AMP sometimes sends massive alerts about exploit prevention. Mostly its from IEXPLORE.exe, Acrord32.exe, RdrCEP.exe, EwUpdater.exe. Why is this happening? they are all safe apps. Is there anyway to stop this alerts? besides disabling the option?
Forum Posts
Does AMP Detect Port Scanning ? if yes any orbital query or Event id or Detection name to check ?
Hello Cisco Community, We've recently deployed ISE 2.7 and after joining each device the status was green. No over time I'm seeing a large amount of the status column being greyed out, what's happening here? The devices are still connected and the...
Is there any requirement that the order of authentication when using ISE is 802.1x and failover to MAB, instead of trying MAB first, and then 802.1x? If the 802.1x is tried first, there is a timeout before MAB is tried and some clients are too impati...
Hi, i was used to access Sonicwall CDP device (Model: CDP 6080) console through any web browser. I am getting this Flash Player error (attached screenshot) after the successful login. And; not loading the console window after the login which normally...
A customer has performed a security test/search in their network infrastructure, and the Room Kit unit was listed as a "SNMP vulnerability" in relation to MS02-006. Anyone know what this actually means, and if this is an issue that need to be resolve...
Hello, I would like to ask some questions about the operation of AMP 1. When upgrading an agent, the reboot after needs to be done with privileged account?2. Is there a site that hosts IOC xml files?3. Is there a way for AMP to automatically upload ...
I'm seeing constant "component dowload failure" events in the console. For each affected machine, it happens every 2 hours.It looks like its Tetra engine updates? but these machines are in a policy that doesn't have Tetra enabled.Machines with Tetra...
Hi All, Would you please let me know I can retrieve a file quarantined by Cisco AMP for further analysis Thank you. Max
I have a hash for a file. I have blacklisted it under Application Blocking. I have it set to quarantine under Simple Detection. So why is it that my users can download it and execute it? It is marked malicious by AMP. VirusTotal has a ratio of 34/67 ...
I have created a new group & policy in AMP and moved the existing machine from a different group/policy to the newly created group. Note - Newly created policy is assigned to the group. However new policy is not getting reflected for the machine. Als...
Resolved! RHEL 7.6 AMP Connector Exclusion Policy
Hi Guys I'm having an issue where our Server running Redhat 7.6 is hanging due to high cpu and memory usage. the system becomes unresponsive for about an hour - then sometimes goes back to normal or we need to reset it. I've managed to capture th...
Hi All Anyone else see a spike in Retrospective Detections over the weekend? Specifically .in12.talos detections. All seemed to link to .js files from programs like grammarly, Adobe etc. All unable to quarantine. Noticed a similar post last year so w...
Hi, I see a small difference in the results from the API and what is shown in the AMP4E Events dashboard. I made an API request and found that the event type "System Process Protection" does not show the field named "Reason" while the dashboard does....
Resolved! IPS resources on Firepower
Hi,If there are 2 instances for 2 customers on 4100 series firewall. Is it possible to assign specific resources to a specific customer also for IPS?can anyone provide any cisco documentation ? Mateen
