Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3471
Views
5
Helpful
3
Replies

AMP for Endpoint

abbasali5
Level 1
Level 1

‎06-11-2017 02:47 PM - edited ‎02-20-2020 09:04 PM

Does AMP for Endpoints  have any native memory-based malware blocking capability?

Not looking for detection, but active protection for memory based malware without the use of CTA?

Thanks,

Labels:
0 Helpful
3 Replies 3

David Janulik
Cisco Employee
Cisco Employee

‎06-12-2017 01:31 AM

Hi,

The AMP itself is capable and primary works with files. The low prevalence files may be automatically submitted for File Analysis in the Threat Grid cloud. This evaluates all file artifacts, file activity, Behavioral indicators. This should be the active protection for unknown files.

Best Regards

David

Cyber security escalation engineer
0 Helpful

NicholasLudwiczak
Level 1
Level 1

‎12-20-2017 05:00 AM

It looks like the latest version of AMP, 6.0.5, released Dec 5, 2017 has some memory attack prevention.  Here are some excerpts from the release notes.

 
• Exploit Prevention detection engine to block exploits and memory attacks that target
certain processes.
 
•System Process Protection adds protection for memory attacks against certain Windows
system processes.

Troja007
Cisco Employee
Cisco Employee

‎10-11-2018 08:34 AM

Hello,

the new Malicious Activity Protection Engine and Exploit Prevention Engine are in place to cover such topics.

Cheers

0 Helpful
Customers Also Viewed These Support Documents