Endpoint Security

SlowProcessor unable to calculate hash using handle

We're having trouble running Office 365, is there application blocking where files can't be opened, is there any fix or policy enforcement to get it back up and running? Logs: (22455125, +0 ms) Jan 03 14:46:13 [7440]: ERROR: Event::SlowProcessor unab...

Insolate a linux in cisco amp

Good morning! We're currently facing the challenge of isolating our Linux systems (running Ubuntu and Debian) from the Cisco Secure Endpoint console (formerly known as AMP). Despite our efforts, we haven't been able to find a direct method to achieve...

Resolved! Legacy/previous versions of Duo Authentication Proxy Server

Still running 2008R2 DCs believe it or not and they're running DPS v5.7.1. Does anyone know the URL to download legacy versions of DPS?Thanks in advance.

Resolved! False positive? GT:JS.Hyena.3 detections

Last night we started getting GT:JS.Hyena.3.x detections on a number of computers. We are continuing to receive them, over 150 machines so far. Anyone else seeing this?

False-Positive? W32.RetroDetected (Chrome.exe)

We started getting W32.RetroDetected (Chrome.exe) detections on a number of computers. We are continuing to receive them. Anyone else seeing this?

Clam AV signature set CVD being actively maintained by TALOS?

Hello TALOSSince the retirement of Immunet at the beginning of 2024, has maintenance of Clam AV CVD signature files by Cisco TALOS been impacted? Are the Clam AV community signature sets still being actively maintained by Cisco? Thanks in advance

Isolated host generating multiple Expolit Prevention events

We have an end user machine that was placed into isolation after a high severity Cloud IOC Event (Cloud IOC: W32.PowershellIEXReplace.ioc) and a low severity Cloud IOC Event (Cloud IOC: W32.PowershellObfuscationAttempt.ioc) was detected. Powershell ...

Resolved! Multiple Secure Endpoint Alerts

Hi, in the last few hours our Secure Endpoint has alerted to hundreds of events associated with "Gen:Variant.Jatommy.3.3433". While the files are being quarantined in most cases, i believe this may be a false positive, is anyone else seeing these ale...

Secure Endpoint API: start a scan and resolve a compromise

Hello,we've noticed a shift in the development direction of the official Secure Endpoint web interface, which is unfortunately becoming a challenge for us to work with on a daily basis. As a result, we're considering creating our own administration i...

Resolved! Cisco Secure Client Module not installing Windows Server 2022

I am creating Deployment Profiles from Secure X in order to push Secure Client (and our modules) to workstations and servers. The deployment profile for workstations works as expected, whether using a Full Installer or Network installer. I am now t...

Dot1x on my wired network using ISE as the authenticator and utilizing

Hello everyone, how are you? I'm looking to implement Dot1x on my wired network using ISE as the authenticator and utilizing certificates via TLS. I'd like to know if there's a way to generate the certificate directly on ISE and install it on the ma...

Resolved! Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc

We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupd...

Missing client event log entries in Secure Endpoint

Hello, a few days ago, we noticed that the event logs of the individual clients in the Secure Endpoint Dashboard of one of our larger customers only contain very few entries. Normally we see several dozen to 100 or even more entries there, but now in...

Resolved! Uninstall/ Remove AMP Secure Endpoint

Is there a way to uninstall the Cisco AMP connector from all devices at the same time, instead of logging into each device and uninstalling it manually?

False positive WAX####.tmp Amp detection?

I'm having some issues with Amp flagging some tmp files as malicious. I received 32 alerts from a single machine within an hour as Gen:Trojan.Heur.FU.RqZ@a0N@95j. The files are created by werfault.exe, which is a legitimate program. Werfault can run ...

Endpoint Security

Forum Posts

SlowProcessor unable to calculate hash using handle

Insolate a linux in cisco amp

Resolved! Legacy/previous versions of Duo Authentication Proxy Server

Resolved! False positive? GT:JS.Hyena.3 detections

False-Positive? W32.RetroDetected (Chrome.exe)

Clam AV signature set CVD being actively maintained by TALOS?

Isolated host generating multiple Expolit Prevention events

Resolved! Multiple Secure Endpoint Alerts

Secure Endpoint API: start a scan and resolve a compromise

Resolved! Cisco Secure Client Module not installing Windows Server 2022

Dot1x on my wired network using ISE as the authenticator and utilizing

Resolved! Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc

Missing client event log entries in Secure Endpoint

Resolved! Uninstall/ Remove AMP Secure Endpoint

False positive WAX####.tmp Amp detection?

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

CareUEyes Update.exe False Positive

Secure Client AMP Enabler for Mac

Cloud IOC: ExecutedMalware.ioc

Byod access with ISE guest portal using AD store

Cisco Secure Endpoint Service Launcher fail after update

Incident Promotions from Secure Endpoint to XDR

False Positive? "Adobe Genuine Helper.exe"

About Cisco Threatgrid API

Policy Update Failed, code 3242196993?

Downloading an old amp connector