Endpoint Security

Offset full scans

Is there anyway to offset full scans without building out multiple policies?My one policy "Servers" runs a full scan at 9am, about 60 servers. This kills my ESX hosts. They are normally sitting around 15-20% CPU usage but during the scans they are pe...

AMP - SECURE ENDPOINT - CONNECTOR RESOURCES CONSUMPTION IN ENDPOINTS

Hellowe have an AMP private cloud deployment with 6.x connectors and are migrating to secure endpoit cloud. Is there any disk or memory usage value to say that is a normal behaviour? or reaching any particular value for the "secure endpoint" process ...

AMP Endpoint security for ARM-based architecture

Hi, What is the current status of securing ARM-based systems with AMP Endpoint security? I've seen some old threads were it was asked and requested as new feature. But I don't find any official statement (or ideally, roadmap) on this topic. Regards...

AMP+kubernetes/rancher memory problem

Hi!We have 2 on-prem cloud infrastructures running kubernetes/rancher at the moment for dev and test, but the prod is coming along fast and we ran into the following problem:the infrastructures consists of the following nodes:1 "control" node3 "maste...

Resolved! Cisco AMP doesn't recognize new hostname

Hello everyone, I installed Cisco AMP in one of my servers and later on changed the hostname for that server. However, in Cisco AMP dashboard I am still seeing the old hostname. Does it take days to update this data, or do I need to do something manu...

Resolved! DFC not blocking connections to IP addresses in custom IP Block List

I have created a policy for windows machines in which I have enabled DFC and configured the setting to 'Block'. I then configured a custom IP block list and entered a list of some IP addresses, and associated this block list to the above policy. When...

JS.Heur.Phishing.3.7AB62CB8.Gen

Hello, Does anybody know what is JS.Heur.Phishing.3.7AB62CB8.Gen Secure endpoint detections? Tried looking here https://talosintelligence.com/secure-endpoint-namingdidn't find anything.

Resolved! Alerts - Can I get some?

We have had AMP for about 6 months now and we don't get alerts for anything important.For "Announcement Preferences" I am subscribed to everything.- Critical Issues- Product Updates- Important Issues- InformationEvery now and then I get an email that...

AMP Endpoint - Outlook - Adobe Subscription verification

Hi all, We are having an issue with verifying the subscription status of Adobe Acrobat when opening PDFs in protected mode from Outlook, with AMP disabled it works. Opening PDF documents from explorer och any other application with AMP enabled works ...

Secure Endpoint Detecting Trojan on My Open Source Project Website

I run an open source project, and I recently had a user contact me to let me know that Cisco Security Endpoint is detecting the JS:Trojan.Cryxos.8744 trojan on my website. I've scoured the site/server with numerous CLI virus and malware scanners, as ...

Cisco Amp (Secure Endpoint) Borked le server

A while back in version 6.2.5 Secure Endpoint there was a issue with BSOD caused by immunetprotect.sysA client needed server patching done a few days ago 14/1/22 and didnt have any AV present on the server. Tech who was performing patching installed ...

Cisco AMP Removal Tool for a corrupt install

Any tools to fully remove Cisco AMP? The agent is unable to connect to the console and the password doesn't appear to work. Attempting to remove from Programs and Features crashes the uninstall process. Attempted using: FireAMPSetup_v####.exe /R /S ...

Endpoint connector 7.5.3.20938 flagging every service start as IOC

Just about every service start command is being flagged as an IOC right now. I've gotten around 30 or 40 alerts in the last hour for normal service starting behavior, some examples: C:\Windows\system32\svchost.exe -k localService -p -s RemoteRegistry...

fp on svchost.exe on Windows 2019 servers?

Hey all, are you seeing an FP on svchost.exe? Mostly Cloud.IOCs... Ken

AMP for Endpoints - Can't Delete Connectors from Console

Hi Cisco Community,I'm currently unable to delete connectors from the console (old, inactive, etc.). The console states the connectors have been deleted, however they are not. I have double checked my permissions to verify I'm still an admin, but I'm...

Endpoint Security

Forum Posts

Offset full scans

AMP - SECURE ENDPOINT - CONNECTOR RESOURCES CONSUMPTION IN ENDPOINTS

AMP Endpoint security for ARM-based architecture

AMP+kubernetes/rancher memory problem

Resolved! Cisco AMP doesn't recognize new hostname

Resolved! DFC not blocking connections to IP addresses in custom IP Block List

JS.Heur.Phishing.3.7AB62CB8.Gen

Resolved! Alerts - Can I get some?

AMP Endpoint - Outlook - Adobe Subscription verification

Secure Endpoint Detecting Trojan on My Open Source Project Website

Cisco Amp (Secure Endpoint) Borked le server

Cisco AMP Removal Tool for a corrupt install

Endpoint connector 7.5.3.20938 flagging every service start as IOC

fp on svchost.exe on Windows 2019 servers?

AMP for Endpoints - Can't Delete Connectors from Console

Can I find my Cisco Contract number in my CSE or Webex account?

MDM IPAD NOT REGISTERED on cisco ISE

Cisco Secure Access Policy for Mobile Devices

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Umbrella Secure Client (Anyconnect Umbrella only) and Citrix

FMC Rule to allow HTTPS connectivity to FQDNS

False positive?

What is the login URL for Cisco CSE?

CSCwn30806 - KUTOOLS get blocked

Are there any apis to generate events?