Hi All, We are facing replication issue in our environment we have 8 nodes in our deployment 2 Admin 2 Monitoring and 2 PSN and running dot1x , BYOD and posture services. On primary node we are getting Replication issue for all other nodes and when w...
Error Code 3240361993Description Exploit Prevention failed to start and is not working as expected. Please contact support I see this error on several machines in my environment after update to 7.3.13.20165.How do I we correct this issue, so that my ...
I'm not sure if this is the right place to ask. I have an old EXE file, which has been incorrectly flagged as malware by both Cisco and Windows Defender. I have contacted Microsoft support, they confirmed that it was a false positive. Therefore, they...
Hi Team,
One of our customers had a malware attack on the critical servers hence in the process of a endpoint AMP PoV. The connectivity for these servers to Cisco cloud has been provided as per the documentation of FireAMP. But still getting an erro...
In our VMware Horizon 8.1 environment with Windows 10 20H2 linked clones we are implementing AMP for Endpoints.The installation with the Identity Persistence (setup.exe /R /S /goldenimage 1) works fine. Also the Ubuntu Local AMP update server works w...
We recently had a new client get hit with the DarkSide Crypto Ransomware that came from inside their network. We found some vulnerabilities on their servers that the client had setup and ended them in this situation. My manager asked me to look into ...
Thanks for attending our March ATXs session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology questions thro...
Good morning. When I do an API call looking for any info about specific IPs, for groups, using this URI:https://api.amp.cisco.com/v1/computers?internal_ip=10.0.0.1&internal_ip=10.0.0.2&internal_ip=10.0.0.3&internal_ip=10.0.0.4&internal_ip=10.0.0.5&in...
Hi Everyone.
I'm trying to write a guide for our analysts on how to perform threat validation when receiving Malicious Activity Detection alerts.
I have a filter set up in AMP that emails the groups when certain events are observed. Specifically we...
We have a client with over 400 Windows workstations and need to have about 70 Window 7 workstations upgraded from the AMP Connector version 5.1 to version 7.3.13.20165. Is it possible to put these workstations in a separate group with a separate poli...
Hello All, Today after a month of using ISE my users were not able to authenticate but machine authentication succeeded. Please help. This is the error i got from the live logs Issued PAC type=Machine Authorization with expiration time: Wed Mar 24 20...
Hello,Is there a way to check what happened to the malicious file when Cisco Endpoint Security detects a threat and generate an even. When I enter the Sha-256 hash I can see other information but not what happened? For example: Threat detected and fi...
AMP sometimes sends massive alerts about exploit prevention. Mostly its from IEXPLORE.exe, Acrord32.exe, RdrCEP.exe, EwUpdater.exe. Why is this happening? they are all safe apps. Is there anyway to stop this alerts? besides disabling the option?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: