Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4442
Views
0
Helpful
2
Replies

amp for endpoint cloud

ring zer0
Level 1
Level 1

‎10-03-2016 11:14 AM - edited ‎02-20-2020 09:02 PM

In AMP for endpoint dashboard in Detections/Quarantine. I see some items as "Quarantine: Not seen". What does not seen mean over here

1 person had this problem
Labels:
0 Helpful
2 Replies 2

aledipas
Cisco Employee
Cisco Employee

‎10-05-2016 05:17 AM

This indicates that the quarantine action did not take place. The primary cause for this event is when the FireAMP connector is configured in Audit Mode. FireAMP is detecting a malicious file, but is not permitted to quarantine it per the policy settings. In rarer cases this can be caused by race conditions with co-existing AV or security products, but this case is more likely to produce a Quarantine: Failed event.

0 Helpful

syeda3
Level 1
Level 1

‎02-03-2017 07:32 AM

Quarantine: Not seen shows that the quarantine action did not take place. In Audit mode it puts the FireAMP Connector in a mode that will only detect malicious files but not quarantine them. Malicious network traffic is also detected but not blocked.

Pleasee see the below url for the creation of policies on page 15.

http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf

Hope to help.

0 Helpful
Customers Also Viewed These Support Documents