AMP - False Positive
So I have a user using excel with a macro/script and AMP keeps flagging VBA.ObfDldr.1.Gen How can I whitelist this file so it's not alerting 100x a day. The hash changes when they use the file.
Forum Posts
Same Email Address for Multiple Deployments
Hello there, I am attempting to add a new user to one of our customer deployments lets call them "person@company.com", but it keeps telling me that email address is already in use. I know for a fact that this email is not in use on this deploym...
Resolved! AMP for Endpoint detect malware intrusion event
Hi Sir: Could you help me to confirm AMP4Endpoit detect the event of below scenario ?When client click the malicious website and download the malware. The malware will try to compromise the other computers at the same subnet. What kind of event tha...
AMP Endpoint IOC scan matched 24 of 171 IOCs
Hi Community, I have loaded the IOC packet from the FireJumper and run a scan against my computer. The result is 24 matches of 171 IOCs. Now I want to understand why there are 24 matches and why these IOCs were found. Here a small excerpt of the fo...
Cisco AMP for Endpoints & IE ActiveX addon
Hey all, Calling all AMP experts - Looking for some help with an issue that has been driving me bananas. My client has a website in which they open with IE and it loads an activeX addon (which is installed on the computer and has a C++ component to...
Resolved! AMP - AV Update message
Hello, I have a silly question, on dashboard of AMP for Endpoints > Management > Computers, it says that a number specific of computers need AV Update, but what´s the minning of this?? Something with connector or identifies that need a third party A...
Uninstall Issue
Anybody ever have issues uninstalling AMP? I have a handful of computers still with v6.2.5 on them that I have been trying to upgrade to 6.2.9, but the upgrade fails because the 6.2.5 service can't be stopped. Even after a reboot, the service just ca...
Resolved! AMP Private Cloud Download
I've been scratching my head trying to locate the download .ova for AMP private cloud. I would like follow the guide Installation and Configuration of FireAMP Private Cloud but it references the OVF that I can't find in the Cisco downloads anywhere. ...
AMP -
Hello, evaluating AMP for Endpoints first configuring policy to Audit, and after that first scan I change computers to group of Protect, check image attached, and my question is, how to apply the actions?? There are files detected that I delete it a...
Category=CnC Connected, Event Type=Intrusion Event - malware-cnc
Hello, On one of my host I see 3 threats 1. Category=CnC Connected, Event Type=Intrusion Event - malware-cnc and Description= The host may be under remote control. 2. Category=Impact 2 Attack, Event Type= Impact 2 Intrusion Event - attempted-admin an...
False-positive of lum-sdk
Hello, ClamAV a project of Talos by Cisco falsely detected several files of Luminati SDK as a virus, type: Win.Packed.Icloader Yesterday I have submitted the files at https://www.clamav.net/reports/fp and didn't got confirmation email or link to fol...
AMP: Archiving Events
Hello, We need to archive some events so they're not lost forever after 30 days. I believe Splunk can integrate with the AMP API and can do this but alas we do not have Splunk or any other decent SIEM for that matter. Any bright ideas on how we could...
Resolved! AMP - Computers existing named as Demo_xxxx
Hello, I have a silly question but want to be sure before doing something, on a new deployment of AMP for Endpoints, there are already listed computers named as Demo_Dridex, Demo_Dyre, etc. but it generates information that is complicated on my dashb...
A4E showing exploit prevention warning on lsass.exe
I keep getting this alert from AMP for Endpoints several times per day for the same endpoint. I can't really find the source of it. Device Trajectory is just showing me that a file associated with it is called c:\windows\system32\eac_usermode_19230...
Threat grid update failure
I am having a issue to update threat grid in lab , it shows the following error when doing update. ssh: connect to host appliance-updates.threatgrid.com port 22: No route to host Failure during transfer Dirty interface is able to ping internet a...
