AMP for Endpoints Simple Custom Detection quarantine event missing
According to Cisco Secure Endpoint documentation:
” A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine. Not only will an entry in a Simple Custom Detection list quarantine future files, but through Retrospective it will quarantine instances of the file on any endpoints in your organization that the service has already seen it on.”
I have added the hash SHA 256 49ebb7feff3bde78611e87adf6cf34b980284e8401c413f409dbb9e3b6d0b642 to Simple Custom Detection list. Cloud IOC: ExecutedMalware.ioc alert is still appearing. File is being detected by Simple_Custom_Detection and The file was not quarantined. Quarantine event missing message generates. Benign parent disposition is mentioned. Node belongs to protect policy with conviction modes listed below. Can someone please provide tips on how can I force quarantine?
Operating System Connector Version Install Date Definition Version Update Server
Windows 8.1 Enterprise
TETRA 64 bit (daily version: 85783)
driverupdate.exe,DriverUpdate 188.8.131.52(49ebb7fe…b6d0b642)[PE_Executable] was Executed byexplorer.exe,Microsoft® Windows® Operating System 6.3.9600.18460(d2faf086…20844fae)[PE_Executable] .
The file wasnot quarantined. Quarantine event missing.
Benign parent disposition.
File full path:c:\program files\driverupdate\driverupdate.exe
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...