Re: AMP - Microsoft Cluster aware

techytuesday · ‎12-03-2019

Is Cisco AMP for Endpoints cluster aware? Are there certain exclusions that need to be in place for Microsoft SQL Clustering?

kurt.westenhoefer@denbury.com · ‎01-10-2020

Did you have any luck tracking this down?

martinmecu · ‎10-26-2020

I guess still no response from Cisco? We have run into issues with 2 SQL Clusters so far.

Davedog · ‎10-26-2020

its a new problem for us, I'm just starting out looking into it.

techytuesday · ‎10-26-2020

Try disabling the Malicious Activity Protection under Modes and Engines within the policy. See if this resolves your issue.

Troja007 · ‎10-29-2020

Hello all,
some hints from my side.

you may install the connector with the /skipdfc 1 command, to skip the network driver installation. For systems with very high network activity, it can be tricky to monitor the network traffic.
Have seen another discussion, where disabling MAP can helped. You may disable at least the "Monitor network drives" under Advanced Settings -> Engines -> Malicious Activity Protection.
I also suggest to exclude cluster related processes from scanning and the quorum disk.

Greetings,
Thorsten

techytuesday · ‎10-29-2020

Hi Thorsten, I didnt realize the setting under Advanced Settings Engines for MAP for Monitor network drives was there. So are you saying you can just turn it off there and leave it enabled under Modes and Engines -> Conviction Modes -> Malicious Activity Protection still be protected from ransomware which is MAPs purpose? What is the difference between the two settings? Wouldnt one require the other?