https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956094#M599 <P>Hi Guys,</P> <P></P> <P>Can anyone confirm, is AMP can stop spam emails micro enabled (ransomware) attachments or we need to also buy the SPAM license?</P> <P></P> <P>Waiting for your prompt reply.</P> <P></P> <P></P> Fri, 21 Feb 2020 05:02:58 GMT Saeedullah Khan 2020-02-21T05:02:58Z https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956094#M599 <P>Hi Guys,</P> <P></P> <P>Can anyone confirm, is AMP can stop spam emails micro enabled (ransomware) attachments or we need to also buy the SPAM license?</P> <P></P> <P>Waiting for your prompt reply.</P> <P></P> <P></P> Fri, 21 Feb 2020 05:02:58 GMT https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956094#M599 Saeedullah Khan 2020-02-21T05:02:58Z https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956095#M602 <P>Hi Khan,</P> <P></P> <P>AMP checks files with following extensions.</P> <P></P> <UL> <LI>MSEXE</LI> <LI>PDF</LI> <LI>MSCAB</LI> <LI>MSOLE2</LI> <LI>ZIP</LI> <LI>ELF</LI> <LI>MACHO</LI> <LI>MACHO_UNIBIN</LI> <LI>SWF</LI> <LI>JAVA</LI> </UL> <P>&nbsp;Unsupported File Types</P> <P>&nbsp;</P> <P>Windows Connector currently does not scan ELF, JAVA, xar(pkg), MACHO, MACHO_UNIBIN, or ASCII.</P> <P></P> <P>The file disposition will be checked against cloud. To reduce spam, you should probably look for Email security appliance (ESA) product.</P> <P></P> <P>David</P> Tue, 13 Dec 2016 09:19:54 GMT https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956095#M602 David Janulik 2016-12-13T09:19:54Z https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956096#M604 <P>Thanks for your reply.</P> <P></P> <P>Actually, spam received ".<SPAN style="font-size: 12.0pt;">docm, </SPAN><SPAN style="font-size: 12.0pt; line-height: 115%;">.xlsm</SPAN>" extension files and when opened the file, they encrypted the mostly word/excel files.</P> <P></P> <P>Can AMP will control this issue?</P> <P></P> <P>Saeed</P> Tue, 13 Dec 2016 09:33:07 GMT https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956096#M604 Saeedullah Khan 2016-12-13T09:33:07Z https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956097#M605 <P>Can you open a support case? We can check the file disposition convicted at the time you opened it. From your side do the file trajectory investigation. This should help you to track down executed actions from it.</P> <P>David</P> Tue, 13 Dec 2016 09:46:35 GMT https://community.cisco.com/t5/endpoint-security/ransomware-question/m-p/2956097#M605 David Janulik 2016-12-13T09:46:35Z