Endpoint Security

Do Cisco ISE create a message log when a policy is disabled?

Hi All,I checked Cisco ISE and noticed that one of our Posture Policy is disabled. Can I check the logs of the ISE to check when the Policy was disabled? I tried looking online but was unable to get a concrete answer. If possible, can you also provid...

nV Satellite Dual Homed

Is there a command to know the date and time to when a nV satellite becomes an active or standby state in a particular host?

Pause or stop protection

We are currently in progress of testing Cisco Endpoint for a migration from another service. Our previous endpoint protection gave us the ability to pause or disable protection from the system trey. Does CSE have this functionally?

How to initiate mass scans from AMP

I'm looking for a way to initiate scans on many computers at the same time without using the scheduler. How can I do this from the AMP console?

Whitelist file that has a dynamic SHA name

Hello, We have a .lnk file being pushed out by GPO that AMP has been blocking. AMP has been flagging it as Heur.BZC.ONG.Boxter.331.47822C71 and quarantining it.I have been whitelisting it but noticed that in AMP the .lnk file has a different SHA name...

Moving bulk endpoint from 1policy to another in Cisco Secure Endpoint

Hi I am trying to move large number of endpoints from a audit policy that I have setup to a protect policy that I have created. I want to be able to write a python script and use Cisco Secure X orchestration to automate the function. Can anyone advis...

Is cisco AMP support integration with SIEM?

Is Cisco security support integration with any SIEM solution, if yes please update me with more details

Resolved! Dynamic address inspection

Hi everyone I'm trying to understand the "DAI" dynamic address inspection. The first functions of the DAI I understood those that make a check with the help of the dhcp spooning. Right after she says: """"DAI can be configured to check for both desti...

Microsoft MSHTML RCE - CVE-2021-40444 : how Cisco replies?

In a new advisory (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444), Microsoft mentions (normal, their product) that Microsoft Defender... provide detection and protections for the known vulnerability. Also... alerts will be disp...

Resolved! W32.MAP.Ransomware.rwd.

Sha 256 e5dccb33478bf13629d0a3f0ba7daceb56d7792e0132886ed129334ec6bb2a33 detected by MAP and convicted as W32.MAP.Ransomware.rwd. Found this post https://quickview.cloudapps.cisco.com/quickview/bug/CSCvq59864, my Connector version is 7.4.1.20439. N...

streetsidesoftware.code-spell-checker-2.0.4 - Marked as Malicious

Detection W32.7C9F454E6E-95.SBX.TGFingerprint (SHA-256) 7c9f454e6e3efb67fef761dc40446e854056c9bcd753c505bda539f531e2147eFile Name streetsidesoftware.code-spell-checker-2.0.4File Size 2 MBParent Filena...

Resolved! How Cisco AMP4E Application whitelisting works !!

AMP4E gurus, App whitelisting allows only pre-approved and specified programs to run. Any other program not whitelisted is blocked by default.Is this doable in AMP4E?Or it would scan new apps and allow if clean ?!

Resolved! notification_helper.exe marked as W32.1DC5CC50C1.MPOKE.RET.SBX.TG

Looks like we have have another FP... Reported to Talos, and opened a TAC case... we'll see who clears it up first... Detection: W32.1DC5CC50C1.MPOKE.RET.SBX.TGFile: notification_helper.exeFile path: \\?\C:\Program Files (x86)\Google\Chrome\Temp\sou...

streetsidesoftware.code-spell-checker-2.0.2 - Marked as Malicious

Hello Cisco team. the following file has been marked as malicious. Am yet to open a TAC case. We believe that it may be a false positive. The most recent commit was pushed to Github at 01/09/2021, 23:32:19 https://marketplace.visualstudio.com/items?i...

port security with 802.1x MAB authentication

Hello AllI need to allow a group of the same mac adresses to access to more than 1 zoneis it possible to use 802.1x for that? Thanks a lot

Endpoint Security

Forum Posts

Do Cisco ISE create a message log when a policy is disabled?

nV Satellite Dual Homed

Pause or stop protection

How to initiate mass scans from AMP

Whitelist file that has a dynamic SHA name

Moving bulk endpoint from 1policy to another in Cisco Secure Endpoint

Is cisco AMP support integration with SIEM?

Resolved! Dynamic address inspection

Microsoft MSHTML RCE - CVE-2021-40444 : how Cisco replies?

Resolved! W32.MAP.Ransomware.rwd.

streetsidesoftware.code-spell-checker-2.0.4 - Marked as Malicious

Resolved! How Cisco AMP4E Application whitelisting works !!

Resolved! notification_helper.exe marked as W32.1DC5CC50C1.MPOKE.RET.SBX.TG

streetsidesoftware.code-spell-checker-2.0.2 - Marked as Malicious

port security with 802.1x MAB authentication

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

Clam AV signature set CVD being actively maintained by TALOS?

ISE - 2.7 - Endpoint logs

Upgrade new cisco secure client agent from ISE web portal

Cisco Secure Client Network module (NAM) v5.1.1.42

Extension of Cisco ISE 3.X Evaluation License

Sockets

need to block exe file

Legacy/previous versions of Duo Authentication Proxy Server

False positive? GT:JS.Hyena.3 detections

Cisco Secure Client Module not installing Windows Server 2022