Over the past few weeks, I have been getting quite a few notifications about tmp files getting flagged in Cisco AMP, but the file never gets quarantined. It just says that it failed to quarantine the file because it's already been "deleted, moved, or...
Forum Posts
We see a lot of events regarding the solitarie.exe (Solitaire colection) detected as a threat on windows 11.We are able to allow the application un AMP but would like to report this as a false poitive, just to avoid all events. Since i dont have any ...
Hello, I'm deploying the Umbrella module of the Cisco Secure Client 5 in Windows and macOS devices, and I've seen the Auto-Update feature available from the Umbrella Dashboard is not supported by Cisco Secure Client 5 (only for Anyconnect 4.x). I ne...
Resolved! PowerShell detected as Malware
For a long time I received many alerts about the Powershell being indentified as Malware, when a retrospective Malware alert was received making that file as Clean.Common detecion: W32.PowershellEncodedBuffer.iocDid anyone else see this same behavior...
Good morning. I understand that integration with Talos Cloud is necessary to properly use malware detection through FMC and FTD. How can I apply it in a closed network? SRU or Geo information can be manually imported, and I wonder if the FMC also has...
We output Secure Endpoint events to our SIEM. I am seeing Cloud IOC events in the SIEM, however, upon review of the endpoint in Secure Endpoint, the IOC indicators are displayed. This appears to be true of low-criticality events. Also, when I at...
I am implementing ISE 3.1 in my organization. In open mode devices are reachable and available on network irrespective of their authentication status. But in close mode new devices are not getting authenticated and due to that they are unable to join...
Hey everyone, Just wondering if anyone knows why a user would get a Event 5400 Authentication failed (Failure Reason is 22056 Subnet not found in the applicable identity store(s). The laptop has just gone through a successful authentication and swit...
Hello fellow IT peeps!I have been doing some testing with deploying 8.0.1 on to some clients that have 7.5.1 and I'm getting mixed results. I created a new policy to update the client and added 6 PCs to a new group that has the policy assigned to i...
Resolved! Spero and ETHOS
Hello, I am just getting familiar with Secure Endpoint and would like to know more about Spero and Ethos engine. I could not find DETAILED information about how these engines work and what they do. Would be grateful if someone provides documentation....
Good day all! We've come across a few incidents where we would initiate a scan(full or flash) on a machine from the console and the events of the scan starting and finishing would show up over an hour after those events actually happened. Is this com...
Any way to disable this? We would prefer it if end users couldn't kill this on their own...
HI, i have a problem to implement MACSEC on switch 9300, The session MKA is not createdthe design is:SWITCH(MACSEC) - SWITCH(NO-MACSEC) - SWITCH(MACSEC)this is the configuration on interfaces:#interface GigabitEthernet1/0/1no switchportip address 1.1...
Hi all, I've not been able to find an answer for this, so hopefully someone can help me.I've installed Cisco Amp endpoint security on a Golden Image server, and part of the image preparation requires me to stop the Cisco Amp processes and services. U...
Hi, I have to install Secure endpointt on an old server (that is going to be replaced soon), not supported by version 8.0.1 Is there any possibilities to get a 7.5.5 somewhere? Thanks for any help.
