https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549295#M6662 Thank you for that detailed explanation.<BR />I had not considered the potential exposure of documents once sent for<BR />analysis.<BR />However, is it not recommended to send automatically for analysis upon<BR />detection?<BR />I know it is company-dependent, but is there a benefit of just blocking<BR />detections without any analysis?<BR /> Thu, 10 Feb 2022 04:44:57 GMT larry.siegelman 2022-02-10T04:44:57Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547534#M6656 <P>Hello,</P><P>We would like to distribute Secure Endpoint to other devices that are considered BYOD in our organization.</P><P>The issue of privacy concerns popped up, and we need to reassure the end-user of a private device, that Secure Endpoint cannot see files or folders on the device.</P> Tue, 08 Feb 2022 15:16:50 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547534#M6656 larry.siegelman 2022-02-08T15:16:50Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547627#M6657 That's just sort of how Secure Endpoint works....<BR />You can turn off file uploads/retrieval for a group, but when it finds something, it will tell you what and where the file is.<BR />If you look at device trajectory, it will tell you where a file executed from, what files it created, etc., so there is a certain amount of data that could be extracted from the UI without any "extra" effort...<BR /><BR /><BR /><BR />________________________________<BR /><BR />This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.<BR />If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.<BR />Thank You. Tue, 08 Feb 2022 17:07:13 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547627#M6657 Ken Stieers 2022-02-08T17:07:13Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547634#M6658 Hi,<BR />The identification of suspected malware and the affected file makes sense.<BR />But, you cannot traverse to other folders to see their contents, correct?<BR /> Tue, 08 Feb 2022 17:14:13 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547634#M6658 larry.siegelman 2022-02-08T17:14:13Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547670#M6659 You'll also see what's happening on the box, "chrome downloaded a file, Word opened it.", etc.<BR />But no you can't go generally browsing with just AMP... you could get that info if you enable Orbital.<BR /><BR /> Tue, 08 Feb 2022 18:00:14 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4547670#M6659 Ken Stieers 2022-02-08T18:00:14Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4548894#M6660 <P>BTW, just wanted to mention... even you can query the endpoint and looking for files with Orbital, you cannot view the content of a file...<BR />Regarding file uploads, Secure Endpoint support PEs only, so Text files or documents will not be uploaded to the File Repository.<BR />Greetings, Thorsten</P> Wed, 09 Feb 2022 18:10:01 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4548894#M6660 Troja007 2022-02-09T18:10:01Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4548926#M6661 <P>That is partially correct. There are various methods for files to be pulled into the File Repository. The most common is "Automatic Analysis" which is limited to PE files. However other file types can end up in the File Repository from a request by the user in the Cisco Secure Endpoint console or via an "Automated Action". If the "Submit to Secure Malware Analytics upon Detection" automated action is enabled, it will put the detected file into the File Repository and send it to Cisco Secure Malware Analytics for analysis. Depending on your privacy setting for submission by Cisco Secure Endpoint to Secure Malware Analytics, the analysis results could be available to the "public".</P><P>There is the potential for bleeding over user data into the various Cisco Security products.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Automated Action and User request for .doc* files" style="width: 965px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/143471i083CEE2E8A780D7D/image-size/large?v=v2&amp;px=999" role="button" title="FileRepository.png" alt="Automated Action and User request for .doc* files" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Automated Action and User request for .doc* files</span></span></P> Wed, 09 Feb 2022 18:54:04 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4548926#M6661 johnosn 2022-02-09T18:54:04Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549295#M6662 Thank you for that detailed explanation.<BR />I had not considered the potential exposure of documents once sent for<BR />analysis.<BR />However, is it not recommended to send automatically for analysis upon<BR />detection?<BR />I know it is company-dependent, but is there a benefit of just blocking<BR />detections without any analysis?<BR /> Thu, 10 Feb 2022 04:44:57 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549295#M6662 larry.siegelman 2022-02-10T04:44:57Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549426#M6663 <P>Every Sample submitted to Cisco Secure Malware Analytics gets tagged:</P> <P><BR />•Public –Sample will be visible globally (each user can access all the details of the report)<BR />•Private –Sample is <U>only</U> visible to the submitting Organization</P> <P>&nbsp;</P> <P>Automated Submissions from an AMP-Enabled Integration are <STRONG>always</STRONG> marked private</P> Thu, 10 Feb 2022 09:36:21 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549426#M6663 Enrico Werner 2022-02-10T09:36:21Z https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549429#M6664 <P>Thank you very much&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/323823">@Enrico Werner</a>.</P><P>That really helps us with privacy and issues related to possible "info bleed."</P> Thu, 10 Feb 2022 09:40:44 GMT https://community.cisco.com/t5/endpoint-security/secure-endpoint-amp-endpoint-visibility/m-p/4549429#M6664 larry.siegelman 2022-02-10T09:40:44Z