cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3798
Views
0
Helpful
1
Replies

AMP for Endpoint detect malware intrusion event

peter.peng
Level 1
Level 1

Hi Sir:
   Could you help me to confirm AMP4Endpoit detect the event of below scenario ?
When client click the malicious website and download the malware. The malware will try to compromise the other computers at the same subnet. What kind of event that AMP4Endpoint will record it ? Just only the event that it's inside one computer ? or including the event of one pc compromise to the others.

1 Accepted Solution

Accepted Solutions

Wojciech Cecot
Cisco Employee
Cisco Employee

Hi Peter,

 

If the attachment on the website is malicious, AMP will quarantine it immediately after download (and for example if it will go through FTD that is integrated with AMP, there will connection reset before download happens).

 

In such case it should NOT spread across other PCs, while it will be quarantined on the first endpoint. Example of the event in AMP console:

Screenshot 2019-03-19 at 15.41.55.png

 

Hope that helps,

Wojciech

View solution in original post

1 Reply 1

Wojciech Cecot
Cisco Employee
Cisco Employee

Hi Peter,

 

If the attachment on the website is malicious, AMP will quarantine it immediately after download (and for example if it will go through FTD that is integrated with AMP, there will connection reset before download happens).

 

In such case it should NOT spread across other PCs, while it will be quarantined on the first endpoint. Example of the event in AMP console:

Screenshot 2019-03-19 at 15.41.55.png

 

Hope that helps,

Wojciech

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: