Showing results for 
Search instead for 
Did you mean: 

Ask the Expert- SD-WAN

Cisco Employee

AMP for Endpoint CIFS scanning


A customer has a security endpoint who can perform CIFS scanning on Files.

They want to know if AMP can do that.

AMP for Endpoint can scan CIFS ?


Everyone's tags (1)
Cisco Employee

Re: AMP for Endpoint CIFS scanning

Hi Guillermo,

If the question is about catching malware copying or moving to and from the shares, then yes - AMP will be able to catch it, as files are written or read from the local computer disk. On the other side, if the user is accessing files on the share directly, that may be an issue. Do you have more details on the server side protocol? and what are the shares?

Cisco Employee

Re: AMP for Endpoint CIFS scanning

Hi Evgeny,  thanks a lot for your answer.

Trying to understand the real situation I asked to the partner about that, their answer: 

"They currently have Trend software that performs CIFS scanning on Files.

File Services over CIFS/SMB 2.0 and 3.0 file sharing protocols.  They are scanning the files obtained this way with Trend. They want to know if AMP can displace Trend."

As I understood the workstations has mapped some Folders using File Sharing feature (SMB) and they scan the files on that.

Cisco Employee

Re: AMP for Endpoint CIFS scanning


I'd like to understand what actually stands behind their statement. But in general scanning the file share sounds a bit too reactive and also given the number of files on a share (commonly), will take a long time. AMP for Endpoints can scan files that a user "gets" to the disk of the local machine, it won't scan files residing on the share itself (does it make even make sense to do that). I think we should reinforce the statement that with AMP for Endpoints there's barely a need to perform any scanning since all files are inspected upon copies, moves, executes that touch the disk of the local machine where an AMP connector is installed. AMP for Networks could also be discussed with the partner as a more proactive approach (for protecting the share and the user).