how to control endpoint AMP devices?

james.song1 — Fri, 21 Feb 2020 05:00:22 GMT

How to push the custom malicious file block policy to 5000 internal endpoint AMP devices?

Re: how to control endpoint AMP devices?

schuang — Thu, 19 Nov 2015 02:12:44 GMT

Hi James,

To apply a custom list of files to be blacklisted, you can add the SHA-256 hashes of the files into a simple custom detection list and have that list applied to one or more groups of your internal endpoint AMP devices. You can also create lists for Application (execution) Blocking. Cisco AMP for Endpoints has a Retrospective Security capability that has Cisco AMP for Endpoints polling the AMP Cloud for what we call a retrospective queue at configurable periodic intervals and will automatically pick these up and retrospectively quarantine blacklist files previously or now seen on the endpoint. As blacklisted applications are executed, they are now blocked. During outbreak control situations, do take into consideration caching of file dispositions on the endpoints and if caches needs to be flushed for your operations.

Details can be found in "Outbreak Control" Chapter 3 of the AMP for Endpoints (FireAMP) User Guide:

https://immunet-janus-helpdoc.s3.amazonaws.com/FireAMPUserGuide.pdf

thanks and best regards,

Shyue Hong

topic how to control endpoint AMP devices? in Endpoint Security

how to control endpoint AMP devices?

Re: how to control endpoint AMP devices?