Endpoint Security

Reset connector's policy settings due to lost connection to Private Cloud Server

Hello,If AMP connector loses connection to Private Cloud Server it will not get new policy settings. But after Cache TTL time it resets old policy settings at all and doesn't quarantine files from Simple Custom Detection anymore. I'm wondering why ol...

Resolved! AMP for endpoints is storing too much data

Hello everyone, I would like to tell you a concern about AMP for endpoints, because a realized just some days ago, amp is storing a lot of data in HDD, so i would like to know if it's normal behavior or i need to take some action, because the amount ...

Quarantine is Failed for Desktop Windows 7

Currently We have deployed FireAMP Private Cloud. Software and Content Ver is 3.1.1) Why Quarantine is Failed for following files , Desktop is Windows 7. Connector is Protect Detection - File ty...

AMP Private Cloud session timeout

Hello,Apparently for AMP Private Cloud v.3.0.2 GUI's session timeout is 30 minutes. Is it possible to decrease timeout? How many login failed attempts are needed to block an account? Is there a configuration file to manage these parameters?

Audit Log AMP Private Cloud

Hello,Where are logs of AMP Private Cloud v.3.0.2 located in a file system? There are log files only in directory /var/log/messages, but how to find logs from GUI in the tab Accounts->Audit Log?

ISE endpoints read connected

This is probably a stupid question (yes there are stupid questions);One of my staff has reported a user who we changed IDs as still reading connected when he looks at endpoints but if we look at live sessions this person is NOT live, neither is his M...

802.1x Authentication

Hello,I configured a 802.1x deployment using a Cisco 9300 Switch Stack IOS 16.8.1a, Cisco ISE IOS 2.6.156 and Windows 10 workstations using windows supplicant software. The whole thing works... The supplicant is able to authenticate the user credenti...

AMP for Endpoints on SUSE Linux?

Hi Cisco Community, Does anyone know if AMP is compatible with SUSE Linux? I found Cisco's compatibility guide but I'm not familiar enough with Linux to know if the listed versions are similar enough SUSE/would work with SUSE Linux Enterprise Ver 12 ...

AMP Service has stopped after 7.2.7 Connector Upgrade

We recently Upgraded AMP connector for endpoints from 6.2.9 to 7.2.7, After the upgrade one of the servers has the AMP service in Stopped state. When we try to start the service it is not starting and we are receiving Error 1053. How do we fix this? ...

Resolved! Remove detected items in AMP

Hello all, I ran a full scan in AMP for a client and it returned the below message: Scanned 244494 files, 109 processes, 37615 paths. Found 2 malicious items.When i expand the event, i cannot see these malicious items. After the "Scan Started" event ...

Retrieve past events from AMP

Hello all! Im trying to extract more than 1 month ago events (.csv) from AMP for Endpoints, but without success. Is it possible to get this info? Be

Exploit Prevention failed to initialize and is not working as expected. Please contact support

Hello All, i am using Amp connector version as : 7.1.5.11523 and operating system : windows 10 , where i am seeing some events as below on few machines , what actually it was referring to and how to resolve it

AMP 4 Endpoints auto scan

Hi all In our deployment we do not have any policy containing scheduled scans. However, looking in the dashboard/events/scan started with a 30 day timeframe, I can see that approx 5% of the endpoint have started a scan. Does AMP4E have auto scans? if...

MAC PC cant get ip address when ISE ANC policy quarantine

We have a ISE cluster with version 2.3.298 We config a ANC policy to quarantine the PC . we find this policy work fine when windows PC ( wired and wireless) and MAC PC( only wireless) when MAC PC connect wired to the switch ,the policy take effect,bu...

Sandbox related queries in Cisco AMP for Endpoints

a) What is Sandbox scans of network shares in Cisco AMP for Endpoints and do we have any feature related to this? b) Can we integrate FortiSandbox with Cisco AMP for Endpoints

Endpoint Security

Forum Posts

Reset connector's policy settings due to lost connection to Private Cloud Server

Resolved! AMP for endpoints is storing too much data

Quarantine is Failed for Desktop Windows 7

AMP Private Cloud session timeout

Audit Log AMP Private Cloud

ISE endpoints read connected

802.1x Authentication

AMP for Endpoints on SUSE Linux?

AMP Service has stopped after 7.2.7 Connector Upgrade

Resolved! Remove detected items in AMP

Retrieve past events from AMP

Exploit Prevention failed to initialize and is not working as expected. Please contact support

AMP 4 Endpoints auto scan

MAC PC cant get ip address when ISE ANC policy quarantine

Sandbox related queries in Cisco AMP for Endpoints

log entries re [ExecHandler.swift@335] ... "hash found in cache!"

Code Integrity determined that a process (\Device\HarddiskVolume3\Wind

Feature Request: Safe Mode Reboot Protection in Cisco Secure Endpoint

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Orbital Execute Powershell Cmdlet for installed modules from PSGallery

Cisco FMC Scheduled Backup Error "Error creating tar archive"

Better Understanding

Anyone experiencing blue screens with Cisco Secure Endpoint 8.4.4?

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods