Cisco Secure Endpoint flags Lsass dump as Cloud IOC. EDR tool did not stop the dump, most likely because Windows native tools were used. I have ticketing in place to alert on the event. Does anybody know how do I blacklist the activity(command line i...
Hello. I have a bunch of VMWare hosted servers that AMP is hogging memory on. Most noticeably, it's really hogging it up on several servers that have 4GB of memory, to the point where I get constant Nagios alerts about memory usage. Previous, I could...
Hi Everyone,We wanna Implent Posture assessment in LAN. With temporal Agent everything works fine. But when we wan to client Use anyconnect Posture module, Client provisioning portal shows an error "An error occurred. Contact the helpdesk for assista...
Dear All, I need to know if Cisco ISE 3.1 is compatible with Windows Defender? I found this document on Microsoft site that confirm it: Network access control integration with Microsoft Intune | Microsoft Docs But I' d like to know if it is also true...
Hi,In response to a security incident, I would like to query one group of endpoints in AMP (Secure Endpoint) for network connections to a specific IP address. How can I do that in Orbital?Thanks for your time.Have a great day.T
On 6/28 and 6/29 I received a large uptick in old PDF docs getting quarantined as PDF.Spam.Heur5. In all cases, these pdf files have been on these workstations for two or more years. Anyone else seeing this? False positives, or better late than ne...
Hi, I have seen this ISE reference for guest authentication & ISE: https://community.cisco.com/t5/security-documents/ise-guest-access-deployment-guide/ta-p/3640475 , but i am still unsure if wired guest users can be redirected to a Sponsor Captive...
Hi, I have a number of files on Windows 10 that are showing as clean One is svchost.exe SHA256 5d00bbeb147e0c838a622fc42c543b2913d57eaca4e69d9a37ed61e98c819347 It is reporting as clean. However, the product name is Microsoft in Russian, which i...
Which tool can manage Windows Patch Management Check/Remediation with non administrator-level users during network access e.g. VPN? (I am using Cisco AnyConnect) At the current guide... Cisco AnyConnect Secure Mobility Client Administrator Guide, R...
Hello all, in windows 11 latest update, any connect 4.7.02036 fails to install with following message. error comes at mid of setup and rollbacks after error. thanks for your suggestions.
if I have amp installed on some workstations and protected by password, but unfortioanloity I don't have access to management counsel and passwords are forgotten , how can I remove it
Zero Day Exploit of Microsoft Support Diagnostic Tool Detection. What components of Cisco Secure Endpoint will detect and block this vulnerability? https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-to...
Hello, I have a rather interesting issue that I am having trouble figuring out. AMP scans have returned 3 separate endpoints now with the same malicious phishing pdf that is seemingly located in someone's user profile. Normally this would be fine, be...
Hi community! We have a few Surface tablets that need Windows Early Launch Antimalware Protection temporarily off in order to boot. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware Alternatively we can remove...
I have Cisco AMP MSP console with multiple organizations in it. Some have basic tiers of AMP and some have advanced. When I navigate to one of the consoles with Advanced tier and try using Orbital it askes me to sign in. Then I pick Secure X Sign On....
.jpg "VIP Advisor"){kind=icon}
