Hello everyone, I am having some issues with my dot1x configuration and was hoping to get some ideas on what the issue might be.... End points are configured with windows supplicant software, Cisco 9300 working as authenticator and Cisco ISE as authe...
Forum Posts
Hello, I have a problem with spam mails. I have identified the malware (tofsee). I search it in amp console and it shows some files. When I search one of them in the section Network Activity -> TCP/IP Streams I see an IP address as a source. What is...
Hello everyone, I am looking for some troubleshooting advice and/or ideas on 802.1x configuration that I am working on my network. Here are some details: 1- The authentication server is cisco ISE2- The authenticator is a Cisco 9300 3-switch stack3- ...
We have a ISE 2.4 deployment with pxGrid pumping user login information to FMC. We have a requirement to STOP a particular user to IP mapping from propagating to FMC. This is to prevent a user running a program with 'run as user' option in windows g...
We have pushed updates to the AMP connectors in our server policy around our scheduled maintenance window. During the Window, the servers were updated and restarted as required by both the updates and the connector. Upon reboot, the warning triggered...
Hello, Can I use the Wildcard exclusion capability of Cisco AMP in order to add an exclusion that can propagate on multiple drives, on Windows. For example, if I will add the wildcard exclusion " *\Folder1\Folder2\ " will this be apply for drive C...
I have uploaded few malicious IPs under Outbreak control --> IP Block list. So when i tested with one of the IPs in the test machine they are detecting on AMP, AMP UI is throwing a Pop up as "Malicious connection detected", however browser still load...
I have FireAMP on my machine which I think may have been installed as part of AnyConnect (?). I would like to uninstall it in order to troubleshoot other issues I'm having. The uninstall is prompting for a password, but I never recall setting up a ...
Hi, An instance of this happening was just brought to my attention by one of our users. According to him every time he reboots his laptop this happens for 30 mins before everything goes back to normal. I have tried looking in AMP but haven't found an...
Hello Team, Our cisco ftd is working properly but when we tried to check on the syslog server we're unable to see the logs of deny policy. Anyone who expirience this incident? Best regards,
Resolved! AMP Connector not appearing in console.
I have installed AMP on several machines in various modes like protect, triage etc. I install on my Mac and it doesn’t appear in the console. I have re-installed several times but it never appears. The only machine i actually want it to work on do...
What is the source that Cisco is referring to block the IP address under "Network" tab, Where can we find the source for this so that we can customize if required.
Is a reboot necessary when updating AMP from 7.1.5.11523 to 7.2.7.11687? I asked a similar question to cisco a long time ago and was told that if the 1st or 2nd number in the version number changes, then a reboot is necessary. So when I deployed ...
Hi Cisco Community,I've received detections on PCs where AMP states the user involved is a user that has never logged into the computer in question. I'm assuming this has to do with the origination of the file detected, but I'm not sure. Does anyone ...
I have an executable file, I used sha256deep to generate a hash. I confirmed that hash with an upload to VirusTotal as well as generating a hash through 7zip. I added the sha256 hash to my blocklist. Updated the policy on my endpoint. I was still abl...
