Endpoint Security

Isolating Exchange Server with AMP / OWA still accessible

Hi there, We recently isolated an Exchange Server using the AMP Dashboard. However, it appears that the Outlook Web Access (OWA) application that is running from it, was still active and accessible from the internet. Please clarify if AMP Isolation m...

Resolved! AMP for Endpoints Deployment

We have 1500 AMP for Endpoints licenses - I just watched a video on deploying them - from what I saw I would need each pc to go to https://console.amp.sourcefire.com portal page and download these individually. 1 - How would I get a login for the so...

Resolved! infected file originated from

Hello,When investigating a threat detected, is there a way to see how the infected file got on the machine? Is secure endpoint able to track it from a website, email, USB, etc?Thanks

Resolved! Cisco AMP Disposition

Hi everyone,Cisco AMP found different malicious files, I saw 2 different dispositions on Cisco AMP:Disposition: MaliciousDisposition: BlocklistedBoth files quarantined but can someone explain what is the difference between blocklisted and malicious d...

Resolved! Kenna Risk score - Score Unavailable: Windows 10 required

Hi, We are using Cisco for Endpoint (former AMP) on all our windows clients and server and would like to use the feature called "Kenna Risk score" but on all client it says that windows 10 i required, we are using windows 10, win 11, win 2019 server ...

Cisco Secure Endpoint - Exclusions - Epic

I am currently running a project where we are updating Cisco Secure Endpoint on all over our servers from 7.3.15 to 7.5.5. Since we first deployed what was originally known as Cisco AMP we have experienced 100% CPU issues with a fair amount of our E...

False positives regarding tmp files from chrome.exe

Over the past few weeks, I have been getting quite a few notifications about tmp files getting flagged in Cisco AMP, but the file never gets quarantined. It just says that it failed to quarantine the file because it's already been "deleted, moved, or...

Resolved! Solitarie Collection in Windows 11 reported as a threat

We see a lot of events regarding the solitarie.exe (Solitaire colection) detected as a threat on windows 11.We are able to allow the application un AMP but would like to report this as a false poitive, just to avoid all events. Since i dont have any ...

Auto-Update of Cisco Secure Client Umbrella module with SecureX

Hello, I'm deploying the Umbrella module of the Cisco Secure Client 5 in Windows and macOS devices, and I've seen the Auto-Update feature available from the Umbrella Dashboard is not supported by Cisco Secure Client 5 (only for Anyconnect 4.x). I ne...

Resolved! PowerShell detected as Malware

For a long time I received many alerts about the Powershell being indentified as Malware, when a retrospective Malware alert was received making that file as Clean.Common detecion: W32.PowershellEncodedBuffer.iocDid anyone else see this same behavior...

Resolved! Is AMP for Network (malware detection) available through FMC in a closed network?

Good morning. I understand that integration with Talos Cloud is necessary to properly use malware detection through FMC and FTD. How can I apply it in a closed network? SRU or Geo information can be manually imported, and I wonder if the FMC also has...

Secure Endpoint Cloud IOC not displaying in Device Trajectory

We output Secure Endpoint events to our SIEM. I am seeing Cloud IOC events in the SIEM, however, upon review of the endpoint in Secure Endpoint, the IOC indicators are displayed. This appears to be true of low-criticality events. Also, when I at...

ISE PSN node down, close mode devices are not reachable

I am implementing ISE 3.1 in my organization. In open mode devices are reachable and available on network irrespective of their authentication status. But in close mode new devices are not getting authenticated and due to that they are unable to join...

Error 5400 and 22056 Cisco ISE

Hey everyone, Just wondering if anyone knows why a user would get a Event 5400 Authentication failed (Failure Reason is 22056 Subnet not found in the applicable identity store(s). The laptop has just gone through a successful authentication and swit...

Secure endpoint 7.5.1 to 8.0.1 upgrade failure

Hello fellow IT peeps!I have been doing some testing with deploying 8.0.1 on to some clients that have 7.5.1 and I'm getting mixed results. I created a new policy to update the client and added 6 PCs to a new group that has the policy assigned to i...

Endpoint Security

Forum Posts

Isolating Exchange Server with AMP / OWA still accessible

Resolved! AMP for Endpoints Deployment

Resolved! infected file originated from

Resolved! Cisco AMP Disposition

Resolved! Kenna Risk score - Score Unavailable: Windows 10 required

Cisco Secure Endpoint - Exclusions - Epic

False positives regarding tmp files from chrome.exe

Resolved! Solitarie Collection in Windows 11 reported as a threat

Auto-Update of Cisco Secure Client Umbrella module with SecureX

Resolved! PowerShell detected as Malware

Resolved! Is AMP for Network (malware detection) available through FMC in a closed network?

Secure Endpoint Cloud IOC not displaying in Device Trajectory

ISE PSN node down, close mode devices are not reachable

Error 5400 and 22056 Cisco ISE

Secure endpoint 7.5.1 to 8.0.1 upgrade failure

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Cloud IOC: ExecutedMalware.ioc

Byod access with ISE guest portal using AD store

Cisco Secure Endpoint Service Launcher fail after update

Cisco Secure Endpoint Horizon Environment Duplicates in Console

Veeam Backup and Replication. Cisco Endpoint for SureBackup anti malwa

False Positive? "Adobe Genuine Helper.exe"

About Cisco Threatgrid API

Policy Update Failed, code 3242196993?

Downloading an old amp connector

No parameter to create an installation log file?