Endpoint Security

Resolved! macOS Security Changes = Can No Longer Silently Uninstall AMP Endpoint Client

We pre-approve disk access and extensions with Jamf config profiles for silent AMP endpoint client installations on our macOS devices. Inevitably, due to bugs or interruptions or whatever quirk of the day, we wind up with some small number of devices...

Resolved! How to upgrade OpenSSL on Cisco 2960

Hello everyone,I recently had a vulnerability scan on my network and our old Cisco 2960 OpenSSL vulnerability. What are the commands I can run to upgrade or fix this issue. Here is the solution they gave me below and thank you in advance for you h...

Resolved! Connector Download detected as Gen:Variant.Symmi.84797

When attempting to download the current connector from the Console, the first download succeeds, then subsequent downloads are triggering an alert for Gen:Variant.Symmi.84797Policy was updated today for the Endpoint and on version 8.1.3

Custom Exclusion/White list for Script Control

Hi, I have a couple of questions:1> In the Script Control section of the policy.xml file there is an option to exclude certain processes or whitelist a folder, however I couldn't find where to configure these settings in the Secure Endpoint console. ...

pda authentication timeout

I am using pda through cisco wireless. and, apWhile replacing it with 9120, the authentication method was changed to 802.1x. According to the customer, the service has been unstable since the change, and looking at the log of the pda,intermittentlyCo...

Resolved! Could not get a handle on the process's executable

We have a Windows server running on 7.5.3 (Scheduled for upgrade to 8.1.3 shortly). There is a threat detected on the server and it was successfully quarantined. When viewing the details of the event in Event Trajectory, it says on the detected file ...

Resolved! AMP - full scan through SecureX

Hello everyone,I have created multiple workflows to alert on different types of events and now I am looking for a possibility to initiate a full scan via SecureX workflow. I have run through API documentation (https://api-docs.amp.cisco.com/api_resou...

Isolating Exchange Server with AMP / OWA still accessible

Hi there, We recently isolated an Exchange Server using the AMP Dashboard. However, it appears that the Outlook Web Access (OWA) application that is running from it, was still active and accessible from the internet. Please clarify if AMP Isolation m...

Resolved! AMP for Endpoints Deployment

We have 1500 AMP for Endpoints licenses - I just watched a video on deploying them - from what I saw I would need each pc to go to https://console.amp.sourcefire.com portal page and download these individually. 1 - How would I get a login for the so...

Resolved! infected file originated from

Hello,When investigating a threat detected, is there a way to see how the infected file got on the machine? Is secure endpoint able to track it from a website, email, USB, etc?Thanks

Resolved! Cisco AMP Disposition

Hi everyone,Cisco AMP found different malicious files, I saw 2 different dispositions on Cisco AMP:Disposition: MaliciousDisposition: BlocklistedBoth files quarantined but can someone explain what is the difference between blocklisted and malicious d...

Resolved! Kenna Risk score - Score Unavailable: Windows 10 required

Hi, We are using Cisco for Endpoint (former AMP) on all our windows clients and server and would like to use the feature called "Kenna Risk score" but on all client it says that windows 10 i required, we are using windows 10, win 11, win 2019 server ...

Cisco Secure Endpoint - Exclusions - Epic

I am currently running a project where we are updating Cisco Secure Endpoint on all over our servers from 7.3.15 to 7.5.5. Since we first deployed what was originally known as Cisco AMP we have experienced 100% CPU issues with a fair amount of our E...

False positives regarding tmp files from chrome.exe

Over the past few weeks, I have been getting quite a few notifications about tmp files getting flagged in Cisco AMP, but the file never gets quarantined. It just says that it failed to quarantine the file because it's already been "deleted, moved, or...

Resolved! Solitarie Collection in Windows 11 reported as a threat

We see a lot of events regarding the solitarie.exe (Solitaire colection) detected as a threat on windows 11.We are able to allow the application un AMP but would like to report this as a false poitive, just to avoid all events. Since i dont have any ...

Endpoint Security

Forum Posts

Resolved! macOS Security Changes = Can No Longer Silently Uninstall AMP Endpoint Client

Resolved! How to upgrade OpenSSL on Cisco 2960

Resolved! Connector Download detected as Gen:Variant.Symmi.84797

Custom Exclusion/White list for Script Control

pda authentication timeout

Resolved! Could not get a handle on the process's executable

Resolved! AMP - full scan through SecureX

Isolating Exchange Server with AMP / OWA still accessible

Resolved! AMP for Endpoints Deployment

Resolved! infected file originated from

Resolved! Cisco AMP Disposition

Resolved! Kenna Risk score - Score Unavailable: Windows 10 required

Cisco Secure Endpoint - Exclusions - Epic

False positives regarding tmp files from chrome.exe

Resolved! Solitarie Collection in Windows 11 reported as a threat

Can I find my Cisco Contract number in my CSE or Webex account?

MDM IPAD NOT REGISTERED on cisco ISE

Cisco Secure Access Policy for Mobile Devices

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Umbrella Secure Client (Anyconnect Umbrella only) and Citrix

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods

FMC Rule to allow HTTPS connectivity to FQDNS

False positive?

What is the login URL for Cisco CSE?