Endpoint Security

I run an open source project, and I recently had a user contact me to let me know that Cisco Security Endpoint is detecting the JS:Trojan.Cryxos.8744 trojan on my website. I've scoured the site/server with numerous CLI virus and malware scanners, as ...

A while back in version 6.2.5 Secure Endpoint there was a issue with BSOD caused by immunetprotect.sysA client needed server patching done a few days ago 14/1/22 and didnt have any AV present on the server. Tech who was performing patching installed ...

Any tools to fully remove Cisco AMP? The agent is unable to connect to the console and the password doesn't appear to work. Attempting to remove from Programs and Features crashes the uninstall process.  Attempted using: FireAMPSetup_v####.exe /R /S ...

Just about every service start command is being flagged as an IOC right now. I've gotten around 30 or 40 alerts in the last hour for normal service starting behavior, some examples: C:\Windows\system32\svchost.exe -k localService -p -s RemoteRegistry...

Hey all,  are you seeing an FP on svchost.exe?  Mostly Cloud.IOCs... Ken

Hi Cisco Community,I'm currently unable to delete connectors from the console (old, inactive, etc.). The console states the connectors have been deleted, however they are not. I have double checked my permissions to verify I'm still an admin, but I'm...

Hi all, A user is reporting that every time they try to work on a specific CSV file Secure Endpoint is shutting excel down. In the device trajectory i am getting the below info:An attack was prevented in Script Control:wbemdisp.dll at base address 0x...

Anyone seeing Flash Scans kicked off by Cisco AMP killing legit processes, like chrome.exe, excel.exe lsass.exe, spoolsv.exe, etc? Showing up in Events as an Exploit Prevented? This has only crept up for us today, and is maybe related to the 7.0.5.11...

Hello,How may I initiate a scan on multiple endpoints at once?They are are dispersed and not on one specific network.

Event Type: Cloud IOCFile: powershell.exeFile path: C:/Windows/system32/WindowsPowerShell/v1.0/powershell.exeI get this alert for all CyberArk EPM Clients where the CyberArk EndPoint Management (EPM) Agent uses PowerShell scripts to implement CyberAr...

We have a few Windows PCs from a previous customer that still have AMP/Secure Endpoint installed and continue to check in to the console.  We no longer have access to these devices.  We have tried to delete, but they keep coming back in to the consol...

Hi,Has any of you been able to install AMP for Endpoint on Fedora 35? Does anyone know of anything in the roadmap for AMP on Fedora ? Regards,VamsI Krishna

Hello,How can we push update for connectors for Macs?I have policies for both Windows and Macs aligned to the same settings, however, only Windows seem to be pulling the product updates automatically.