https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3299392#M1106 <P>It looks like the latest version of AMP, 6.0.5, released Dec 5, 2017 has some memory attack prevention.&nbsp; Here are some excerpts from the release notes.</P> <DIV style="left: 311.99px; top: 744.82px; font-family: serif; font-size: 15.79px;">&nbsp;</DIV> <DIV style="left: 311.99px; top: 744.82px; font-family: serif; font-size: 15.79px;">• Exploit Prevention detection engine to block exploits and memory attacks that target</DIV> <DIV style="left: 341.99px; top: 764.02px; font-family: serif; font-size: 15.8px; transform: scaleX(1.00018);">certain processes.</DIV> <DIV style="left: 341.99px; top: 764.02px; font-family: serif; font-size: 15.8px; transform: scaleX(1.00018);">&nbsp;</DIV> <DIV style="left: 311.99px; top: 788.12px; font-family: serif; font-size: 15.79px;">•System Process Protection adds protection for memory attacks against certain Windows</DIV> <DIV style="left: 341.99px; top: 807.32px; font-family: serif; font-size: 15.8px; transform: scaleX(1.00026);">system processes.</DIV> Wed, 20 Dec 2017 13:00:41 GMT NicholasLudwiczak 2017-12-20T13:00:41Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3047092#M1076 <P>Does AMP for Endpoints &nbsp;have any native memory-based malware blocking capability?</P> <P></P> <P>Not looking for detection, but active protection for memory based malware without the use of CTA?</P> <P></P> <P>Thanks,</P> <P></P> <P></P> <P></P> Fri, 21 Feb 2020 05:04:20 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3047092#M1076 abbasali5 2020-02-21T05:04:20Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3047093#M1096 <P>Hi,</P> <P></P> <P>The AMP itself is capable and primary works with files. The <SPAN style="font-size: 12.0pt; font-family: 'Cambria',serif;">low prevalence files may be automatically submitted for File Analysis in the Threat Grid cloud. This evaluates all file artifacts, file activity, Behavioral indicators. This should be the active protection for unknown files.<BR /></SPAN></P> <P><SPAN style="font-size: 12.0pt; font-family: 'Cambria',serif;"></SPAN></P> <P><SPAN style="font-size: 12.0pt; font-family: 'Cambria',serif;">Best Regards</SPAN></P> <P><SPAN style="font-size: 12.0pt; font-family: 'Cambria',serif;">David</SPAN></P> Mon, 12 Jun 2017 08:31:18 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3047093#M1096 David Janulik 2017-06-12T08:31:18Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3299392#M1106 <P>It looks like the latest version of AMP, 6.0.5, released Dec 5, 2017 has some memory attack prevention.&nbsp; Here are some excerpts from the release notes.</P> <DIV style="left: 311.99px; top: 744.82px; font-family: serif; font-size: 15.79px;">&nbsp;</DIV> <DIV style="left: 311.99px; top: 744.82px; font-family: serif; font-size: 15.79px;">• Exploit Prevention detection engine to block exploits and memory attacks that target</DIV> <DIV style="left: 341.99px; top: 764.02px; font-family: serif; font-size: 15.8px; transform: scaleX(1.00018);">certain processes.</DIV> <DIV style="left: 341.99px; top: 764.02px; font-family: serif; font-size: 15.8px; transform: scaleX(1.00018);">&nbsp;</DIV> <DIV style="left: 311.99px; top: 788.12px; font-family: serif; font-size: 15.79px;">•System Process Protection adds protection for memory attacks against certain Windows</DIV> <DIV style="left: 341.99px; top: 807.32px; font-family: serif; font-size: 15.8px; transform: scaleX(1.00026);">system processes.</DIV> Wed, 20 Dec 2017 13:00:41 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3299392#M1106 NicholasLudwiczak 2017-12-20T13:00:41Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3723732#M1117 <P>Hello,</P> <P>the new Malicious Activity Protection Engine and Exploit Prevention Engine are in place to cover such topics.</P> <P>Cheers</P> Thu, 11 Oct 2018 15:34:10 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint/m-p/3723732#M1117 Troja007 2018-10-11T15:34:10Z