https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264405#M8755 <P>Hi Ken, I think Cisco Secure Endpoint "TDM" refers to the <STRONG>threat detection and management</STRONG> capabilities within the Cisco Secure Endpoint platform. Don't like acronyms either they change all the time&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 24 Feb 2025 20:08:33 GMT Roman Valenta 2025-02-24T20:08:33Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4437011#M6238 <P>Hi All;</P><P>&nbsp;</P><P>i want to know how Cisco AMP Endpoint take action when it detect a Malware on the PC</P><P>&nbsp;</P><P>Regards;</P><P>Rober</P> Wed, 21 Jul 2021 23:48:52 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4437011#M6238 RoberSamir00332 2021-07-21T23:48:52Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4437336#M6241 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1059532">@RoberSamir00332</a>,<BR />there many different ways Cisco Secure Endpoint takes action on Malware.</P> <OL> <LI>Starting with traditional File scanning, File scanning for Scripts (AMSI integration), Malware Grouping, Machine Learning, where the Endpoint quarantines a file and also stops a running process.</LI> <LI>There are other engines, which are protecting the memory like ExPloit Prevention and System Process Protection. These engines protect against memory based attacks.</LI> <LI>Behavioral Protection Engine is the newes enhancement on the endpoint. It detects and blocks complex malicious behavior on the endpoint. The engines uses am expressive event pattern matching language designed&#11;by Cisco.</LI> <LI>Cloud IOCs: The endpoint sends file, network, process and command line activity to the backend. This data is processed back for 7 days. The result is a Cloud IOC or a retrospective detection.</LI> <LI>Based on Cloud IOCs, there are automated Post Infection Tasks available, like isolating the endpoint from the network.</LI> </OL> <P>Maybe useful, the screenshot compares the difference between a Cloud IOC from the Backend and a Behavioral Protecton Event.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CloudIOC vs BPE Detection.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/125842iC3DBDA66BB075CD0/image-size/large?v=v2&amp;px=999" role="button" title="CloudIOC vs BPE Detection.png" alt="CloudIOC vs BPE Detection.png" /></span></P> <P>&nbsp;</P> <P>Greetings,<BR />Thorsten</P> Thu, 22 Jul 2021 14:23:47 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4437336#M6241 Troja007 2021-07-22T14:23:47Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4437628#M6245 <H3><SPAN>A very interesting answer. thanks<span class="lia-unicode-emoji" title=":woman_dancing:">💃</span></SPAN></H3> Fri, 23 Jul 2021 05:00:26 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4437628#M6245 bezik 2021-07-23T05:00:26Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4438452#M6251 <H3><SPAN><span class="lia-unicode-emoji" title=":woman_dancing:">💃</span></SPAN></H3> Sun, 25 Jul 2021 16:22:06 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/4438452#M6251 maciek_smolak 2021-07-25T16:22:06Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264384#M8753 <P>Hello all, the new TDM includes the drawing above and much more... <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 24 Feb 2025 19:24:05 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264384#M8753 Troja007 2025-02-24T19:24:05Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264389#M8754 <P>TDM ???</P> Mon, 24 Feb 2025 19:26:56 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264389#M8754 Ken Stieers 2025-02-24T19:26:56Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264405#M8755 <P>Hi Ken, I think Cisco Secure Endpoint "TDM" refers to the <STRONG>threat detection and management</STRONG> capabilities within the Cisco Secure Endpoint platform. Don't like acronyms either they change all the time&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 24 Feb 2025 20:08:33 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5264405#M8755 Roman Valenta 2025-02-24T20:08:33Z https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5267963#M8777 <P>Hello Ken,<BR />TDM = Technical Decision Maker Presentation.<BR />Cheers,<BR />Thorsten<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Troja007_0-1741207589023.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/241150iAF76F35D7DA1990E/image-size/large?v=v2&amp;px=999" role="button" title="Troja007_0-1741207589023.png" alt="Troja007_0-1741207589023.png" /></span></P> <P>&nbsp;</P> Wed, 05 Mar 2025 20:46:56 GMT https://community.cisco.com/t5/endpoint-security/how-cisco-amp-endpoint-take-action/m-p/5267963#M8777 Troja007 2025-03-05T20:46:56Z