topic HI Davion, in Endpoint Security

Removing Malware from endpoints

Davion Stewart — Fri, 21 Feb 2020 05:01:05 GMT

Good day,

My question about cisco AMP is about its ability to remove malware from endpoints, whether it be servers, PCs or mobile devices. AMP is able to detect, analyze and block malware but if it is that an endpoint is infected with malware, can it be removed from the client.

Also if this is possible, can be done with either AMP for endpoints or AMP for the network or only one of them?

Thanks

Hi

yogdhanu — Sun, 15 May 2016 03:53:52 GMT

Yes the network AMP detects/prevents malware on network level. So if an endpoint is infected by malware , it needs an endpoint solution that can reside on it and can detect/prevent the malware.

FireAMP endpoint client can do it and protect your endpoint client as well while they are on move or infected by malware.

You can get more information here.

http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPUserGuide.pdf

Rate if helps.

Yogesh

Hmm well yes i know that it

Davion Stewart — Sun, 15 May 2016 05:03:08 GMT

Hmm well yes i know that it detects and prevents but does it remove?

So for instance if a client PC is infected with malware, can AMP remove it.If it can remove malware from client devices then which AMP solution can do it. If not, then what Cisco solutions do provide that ability

I browsed through the pdf document and saw that the fire amp mobile connector is able to remove infected files after scanning the device.

Is Fire AMP the same as AMP for endpoints?

HI Davion,

yogdhanu — Sun, 15 May 2016 06:02:54 GMT

HI Davion,

Yes FireAMP is same as AMP for endpoint. There is no option to remove the file, it can quarantine the file so malware can't do anything. Quarantined files are stored in local folder and by deletes the files when its 30 days old.

Cool understand, thanks for

Davion Stewart — Mon, 16 May 2016 14:18:54 GMT

Cool understand, thanks for your help. I was doing some reading about the Fire AMP, i saw that it can auto remove malware. Will see if i can find the document where i saw that.

Re: HI Davion,

hutay — Tue, 31 Oct 2017 01:46:10 GMT

Looking for documentation that states that amp will delete quarantined file after 30 days (for customer). Appreciate your kind advice.

Cheers,

Hui Ping

Re: HI Davion,

CHCS — Mon, 20 Nov 2017 12:58:31 GMT

I have an issue where CIsco AMP for Endpoint shows Threat quarantine Successful however, when i browse to the location of the threat, i can still see the malware file existing and not deleted or moved by the quarantine process. Is this normal? I'm reluctant to execute the file to see if it works since it was flagged as malware.

Re: HI Davion,

CHCS — Mon, 20 Nov 2017 13:00:05 GMT

Oops that was supposed to be for Cisco Support not Davion

Re: HI Davion,

Qamar Islam — Mon, 02 Apr 2018 09:58:27 GMT

Hi Team,

I have on-premises Cisco Private Cloud to manage the AMP Points Connectors, I am facing an issue about malicious file detection, Some malicious files detected by virus total but Cisco Endpoint connector is not detecting it.

Need your suggestions please

Re: HI Davion,

Jetsy Mathew — Tue, 03 Apr 2018 07:34:54 GMT

Hello Qamar

If the disposition of the file has been marked as Malicious by AMP engine then it should be quarantined accordingly . Could you please try running a scan or submit the file to TG. If you find any difficulty with the same please open a service request with TAC. In AMP , the detection will work based on the file dispositions marked by the AMP engine.

Regards

Jetsy