Endpoint Security

AMP - SECURE ENDPOINT - CONNECTOR RESOURCES CONSUMPTION IN ENDPOINTS

Hellowe have an AMP private cloud deployment with 6.x connectors and are migrating to secure endpoit cloud. Is there any disk or memory usage value to say that is a normal behaviour? or reaching any particular value for the "secure endpoint" process ...

AMP Endpoint security for ARM-based architecture

Hi, What is the current status of securing ARM-based systems with AMP Endpoint security? I've seen some old threads were it was asked and requested as new feature. But I don't find any official statement (or ideally, roadmap) on this topic. Regards...

AMP+kubernetes/rancher memory problem

Hi!We have 2 on-prem cloud infrastructures running kubernetes/rancher at the moment for dev and test, but the prod is coming along fast and we ran into the following problem:the infrastructures consists of the following nodes:1 "control" node3 "maste...

Resolved! Cisco AMP doesn't recognize new hostname

Hello everyone, I installed Cisco AMP in one of my servers and later on changed the hostname for that server. However, in Cisco AMP dashboard I am still seeing the old hostname. Does it take days to update this data, or do I need to do something manu...

Resolved! DFC not blocking connections to IP addresses in custom IP Block List

I have created a policy for windows machines in which I have enabled DFC and configured the setting to 'Block'. I then configured a custom IP block list and entered a list of some IP addresses, and associated this block list to the above policy. When...

JS.Heur.Phishing.3.7AB62CB8.Gen

Hello, Does anybody know what is JS.Heur.Phishing.3.7AB62CB8.Gen Secure endpoint detections? Tried looking here https://talosintelligence.com/secure-endpoint-namingdidn't find anything.

Resolved! Alerts - Can I get some?

We have had AMP for about 6 months now and we don't get alerts for anything important.For "Announcement Preferences" I am subscribed to everything.- Critical Issues- Product Updates- Important Issues- InformationEvery now and then I get an email that...

AMP Endpoint - Outlook - Adobe Subscription verification

Hi all, We are having an issue with verifying the subscription status of Adobe Acrobat when opening PDFs in protected mode from Outlook, with AMP disabled it works. Opening PDF documents from explorer och any other application with AMP enabled works ...

Secure Endpoint Detecting Trojan on My Open Source Project Website

I run an open source project, and I recently had a user contact me to let me know that Cisco Security Endpoint is detecting the JS:Trojan.Cryxos.8744 trojan on my website. I've scoured the site/server with numerous CLI virus and malware scanners, as ...

Cisco Amp (Secure Endpoint) Borked le server

A while back in version 6.2.5 Secure Endpoint there was a issue with BSOD caused by immunetprotect.sysA client needed server patching done a few days ago 14/1/22 and didnt have any AV present on the server. Tech who was performing patching installed ...

Cisco AMP Removal Tool for a corrupt install

Any tools to fully remove Cisco AMP? The agent is unable to connect to the console and the password doesn't appear to work. Attempting to remove from Programs and Features crashes the uninstall process. Attempted using: FireAMPSetup_v####.exe /R /S ...

Endpoint connector 7.5.3.20938 flagging every service start as IOC

Just about every service start command is being flagged as an IOC right now. I've gotten around 30 or 40 alerts in the last hour for normal service starting behavior, some examples: C:\Windows\system32\svchost.exe -k localService -p -s RemoteRegistry...

fp on svchost.exe on Windows 2019 servers?

Hey all, are you seeing an FP on svchost.exe? Mostly Cloud.IOCs... Ken

AMP for Endpoints - Can't Delete Connectors from Console

Hi Cisco Community,I'm currently unable to delete connectors from the console (old, inactive, etc.). The console states the connectors have been deleted, however they are not. I have double checked my permissions to verify I'm still an admin, but I'm...

Secure Endpoint Closing Excel

Hi all, A user is reporting that every time they try to work on a specific CSV file Secure Endpoint is shutting excel down. In the device trajectory i am getting the below info:An attack was prevented in Script Control:wbemdisp.dll at base address 0x...

Endpoint Security

Forum Posts

AMP - SECURE ENDPOINT - CONNECTOR RESOURCES CONSUMPTION IN ENDPOINTS

AMP Endpoint security for ARM-based architecture

AMP+kubernetes/rancher memory problem

Resolved! Cisco AMP doesn't recognize new hostname

Resolved! DFC not blocking connections to IP addresses in custom IP Block List

JS.Heur.Phishing.3.7AB62CB8.Gen

Resolved! Alerts - Can I get some?

AMP Endpoint - Outlook - Adobe Subscription verification

Secure Endpoint Detecting Trojan on My Open Source Project Website

Cisco Amp (Secure Endpoint) Borked le server

Cisco AMP Removal Tool for a corrupt install

Endpoint connector 7.5.3.20938 flagging every service start as IOC

fp on svchost.exe on Windows 2019 servers?

AMP for Endpoints - Can't Delete Connectors from Console

Secure Endpoint Closing Excel

Code Integrity determined that a process (\Device\HarddiskVolume3\Wind

Feature Request: Safe Mode Reboot Protection in Cisco Secure Endpoint

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Orbital Execute Powershell Cmdlet for installed modules from PSGallery

error:x509 certificate signed by unknown authority - Cisco Orbital AMP

Cisco FMC Scheduled Backup Error "Error creating tar archive"

Better Understanding

Anyone experiencing blue screens with Cisco Secure Endpoint 8.4.4?

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods