Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1733
Views
0
Helpful
2
Replies

AMP Endpoint scanning its own quarantine????

Steve Bellan
Level 1
Level 1

‎10-16-2018 06:12 AM - edited ‎02-20-2020 09:06 PM

I thought by default it did not scan its own quarantine folder. We are getting a lot of alerts from this. No big deal if we have to add to exclusions manually, just making sure not missing something. 

Labels:
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎11-16-2018 09:29 PM

Can you:

1. Post the exact path that the alert is coming from

2. Screenshot of the notification

 

Thank you for rating helpful posts!

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee

‎11-17-2018 08:09 AM

Steve,

 

This could happen if you've created a new policy and didn't include the default exclusion set.  By default, AMP does not scan its own directories, but it could if those exclusions were removed.

 

-Matt

0 Helpful
Customers Also Viewed These Support Documents