Endpoint Security

Veeam Backup and Replication. Cisco Endpoint for SureBackup anti malwa

Hello. We use Veeam Backup and Replication for backup and for Surebackup (and for anti malware scanning of backupfiles) in a vmware vcenter environment. Veeam B&R can be configured through a AntivirusInfos.xml file to use products like Symantec Prot...

False positive for Edge?

Hi. I wanted to toss this out there to see if anyone else encountered this in the last week or so.This morning, I opened up the console to 40% of my endpoints indicating a compromise. I opened one computer to start investigating. I found it to be a r...

Amp service not starting

I have a laptop which won't start the Amp service. I've updated it from 8.2.1 8.2.4 and still get the same problem.The event log gives this:Faulting application name: sfc.exe, version: 8.2.4.30130, time stamp: 0x65cfcfa4Faulting module name: sfc.exe...

ISE Essentials License and Apple products for 802.1x

Hello friends.I'm working on setting up ISE on Azure for our org. we have combination of domain joined windows clients, IP phones and iPads (Apple products). I have two questions to start the process.1- does ISE Essentials License support Apple produ...

How to investigate high number of alerts for browser cache files

Hi, The File Detection category generates a lot of alerts on browser cache with signatures like these:GT:JS.Hyena.xGT:JS.Injected.xTrojan.Generic.xTrojan.GenericKD.xAuto.x.in02W32.x.in12.TalosMost of the time these files are unique so they won't be o...

End point detection

I am new to cisco endpoint and will need some help in creating rolling 3 months analysis for end point positive detectionsand also analysis for false positive detection.Any help and directions will be deeply appriciated.Thanks

Resolved! Sockets

John McClane found Safe Mode for Android and iOS. He removed the banking app. He is dedicating himself to his maximum security rack, a long-time dream. Proxies are active on smartphones for now. He needs connectivity today. But his money is under the...

Resolved! need to block exe file

Hi All, Need to block below exe file path on server. Can anyone help me how can i do this in Cisco secure endpoint console. c:\program files\uvnc bvba\UltraVNC\winvnc.exe

SlowProcessor unable to calculate hash using handle

We're having trouble running Office 365, is there application blocking where files can't be opened, is there any fix or policy enforcement to get it back up and running? Logs: (22455125, +0 ms) Jan 03 14:46:13 [7440]: ERROR: Event::SlowProcessor unab...

Insolate a linux in cisco amp

Good morning! We're currently facing the challenge of isolating our Linux systems (running Ubuntu and Debian) from the Cisco Secure Endpoint console (formerly known as AMP). Despite our efforts, we haven't been able to find a direct method to achieve...

Resolved! Legacy/previous versions of Duo Authentication Proxy Server

Still running 2008R2 DCs believe it or not and they're running DPS v5.7.1. Does anyone know the URL to download legacy versions of DPS?Thanks in advance.

Resolved! False positive? GT:JS.Hyena.3 detections

Last night we started getting GT:JS.Hyena.3.x detections on a number of computers. We are continuing to receive them, over 150 machines so far. Anyone else seeing this?

Clam AV signature set CVD being actively maintained by TALOS?

Hello TALOSSince the retirement of Immunet at the beginning of 2024, has maintenance of Clam AV CVD signature files by Cisco TALOS been impacted? Are the Clam AV community signature sets still being actively maintained by Cisco? Thanks in advance

Isolated host generating multiple Expolit Prevention events

We have an end user machine that was placed into isolation after a high severity Cloud IOC Event (Cloud IOC: W32.PowershellIEXReplace.ioc) and a low severity Cloud IOC Event (Cloud IOC: W32.PowershellObfuscationAttempt.ioc) was detected. Powershell ...

Resolved! Multiple Secure Endpoint Alerts

Hi, in the last few hours our Secure Endpoint has alerted to hundreds of events associated with "Gen:Variant.Jatommy.3.3433". While the files are being quarantined in most cases, i believe this may be a false positive, is anyone else seeing these ale...

Endpoint Security

Forum Posts

Veeam Backup and Replication. Cisco Endpoint for SureBackup anti malwa

False positive for Edge?

Amp service not starting

ISE Essentials License and Apple products for 802.1x

How to investigate high number of alerts for browser cache files

End point detection

Resolved! Sockets

Resolved! need to block exe file

SlowProcessor unable to calculate hash using handle

Insolate a linux in cisco amp

Resolved! Legacy/previous versions of Duo Authentication Proxy Server

Resolved! False positive? GT:JS.Hyena.3 detections

Clam AV signature set CVD being actively maintained by TALOS?

Isolated host generating multiple Expolit Prevention events

Resolved! Multiple Secure Endpoint Alerts

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

AMP Connector installation using Addigy device manager tool on MAC boo

Define Endpoint Purge Rule

CyberVision Deployment

Elisity and Cisco CAT 9300

Cisco Secure Endpoint service did not appear on my device?

Integration with O365

Does Cisco Secure Endpoint support Bluetooth blocking?

API call to create a policy

Attach policy or blocklist to computer using the API