We output Secure Endpoint events to our SIEM. I am seeing Cloud IOC events in the SIEM, however, upon review of the endpoint in Secure Endpoint, the IOC indicators are displayed. This appears to be true of low-criticality events. Also, when I at...
Forum Posts
I am implementing ISE 3.1 in my organization. In open mode devices are reachable and available on network irrespective of their authentication status. But in close mode new devices are not getting authenticated and due to that they are unable to join...
Hey everyone, Just wondering if anyone knows why a user would get a Event 5400 Authentication failed (Failure Reason is 22056 Subnet not found in the applicable identity store(s). The laptop has just gone through a successful authentication and swit...
Hello fellow IT peeps!I have been doing some testing with deploying 8.0.1 on to some clients that have 7.5.1 and I'm getting mixed results. I created a new policy to update the client and added 6 PCs to a new group that has the policy assigned to i...
Resolved! Spero and ETHOS
Hello, I am just getting familiar with Secure Endpoint and would like to know more about Spero and Ethos engine. I could not find DETAILED information about how these engines work and what they do. Would be grateful if someone provides documentation....
Good day all! We've come across a few incidents where we would initiate a scan(full or flash) on a machine from the console and the events of the scan starting and finishing would show up over an hour after those events actually happened. Is this com...
Any way to disable this? We would prefer it if end users couldn't kill this on their own...
HI, i have a problem to implement MACSEC on switch 9300, The session MKA is not createdthe design is:SWITCH(MACSEC) - SWITCH(NO-MACSEC) - SWITCH(MACSEC)this is the configuration on interfaces:#interface GigabitEthernet1/0/1no switchportip address 1.1...
Hi all, I've not been able to find an answer for this, so hopefully someone can help me.I've installed Cisco Amp endpoint security on a Golden Image server, and part of the image preparation requires me to stop the Cisco Amp processes and services. U...
Hi, I have to install Secure endpointt on an old server (that is going to be replaced soon), not supported by version 8.0.1 Is there any possibilities to get a 7.5.5 somewhere? Thanks for any help.
Hi.We have computers with Cisco AMP installed.And in the AMP console we get flodded with this kind of messages: The System Process Protection engine prevented unexpected access to winlogon.exe by RunLiveUpd.exe. Seems to be connected to the 3/4G mod...
I am experiencing some issues where machine names are changing, and I am getting incorrect reporting. I found Cisco Article updated June 28, 2022 Titled : Cisco Secure Endpoint Guide to Identity Persistence Updated: June 28, 2022, Document ID:21755...
We are pushing the 8.0.1 connector and 13 machines are stuck in an Update loop.What I mean is the push started and several machines keep showing this in the event log.started a product updateUpdate Startedalso the push is to 8.0.1 but the connector s...
On our Windows 2016 Servers, Cisco AMP for Endpoints gradually takes more and more memory until the server crashes with memory exhaustion errors. I looked at the memory usage on one of the servers just before it crashed and sfc.exe (Cisco AMP for En...
What is the proper method of applying a custom exception to just a group of computers within a policy?is there a way to do this without having to clone a policy? that seems to defeat having groups.
