Endpoint Security

Cisco Secure Endpoint Horizon Environment Duplicates in Console

Greetings to all,I am having a situation in which I am getting computer duplicates in the Cisco Secure Endpoint Console. I am well aware that there is a special procedure for prepping a golden image, setting up identity persistence and using scripts...

Resolved! Console event type renamed again

13 March 2024Secure Endpoint Console 5.4.20240313Bugfixes/Enhancementsl Renamed console event types:l Threat Detected renamed to File Detection.On the 27th of April this was renamed from File Detection back to Threat Detection. Does anyone know why t...

I want to create a pop-up notification if computer gets isolated

Our organization would like to create a pop-up notification on an end user's device that informs them that their computer has been isolated and they need to contact IT services.My question, is there a specific registry key or a file that gets created...

suddenly i could not ping server gateway eve ng dot1x

After implementing dot1x on switch, suddenly I lost my active directory ability to connect its gateway and machines could not get DHCP IP address (I have not setted any GPO on my active directory)Weirdest thing I have ever encountred.

Orbital endpoints not populating

I have Cisco AMP MSP console with multiple organizations in it. Some have basic tiers of AMP and some have advanced. When I navigate to one of the consoles with Advanced tier and try using Orbital it askes me to sign in. Then I pick Secure X Sign On....

Resolved! FPR 1010 updating anyconnect/secure client

Hello,my Costomer has a FPR 1010 and they use Firepower Device Manager for it.He wants to update the secure client. I have found several instructions that Firepower can do this automatically. Most of them for the FMC and only a couple for FDM but the...

Veeam Backup and Replication. Cisco Endpoint for SureBackup anti malwa

Hello. We use Veeam Backup and Replication for backup and for Surebackup (and for anti malware scanning of backupfiles) in a vmware vcenter environment. Veeam B&R can be configured through a AntivirusInfos.xml file to use products like Symantec Prot...

False positive for Edge?

Hi. I wanted to toss this out there to see if anyone else encountered this in the last week or so.This morning, I opened up the console to 40% of my endpoints indicating a compromise. I opened one computer to start investigating. I found it to be a r...

Amp service not starting

I have a laptop which won't start the Amp service. I've updated it from 8.2.1 8.2.4 and still get the same problem.The event log gives this:Faulting application name: sfc.exe, version: 8.2.4.30130, time stamp: 0x65cfcfa4Faulting module name: sfc.exe...

ISE Essentials License and Apple products for 802.1x

Hello friends.I'm working on setting up ISE on Azure for our org. we have combination of domain joined windows clients, IP phones and iPads (Apple products). I have two questions to start the process.1- does ISE Essentials License support Apple produ...

How to investigate high number of alerts for browser cache files

Hi, The File Detection category generates a lot of alerts on browser cache with signatures like these:GT:JS.Hyena.xGT:JS.Injected.xTrojan.Generic.xTrojan.GenericKD.xAuto.x.in02W32.x.in12.TalosMost of the time these files are unique so they won't be o...

End point detection

I am new to cisco endpoint and will need some help in creating rolling 3 months analysis for end point positive detectionsand also analysis for false positive detection.Any help and directions will be deeply appriciated.Thanks

Resolved! Sockets

John McClane found Safe Mode for Android and iOS. He removed the banking app. He is dedicating himself to his maximum security rack, a long-time dream. Proxies are active on smartphones for now. He needs connectivity today. But his money is under the...

SlowProcessor unable to calculate hash using handle

We're having trouble running Office 365, is there application blocking where files can't be opened, is there any fix or policy enforcement to get it back up and running? Logs: (22455125, +0 ms) Jan 03 14:46:13 [7440]: ERROR: Event::SlowProcessor unab...

Insolate a linux in cisco amp

Good morning! We're currently facing the challenge of isolating our Linux systems (running Ubuntu and Debian) from the Cisco Secure Endpoint console (formerly known as AMP). Despite our efforts, we haven't been able to find a direct method to achieve...

Endpoint Security

Forum Posts

Cisco Secure Endpoint Horizon Environment Duplicates in Console

Resolved! Console event type renamed again

I want to create a pop-up notification if computer gets isolated

suddenly i could not ping server gateway eve ng dot1x

Orbital endpoints not populating

Resolved! FPR 1010 updating anyconnect/secure client

Veeam Backup and Replication. Cisco Endpoint for SureBackup anti malwa

False positive for Edge?

Amp service not starting

ISE Essentials License and Apple products for 802.1x

How to investigate high number of alerts for browser cache files

End point detection

Resolved! Sockets

SlowProcessor unable to calculate hash using handle

Insolate a linux in cisco amp

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Orbital Execute Powershell Cmdlet for installed modules from PSGallery

error:x509 certificate signed by unknown authority - Cisco Orbital AMP

AMP Connector installation using Addigy device manager tool on MAC boo

Define Endpoint Purge Rule

Better Understanding

Anyone experiencing blue screens with Cisco Secure Endpoint 8.4.4?

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods

FMC Rule to allow HTTPS connectivity to FQDNS