Hi All,Facing an Error while downloading connector and selecting groups. PFA and let me know how to resolve it.
Forum Posts
I am trying to figure out how to block certain types of files from being created on the workstation using AMP. The example is I want to prevent a user from drag and dropping an email onto their local drive (.msg) file. I have been told I may be...
Is there a way to recover a file that was quarantined by AMP?When I try to retrieve the file I get an automated email, [Cisco Secure Endpoint] File upload failed with no further details.I do see a file in C:\Program Files\Cisco\AMP\Quarantine with ab...
Resolved! AMP - AV Update message
Hello, I have a silly question, on dashboard of AMP for Endpoints > Management > Computers, it says that a number specific of computers need AV Update, but what´s the minning of this?? Something with connector or identifies that need a third party A...
We pre-approve disk access and extensions with Jamf config profiles for silent AMP endpoint client installations on our macOS devices. Inevitably, due to bugs or interruptions or whatever quirk of the day, we wind up with some small number of devices...
Resolved! How to upgrade OpenSSL on Cisco 2960
Hello everyone,I recently had a vulnerability scan on my network and our old Cisco 2960 OpenSSL vulnerability. What are the commands I can run to upgrade or fix this issue. Here is the solution they gave me below and thank you in advance for you h...
When attempting to download the current connector from the Console, the first download succeeds, then subsequent downloads are triggering an alert for Gen:Variant.Symmi.84797Policy was updated today for the Endpoint and on version 8.1.3
Hi, I have a couple of questions:1> In the Script Control section of the policy.xml file there is an option to exclude certain processes or whitelist a folder, however I couldn't find where to configure these settings in the Secure Endpoint console. ...
I am using pda through cisco wireless. and, apWhile replacing it with 9120, the authentication method was changed to 802.1x. According to the customer, the service has been unstable since the change, and looking at the log of the pda,intermittentlyCo...
We have a Windows server running on 7.5.3 (Scheduled for upgrade to 8.1.3 shortly). There is a threat detected on the server and it was successfully quarantined. When viewing the details of the event in Event Trajectory, it says on the detected file ...
Resolved! AMP - full scan through SecureX
Hello everyone,I have created multiple workflows to alert on different types of events and now I am looking for a possibility to initiate a full scan via SecureX workflow. I have run through API documentation (https://api-docs.amp.cisco.com/api_resou...
Hi there, We recently isolated an Exchange Server using the AMP Dashboard. However, it appears that the Outlook Web Access (OWA) application that is running from it, was still active and accessible from the internet. Please clarify if AMP Isolation m...
Resolved! AMP for Endpoints Deployment
We have 1500 AMP for Endpoints licenses - I just watched a video on deploying them - from what I saw I would need each pc to go to https://console.amp.sourcefire.com portal page and download these individually. 1 - How would I get a login for the so...
Resolved! infected file originated from
Hello,When investigating a threat detected, is there a way to see how the infected file got on the machine? Is secure endpoint able to track it from a website, email, USB, etc?Thanks
Resolved! Cisco AMP Disposition
Hi everyone,Cisco AMP found different malicious files, I saw 2 different dispositions on Cisco AMP:Disposition: MaliciousDisposition: BlocklistedBoth files quarantined but can someone explain what is the difference between blocklisted and malicious d...
