Endpoint Security

Anyone seeing Flash Scans kicked off by Cisco AMP killing legit processes, like chrome.exe, excel.exe lsass.exe, spoolsv.exe, etc? Showing up in Events as an Exploit Prevented? This has only crept up for us today, and is maybe related to the 7.0.5.11...

Scan multiple endpoints at once

Hello,How may I initiate a scan on multiple endpoints at once?They are are dispersed and not on one specific network.

Indication of Compromise Alerts Flooding my Outlook Inbox

Event Type: Cloud IOCFile: powershell.exeFile path: C:/Windows/system32/WindowsPowerShell/v1.0/powershell.exeI get this alert for all CyberArk EPM Clients where the CyberArk EndPoint Management (EPM) Agent uses PowerShell scripts to implement CyberAr...

Resolved! Allowed Application Still Being Quarantined

One of our users is using a file encryption service on his Windows computer which was initially flagged as ransomware. I added the application to our Allowed Applications list but it is still getting flagged, and seems to be alternating between succe...

Delete an Endpoint for a PC that is no longer Managed

We have a few Windows PCs from a previous customer that still have AMP/Secure Endpoint installed and continue to check in to the console. We no longer have access to these devices. We have tried to delete, but they keep coming back in to the consol...

AMP for Endpoint (Fedora 35)

Hi,Has any of you been able to install AMP for Endpoint on Fedora 35? Does anyone know of anything in the roadmap for AMP on Fedora ? Regards,VamsI Krishna

Resolved! Pulling Allowed Applications from Application Control via API

I see that there is a documented method of pulling the Application Control blocklist (GET /v1/file_lists/application_blocking), however I cannot find the equivalent for the allowlist. Is this supported and I am not seeing the documentation or is ther...

Connectors for Mac

Hello,How can we push update for connectors for Macs?I have policies for both Windows and Macs aligned to the same settings, however, only Windows seem to be pulling the product updates automatically.

Resolved! Anyconnect Popup when loss of network connection

Hi, With the Anyconnect client (mine is 4.9) on windows 10 laptop, when you lose the network, wifi for example, there is no network loss notification. Is it possible to bring up a popup to indicate this loss of network and how can I do ? thanks, Gill...

Force Clients to update AMP connector and definitions

Hi, I am trying to update the Cisco AMP connector on our clients. Is there anyway I can force the updates from the AMP console, as even when I schedule the updates, some of the hosts are not updating the clients. Is there also a method to update the...

AMP for Endpoints (windows) vs Kaspersky Endpoint Security 11 update

We're starting the deployment of AMP4E on the Windows 10 workstations, so far so good until a helpdesk tech tried to push a Kasperky update on a PC with AMP. It failed with: Kaspersky Endpoint Security 11 for Windows (Strong encryption) (11.1.1.126):...

Secure Endpoints werfault.exe medtronics

Greetings, Seeing odd behavior where an application runs fine when AMP is disabled but errors when AMP is turned on. Folders/file/etc. have been whitelisted and AMP dashboard shows no indication it's blocking or otherwise considers the file bad. Tr...

Resolved! Best policies for Endpoint Security on Domain Controllers

Hi, I am new to Cisco Endpoint security and I would like to set up the best policy settings on my DC's, i currently have the below set up but i believe these are out of the box settings, should so many protection features be set to 'Audit'? Any help ...

Resolved! Update name of connector

Hello,Is it possible to update or edit the endpoint's name on the console?I would like to append the name with the user's name, quick identification.

Scan Cisco Endpoint Protection for specific IoCs?

Is there a simple way to search my org with Cisco Endpoint for a specific IoC?I can find details on a specific IoC when I search the upper corner, but it doesn't tell me if its ever showed up on my network.Point me in the right direction if you can. ...

Endpoint Security

Forum Posts