07-28-2017 12:48 PM - edited 02-20-2020 09:04 PM
Hello,
If AMP detects a malicious executable that's already running, will it kill the process, or can it only prevent new instances from starting?
Thanks!
Keith
Solved! Go to Solution.
10-09-2017 03:00 AM
AMP automatically detects and blocks threats in real time using global data analytics, machine learning, fuzzy fingerprinting, rootkit scanning, and a built-in antivirus engine.
From Cisco:Cisco Advanced Malware Protection (AMP) for Endpoints - Cisco
AMP scans continiously and blocks somehow if any found.
10-09-2017 03:00 AM
AMP automatically detects and blocks threats in real time using global data analytics, machine learning, fuzzy fingerprinting, rootkit scanning, and a built-in antivirus engine.
From Cisco:Cisco Advanced Malware Protection (AMP) for Endpoints - Cisco
AMP scans continiously and blocks somehow if any found.
10-09-2017 10:38 AM
The AMP for Endpoints connector is able to terminate processes if they are found to be malicious, yes. Note the "Monitor Process Execution" setting under the File tab of your AMP policy settings.
11-28-2017 05:55 AM
Yes AMP will be able to kill the process
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide