11-30-2018 09:01 AM - edited 02-20-2020 09:07 PM
Hi all,
I have a freshly installed windows 10 pro with an AMP for Endpoints connector running in conjunction with Windows Defender. Windows Defender quickly started finding all kinds of "threats" in paths like
C:\Program Files\Cisco\AMP\clamav\0.99.2.35\temp\clamtmp\0005718b.tmp
C:\Program Files\Cisco\AMP\clamav\0.99.2.35\temp\clamtmp\clamav-61129689be88cab63e3e69f5866eb3c1.tmp\pdf45
I'm presuming that these are virus definitions, and the solution is to add C:\Program Files\Cisco\AMP\clamav to Windows Defender's ignore list.
Thanks in advance,
Jack
Solved! Go to Solution.
11-30-2018 09:05 AM
Jack,
You are correct that these are signatures. Without these, AMP won't be able to perform local file analysis. If you're going to run Defender and AMP together, please exclude the AMP directories from Defender and Defender directories from AMP.
Thanks,
Matt
11-30-2018 09:09 AM
The connector will check in every hour by default (can be set in the policy) to ensure the signatures are up to date. At that point, it should download the missing files.
-Matt
11-30-2018 09:05 AM
Jack,
You are correct that these are signatures. Without these, AMP won't be able to perform local file analysis. If you're going to run Defender and AMP together, please exclude the AMP directories from Defender and Defender directories from AMP.
Thanks,
Matt
11-30-2018 09:07 AM
11-30-2018 09:09 AM
The connector will check in every hour by default (can be set in the policy) to ensure the signatures are up to date. At that point, it should download the missing files.
-Matt
11-30-2018 09:12 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide