach to Prevention Traps replaces traditional antivirus and secures endpoints with a multi-method approach to prevention. Using a unique combination of highly effective malware and exploit prevention methods, Traps blocks both known and unknown threats -- before they can compromise a system. > "Signature-based endpoint security simply cannot provide effective protection against the new wave of cyberattacks targeting endpoints. Given the acute problem presented by the "Patient Zero Effect," new approaches are a must. Built from the ground up to address modern endpoint security needs, Palo Alto Networks Traps provides modern endpoint protection that can be implemented as either an independent, standalone solution or as a part of an integrated security ecosystem with the accompanying integration synergies that their Next-Generation Security Platform can provide. Palo Alto Networks Traps commands consideration for organizations seeking modern endpoint threat prevention capabilities." > *- Frank Dickson, Research Director, Worldwide Security Products, IDC* Traps v4.0 includes several expanded capabilities and enhancements, which follow. **True Prevention for Mac** Traps secures macOS systems and replaces legacy AV with a multi-method approach to prevention. Traps blocks both malware and exploits, known or unknown, before they can compromise Apple Mac endpoints. This is in contrast to existing signature-based AV and security solutions for macOS that claim to be "next-gen" but can't (and don't) prevent cyber breaches by blocking both malware and exploits, leaving the endpoint exposed to attacks. **Office Macro Protection** Traps blocks known and unknown malicious macros that are embedded in Word and Excel files, before the files are allowed to open. This prevents ransomware and other advanced threats that rely on macro-based attacks to bypass existing endpoint protections. * Traps uses our [WildFire](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/wildfire) threat intelligence to instantly identify an Office file (with a malicious macro) that has been seen before by any of our 15,500 WildFire customers, our threat intelligence technology partners, or our own threat researchers in [Unit 42](https://www.paloaltonetworks.com/blog/unit42/). * If an Office file with a macro that is unknown to WildFire, Traps uses local analysis (via machine learning) to immediately determine whether the macro is malicious. We have used the threat intelligence available through WildFire to train a machine learning model to autonomously recognize malicious macros -- especially unknown variants -- with unmatched effectiveness and accuracy. * In addition to using local analysis to render a verdict for an Office file that contains an unknown macro, Traps can submit the file to WildFire for complete inspection and analysis. WildFire goes beyond legacy approaches used to detect unknown threats, bringing together the benefits of four independent techniques for high-fidelity and [evasion-resistant discovery](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/wildfire), including dynamic analysis, static analysis, machine learning and bare-metal analysis. **Enhanced Child Process Protection** Traps delivers fine-grained control over the launching of legitimate applications, such as script engines and command shells, that can be used for malicious activities. This prevents advanced threats and ransomware from launching evasive attacks that are not detected by existing endpoint security solutions. For example, Traps can prevent Internet Explorer from launching a specific script interpretation engine as a child process -- a common technique used by ransomware. For any given process, Traps enables customers to either block all child processes except those that are whitelisted or allow all child processes except those that are blacklisted. **Exploit Kit Fingerprinting Protection** Exploit kits typically profile a user's system to identify potential vulnerabilities and deliver the optimum attack that can predictably compromise a system or increase the success rate of the attack. This technique is commonly referred to as "fingerprinting" a system. Traps prevents attackers from identifying and targeting vulnerable endpoints by blocking the fingerprinting attempts used by exploit kits. This, in effect, prevents an attack even before it begins. **Kernel Privilege Escalation Protection** Kernel exploits are some of the most advanced attacks. Often emanating from nation-state attackers and advanced persistent threats (APTs), kernel exploits target vulnerabilities in the operating system itself. A common kernel exploitation approach is to create a malicious process that leverages a kernel exploit to "steal" the credentials ("token") of a privileged process, allowing the malicious process to run with system-level permissions. Traps identifies and blocks this technique. ### Single-Pane-of-Glass Visibility Into Security Events Traps 4.0 can share its logs and security events with [Panorama](https://www.paloaltonetworks.com/products/secure-the-network/management/panorama), our network security management product. This integration enables security operations teams to analyze and correlate threat patterns using both network and Traps security events, which, in turn, delivers a unified picture of security events across the entire environment. In conjunction with automated policies, the integration of Traps with Panorama enables our customers to eliminate attack surfaces across their entire environment, from endpoints to firewalls to cloud and SaaS applications. ### Traps Protection for Android Devices (Beta) Traps for Android is now available through a community access beta program that extends the multi-method protection of Traps to users of Android devices. On an Android device, Traps instantly identifies known malware by checking the hash of every application with WildFire. Using local analysis, Traps instantly determines if an unknown application is malware, in addition to submitting that application to WildFire for full inspection and analysis. WildFire, in turn, analyzes the unknown application using a multi-technique approach and renders a verdict. Traps also identifies unknown, but benign, applications through its Trusted Publisher Identification method. Traps notifies users about the verdict associated with each application and enables them to terminate, uninstall or continue to run each application. For more on Traps for Android, and to participate in the community access beta program, please [contact](https://www.paloaltonetworks.com/company/contact-sales) your Palo Alto Networks sales team. ### Resources To learn more about Traps v4.0 and its expanded capabilities: * Download our [Traps Technology Overview](https://www.paloaltonetworks.com/resources/techbriefs/traps-technology-overview) white paper. * [Join us for a webinar](http://go.paloaltonetworks.com/Endpoint050217) (live or on-demand) to learn about the imminent shifts in endpoint attacks and how Traps protects your organization against them. *** ** * ** *** [**Register for Ignite '17 Security Conference**](http://go.paloaltonetworks.com/ignite2017) *Vancouver, BC June 12--15, 2017* Ignite '17 Security Conference is a live, four-day conference designed for today's security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the [Ignite website](http://www.paloaltonetworksignite.com/) for more information on tracks, workshops and marquee sessions. *** ** * ** *** ## Related Blogs ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Introducing Traps for Android](https://www2.paloaltonetworks.com/blog/2018/06/introducing-traps-android/) ### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Traps "Recommended" in NSS Labs Advanced Endpoint Protection Test](https://www2.paloaltonetworks.com/blog/2018/04/traps-recommended-nss-labs-advanced-endpoint-protection-test/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Announcing Traps 5.0: Cloud-Delivered Advanced Endpoint Protection](https://www2.paloaltonetworks.com/blog/2018/03/traps-5-0/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Forrester Evaluated: How Traps Reduces OpEx and Breach Prevention Costs](https://www2.paloaltonetworks.com/blog/2017/12/forrester-evaluated-how-traps-reduces-opex-and-breach-prevention-costs/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Prevents Ransomware Attacks](https://www2.paloaltonetworks.com/blog/2017/11/traps-prevents-ransomware-attacks/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Prevents Microsoft Office Zero-Day](https://www2.paloaltonetworks.com/blog/2017/10/traps-prevents-microsoft-office-zero-day/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language