Endpoint Security

Local versus group policy powershell exploit prevention control

Can exploit prevention script control distinguish between a user initiated powershell script and one that is externally initiated such as a group policy? I am creating a scheduled task to run on endpoints after group policy has a chance to synchroni...

Identity persistence in CITRIX envirenment

Good day, I'm not able to find a concrete answer for the following question: When configuring a policy for CITRIX servers, is persistence required if Vdisk is being used? Kind regards.

Resolved! How to upgrade Orbital Nodes

How do you upgrade Cisco Orbital nodes? This is in relation to Orbital node versions prior to 1.14.18 going End-of-Life as of August 4, 2021. I cannot find any documentation on Cisco orbital help page on how to upgrade.

Deploying AMP on Citrix Enpoints 💃

Hi, is there any difference for AMP between a normal endpoint like a Laptop and a VM with Citrix Agents streaming Apps or Desktops?ThanksBenjamin

Cisco ISE/SecurityCenter Integration Credentialed Scans

Cisco ISE/SecurityCenter Integration Credentialed ScansHello, We have followed this guide and gotten automated scanning of systems to work:https://community.cisco.com/t5/security-documents/cisco-tc-nac-with-ise-and-tenable-security-center/ta-p/364754...

Exploit prevention - exclusions 💃

Hello guys,Do you know if it is possible to exclude a file from Exploit Prevention engine? I havent found anything like that in the AMP console. If this is not possible, is it on the roadmap?Thanks Marcel

PrintNightmare, SeriousSAM/HiveNightmare, etc... any help from Cisco Secure Endpoint (AMP4E)?

I wonder if there is any support from Cisco Secure Endpoint (AMP4E) to counter, at least in some measure, these 'weeknesses'?How do we know there is some kind of active protection, until Microsoft comes-up with a real correction?Any alternatives (bes...

Resolved! AMP ISOLATION UNLOCK CODE PROCESS

how do i unlock a machine locally using the isolation code?

cisco secure endpoint

What advice would you give me to take into account when implementing the solution?

Mail from AMP

Hello I received this mail Secure Endpoint observed the following compromise matching your subscription named Real Time Incidents.Compromise StateRequires AttentionHostname Group Operating SystemWindows 10 EnterprisePolicy Connector Version7.3.15.201...

Resolved! Anyone else seeing this FP?

Getting a stack of DFC Threat Detected for an ip...205[.]185[.]216[.]42Its a CDN in Texas... Talos says it's bad... but its resolving to things like dl.delivery.mp.microsoft.com, etc.

Resolved! AMP Windows Connector latest release

Hi,I would like to know if the latest release of AMP Windows Connector is 7.4.3 and where I can find the release notes for this version.Regards,Morten

Resolved! Cisco AMP Endpoint

is this Cisco AMP Endpoint agent or agentless, how it work on client can have some more visibility on it

How Cisco AMP Endpoint take action?

Hi All; i want to know how Cisco AMP Endpoint take action when it detect a Malware on the PC Regards;Rober

AMP Virtual Private Cloud

Hi Experts, We have a AMP Virtual Private cloud setup running on a VM with 2 NIC - one for the management and other for the AMP Console. I understand that the management is majorly used for the initial setup and configuring management related tasks...

Endpoint Security

Forum Posts

Local versus group policy powershell exploit prevention control

Identity persistence in CITRIX envirenment

Resolved! How to upgrade Orbital Nodes

Deploying AMP on Citrix Enpoints 💃

Cisco ISE/SecurityCenter Integration Credentialed Scans

Exploit prevention - exclusions 💃

PrintNightmare, SeriousSAM/HiveNightmare, etc... any help from Cisco Secure Endpoint (AMP4E)?

Resolved! AMP ISOLATION UNLOCK CODE PROCESS

cisco secure endpoint

Mail from AMP

Resolved! Anyone else seeing this FP?

Resolved! AMP Windows Connector latest release

Resolved! Cisco AMP Endpoint

How Cisco AMP Endpoint take action?

AMP Virtual Private Cloud

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

Clam AV signature set CVD being actively maintained by TALOS?

ISE - 2.7 - Endpoint logs

Upgrade new cisco secure client agent from ISE web portal

Cisco Secure Client Network module (NAM) v5.1.1.42

Extension of Cisco ISE 3.X Evaluation License

need to block exe file

Legacy/previous versions of Duo Authentication Proxy Server

False positive? GT:JS.Hyena.3 detections

Cisco Secure Client Module not installing Windows Server 2022

Multiple Secure Endpoint Alerts