https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962677#M1367 <P>Quarantine: Not seen shows that the quarantine action did not take place. In Audit mode it puts the FireAMP Connector in a mode that will only detect malicious files but not quarantine them. Malicious network traffic is also detected but not blocked.<BR /><BR />Pleasee see the below url for the creation of policies on page 15.<BR /><BR /><A href="http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf" target="_blank">http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf</A><BR /><BR />Hope to help.</P> Fri, 03 Feb 2017 15:32:40 GMT syeda3 2017-02-03T15:32:40Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962675#M1364 <P>In AMP for endpoint dashboard in Detections/Quarantine. I see some items as "Quarantine: Not seen". What does <STRONG>not seen</STRONG> mean over here</P> Fri, 21 Feb 2020 05:02:11 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962675#M1364 ring zer0 2020-02-21T05:02:11Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962676#M1366 <P><SPAN>This indicates that the quarantine action did not take place. The primary cause for this event is when the FireAMP connector is configured in Audit Mode. FireAMP is detecting a malicious file, but is not permitted to quarantine it per the policy settings. In rarer cases this can be caused by race conditions with co-existing AV or security products, but this case is more likely to produce a Quarantine: Failed event.</SPAN></P> Wed, 05 Oct 2016 12:17:16 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962676#M1366 aledipas 2016-10-05T12:17:16Z https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962677#M1367 <P>Quarantine: Not seen shows that the quarantine action did not take place. In Audit mode it puts the FireAMP Connector in a mode that will only detect malicious files but not quarantine them. Malicious network traffic is also detected but not blocked.<BR /><BR />Pleasee see the below url for the creation of policies on page 15.<BR /><BR /><A href="http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf" target="_blank">http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf</A><BR /><BR />Hope to help.</P> Fri, 03 Feb 2017 15:32:40 GMT https://community.cisco.com/t5/endpoint-security/amp-for-endpoint-cloud/m-p/2962677#M1367 syeda3 2017-02-03T15:32:40Z