Endpoint Security

Resolved! All computers showing unsupported

I inherited Cisco AMP after a couple of our team members left. It had not been monitored for quite some time and the computers were on connector 6.0.5 and 6.0.9 as well as Symantec Cloud. We are a hosting and professional services provider and we hav...

Resolved! Cisco AMP4E blocking explorer.exe

Hello.Cisco AMP4E blocking explorer.exe (windows explorer. exe) and we get black screen. How to know why it's happened ? Why AMP4E can't get a handle on the process's executableOn Event details we get this information. ( Now i use in audit mode ...

How should I install a endpoint IOC without entering an account and password?

Hi I want to install endpoint IOCs and scan all the computers in my company but I found only one way to meet myneeds. The method needs to enter the account and password to install a schedule scan.Does anyone knows another way to run a endpoint IOC wi...

API Server Private Cloud 3.1.2

Hello,After upgrading to Private Cloud 3.1.2 API Server became unavailable. datateam-api's log saysERROR com.cisco.amp.data.api.APIServer - Failed to start API server.com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for...

Can we fetch vulnerability details with Cisco AMP using Orbital.

Can we fetch vulnerability details with Cisco AMP using Orbital feature. If so can someone please let me know if there is any inbuilt query or we have to create customize queries for fetching this information for all applicable endpoints. If there is...

AMP4E Exclusions and Scheduled scans

In traditional AV you would add an exclusion so that it would not be checked, however you would still have this exclusion scanned on a scheduled scan Does this apply to AMP4E or will the exclusion be ignored during the full scan too

cisco AMP for endpoint : isolation supports

When installing version 7.1.5 of the AMP agent to test isolation in the documentation, it appears that it is only supported for computers with x64 bits. Could you inform me if cisco is thinking of developing it in next versions support for 32 bit equ...

How can i configure my own customized AMP report and send to my group email box.

I am trying to configure one weekly summary report of AMP for Endpoints , where i did not have option to send that report to distribution email address. ( example SecurityIT@domain.com) , where i see that i can receive on my own email address( xyzna...

Scripting SSH connection

Hi,I'm trying to set up a script whereby I can access one of our switches using SSH. I'm currently trying this from the CLI of my PC but getting the following:C:\Users\<user>>ssh <switch> -l <username> -oHostKeyAlgorithms=+ssh-dss,ssh-rsa -oKexAlgor...

if we block the file that was blocked , if it harmful is there any way to remove from triggered machines even it is blocked

Hi Team, we are blocked file where we considered as malicious, that file resides in machine is there any way to pull out via cisco console itself. or any script can used to delete from those machines? Regards,Pruthvi

Resolved! AMP IOC severity list

Hi guys, before I enable automated isolation for Critical IOC's - is there a list of IOC's and their severity anywhere I can look at?

AMP4E Private Cloud accounts

Hello,What DB are local accounts are located in? What algorithm are passwords encrypted by?

What action should we take next when a user/machine has been Isolated?

We have the policy to automatically isolate machines.So what is the next best practice action to take before stopping the machine from Isolation?

Cisco AMP Update Policy

Hi guys, Do any of you know of a way to set the update policy to always follow the latest version? This would be very handy for groups of product testers, IT engineers and other select groups whom test the latest built before it gets generally rolled...

Reset connector's policy settings due to lost connection to Private Cloud Server

Hello,If AMP connector loses connection to Private Cloud Server it will not get new policy settings. But after Cache TTL time it resets old policy settings at all and doesn't quarantine files from Simple Custom Detection anymore. I'm wondering why ol...

Endpoint Security

Forum Posts

Resolved! All computers showing unsupported

Resolved! Cisco AMP4E blocking explorer.exe

How should I install a endpoint IOC without entering an account and password?

API Server Private Cloud 3.1.2

Can we fetch vulnerability details with Cisco AMP using Orbital.

AMP4E Exclusions and Scheduled scans

cisco AMP for endpoint : isolation supports

How can i configure my own customized AMP report and send to my group email box.

Scripting SSH connection

if we block the file that was blocked , if it harmful is there any way to remove from triggered machines even it is blocked

Resolved! AMP IOC severity list

AMP4E Private Cloud accounts

What action should we take next when a user/machine has been Isolated?

Cisco AMP Update Policy

Reset connector's policy settings due to lost connection to Private Cloud Server

Congratulations to all the winners of the April 2023 Spotlight Award!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

Secure Endpoint Scan with Detections / Detections summary??

Stealthwatch stuck on Config Changes Pending

Secure Endpoint in Windows Safe Mode

ASA 2110 Firepower error: failed to split certificate

Microsoft MDE vs Cisco Umbrella

AMP integration with Secure X

Cisco Secure Endpoint - How to export computer usernames

Secure Endpoint flagged Newtonsoft.Json.dll as malicious

AMSI Deleted for Windows Defender/Security

Email Weekly Reports - Cisco AMP (Secure Endpoint)