Endpoint Security

Endpoints not updating policy

Yesterday I created 3 new policies and groups. I moved the endpoints to the groups associated with the policies however the endpoints are not showing up under the new policies but they do show up under the group.The endpoints show policy is up to dat...

Resolved! AMP Exclusion and Application Whitelisting

Hello AMP Team, Trying to understand the difference between AMP Exclusion and Application Whitelist. When we would add an application/path or other

FP alert - The registry was updated to add a debugger to the key

Could you help me with issue we are facing? We use PatchMyPC-ScriptRunner.exe tool for automatic software deployment/checks and this tool is creating a records in the registry similar to: \MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image Fi...

Offset full scans

Is there anyway to offset full scans without building out multiple policies?My one policy "Servers" runs a full scan at 9am, about 60 servers. This kills my ESX hosts. They are normally sitting around 15-20% CPU usage but during the scans they are pe...

AMP - SECURE ENDPOINT - CONNECTOR RESOURCES CONSUMPTION IN ENDPOINTS

Hellowe have an AMP private cloud deployment with 6.x connectors and are migrating to secure endpoit cloud. Is there any disk or memory usage value to say that is a normal behaviour? or reaching any particular value for the "secure endpoint" process ...

AMP Endpoint security for ARM-based architecture

Hi, What is the current status of securing ARM-based systems with AMP Endpoint security? I've seen some old threads were it was asked and requested as new feature. But I don't find any official statement (or ideally, roadmap) on this topic. Regards...

AMP+kubernetes/rancher memory problem

Hi!We have 2 on-prem cloud infrastructures running kubernetes/rancher at the moment for dev and test, but the prod is coming along fast and we ran into the following problem:the infrastructures consists of the following nodes:1 "control" node3 "maste...

Resolved! Cisco AMP doesn't recognize new hostname

Hello everyone, I installed Cisco AMP in one of my servers and later on changed the hostname for that server. However, in Cisco AMP dashboard I am still seeing the old hostname. Does it take days to update this data, or do I need to do something manu...

Resolved! DFC not blocking connections to IP addresses in custom IP Block List

I have created a policy for windows machines in which I have enabled DFC and configured the setting to 'Block'. I then configured a custom IP block list and entered a list of some IP addresses, and associated this block list to the above policy. When...

JS.Heur.Phishing.3.7AB62CB8.Gen

Hello, Does anybody know what is JS.Heur.Phishing.3.7AB62CB8.Gen Secure endpoint detections? Tried looking here https://talosintelligence.com/secure-endpoint-namingdidn't find anything.

Resolved! Alerts - Can I get some?

We have had AMP for about 6 months now and we don't get alerts for anything important.For "Announcement Preferences" I am subscribed to everything.- Critical Issues- Product Updates- Important Issues- InformationEvery now and then I get an email that...

AMP Endpoint - Outlook - Adobe Subscription verification

Hi all, We are having an issue with verifying the subscription status of Adobe Acrobat when opening PDFs in protected mode from Outlook, with AMP disabled it works. Opening PDF documents from explorer och any other application with AMP enabled works ...

Secure Endpoint Detecting Trojan on My Open Source Project Website

I run an open source project, and I recently had a user contact me to let me know that Cisco Security Endpoint is detecting the JS:Trojan.Cryxos.8744 trojan on my website. I've scoured the site/server with numerous CLI virus and malware scanners, as ...

Cisco Amp (Secure Endpoint) Borked le server

A while back in version 6.2.5 Secure Endpoint there was a issue with BSOD caused by immunetprotect.sysA client needed server patching done a few days ago 14/1/22 and didnt have any AV present on the server. Tech who was performing patching installed ...

Cisco AMP Removal Tool for a corrupt install

Any tools to fully remove Cisco AMP? The agent is unable to connect to the console and the password doesn't appear to work. Attempting to remove from Programs and Features crashes the uninstall process. Attempted using: FireAMPSetup_v####.exe /R /S ...

Endpoint Security

Forum Posts

Endpoints not updating policy

Resolved! AMP Exclusion and Application Whitelisting

FP alert - The registry was updated to add a debugger to the key

Offset full scans

AMP - SECURE ENDPOINT - CONNECTOR RESOURCES CONSUMPTION IN ENDPOINTS

AMP Endpoint security for ARM-based architecture

AMP+kubernetes/rancher memory problem

Resolved! Cisco AMP doesn't recognize new hostname

Resolved! DFC not blocking connections to IP addresses in custom IP Block List

JS.Heur.Phishing.3.7AB62CB8.Gen

Resolved! Alerts - Can I get some?

AMP Endpoint - Outlook - Adobe Subscription verification

Secure Endpoint Detecting Trojan on My Open Source Project Website

Cisco Amp (Secure Endpoint) Borked le server

Cisco AMP Removal Tool for a corrupt install

log entries re [ExecHandler.swift@335] ... "hash found in cache!"

Code Integrity determined that a process (\Device\HarddiskVolume3\Wind

Feature Request: Safe Mode Reboot Protection in Cisco Secure Endpoint

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Orbital Execute Powershell Cmdlet for installed modules from PSGallery

Cisco FMC Scheduled Backup Error "Error creating tar archive"

Better Understanding

Anyone experiencing blue screens with Cisco Secure Endpoint 8.4.4?

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods