We are currently needing anything block/allow listed in AMP for export, however this list is very extensive (hundreds of entries) and from the portal it only appears you can view them, and must click on each on to view the hashes/rule to copy. Is the...
Forum Posts
We currently use Cisco Secure Endpoint (Tetra enabled) together with Windows Defender on servers (2019, 2022). We havent noticed any issues with this combination yet, but would we benefit from disabling Windows Defender or possibly turning off the te...
Cisco Secure EndpointWhen initiating Full IOC scans we sometimes encounter the event log showing the results of the scan as (Scanned 0 objects. Found 0 matching objects and 0 malicious detections | Endpoint IOC Scan clean)Normally we expect the event...
Hi All,I have observed lots of demo computers have been randomly added to pre-default group of Secure endpoint console i.e (protect, audit, triage). However i have deleted all those random computers and group also. What it could be? Can it be a some ...
We're observing a threat detection notification on SEP for known Microsoft apps. We believe it's false positive. We were not able to submit file reputation case on Talos.All three files are located in C:\Program Files\WindowsApps\Microsoft.DesktopApp...
I am part of a team doing a deployment for a customer, and they have chosen to use the Cisco Secure Endpoint, Endpoint Protection, AMP, whatever it is called. This is the first problem, because I can't find any consistent documentation for assistanc...
Dear Community,We are using AnyConnect version 4.XX.XXWe plan to upgrade from old current version to new Secure Client.There are four latest version of Secure client version ( 5.0.04032, 5.0.03076, 5.0.03072, 5.0.02075 ).Please kindly recommend which...
Resolved! Security commands in Linux systems
good morning communityWell I was looking for different commands to quickly view who has been logged to a device.I saw 2 curious commands: who mum likes and who mum hates, I tried to find additional information for the last one but there is nothing cl...
How to prevent a user from changing the settings of Cisco Jabber for example he will not be able to turn off the biometric identification?
I have a lot of Endpoints that have failed to update their Signatures within the last 24 hours. After looking into it, the Error Code showing for these events is 52 but I have no reference material to address this. Anyone know what the error code mea...
Hello,I have a MacOS with Umbrella installed on it. Umbrella is active via the Cisco Secure Client, however the status of the roaming profile is as the title says, "Application config file could not be loaded". I have confirmed that updating my profi...
Hello, On my ASA, I see the logs from ASDM, in notification mode, but I only see the accesses appearing in deny.ACLs authorize all HTTP/HTTPS traffic to our proxy server. How can I see not only traffic incoming refused, but also everything that is au...
How to use the ISE API to obtain as many data as the .csv file fields generated from Total Endpoints->Export->Export All in the web page?Currently, I use Postman to use https://XXX.XXX.XXX.XXX:9060/ers/config/endpoint to obtain the following:{ "Sea...
Resolved! Cisco Secure Endpoint issue.exe
Hi team. I received an alert of an Endpoint related to lsass.exe, but after analyzing the SHA-256 (95888daefd187fac9c979387f75ff3628548e7ddf5d70ad489cf996b9cad7193) they are clean and in the correct path and the truth is from my point of view I do n...
If a file is quarantined by AMP for endpoints, is the end user that had the file supposed to be notified?We had this happen and there was no warning for the end user.Is there a setting to turn this on or is there not supposed to be a warning?
