Endpoint Security

I'm trying to figure out an interesting case I have on hand. Our SF IPS-es running on 6.1.0.3 (build 57) are detecting this  CNC torpig bot  sinkhole server DNS lookup events coming from our Internal Barracuda ESGs. We had called Barracuda technical ...

Hi All, I have received quarantine event failed with the error code 3221225531 in AMP console. I couldn't able to get the exact details for the corresponding event id. Can some one help me to understand the meaning of this error code.

Hello,  I would like to ask a question. I have a parent group with a policy A. This group has many child groups with policies B1, B2, ... Policy A will apply to child groups, or only the Bi policies? Thanks and regards, Konstantinos

Hello, I have Cisco AMP for Endpoints. It is a new installation. I would like to ask if there is a possibility to change the data retention setting. I would like to have data for more than 30 days.  Is there any option to send data to a Syslog server...

Hello, I have Cisco AMP for Endpoints. It is a new installation. I would like to ask if there is an option to create a scheduled scan outside the policy. This is driven by the fact that the company's policy needs to scan some servers the first week o...

Hello,  I have a demo license for the AMP for endpoints Console and I accidentally have assigned the production licenses to the demo console.  How could I remove the licenses and assign them to the other account I want? Regards, Konstantinos

Hi,Can we export the compliance report of endpoints in PDF format from AMP console?. If yes, please share the stepsThanks.

  How to check the type of AES, DES and 3DES block encryption in Cisco routers (e.g. ECB, CBC, CBC-MAC, CFB, CTR, CCM, OFB, OCB). I have a Cisco 1941-SEC / K9 IOS 15.2 (2) T1 router. I can't find it anywhere. Maybe if I don't have the option to choos...

Does it not required to configure any credentials for scheduling a scan for Linux in the Cisco AMP policy? For Windows policy we should provide an admin privileged credential while configuring the scheduled scan but for Linux there is no space to ent...

HI All, Do we have a facility to define/correlate the process by rand in endpoint and generate an event.simple Example:i Want to get a custom event throw if below process run with 1 min.1)netuser2)tasklist3) systeminfo

We are replacing servers with latest Operating system. For Example, we have server called as "ABC-01" with Windows 2012 OS, while building a replacement server we name it as "ABC-02" with Windows 2016 OS. Once replacement server is completed then we ...

We noticed machines are not updating with latest Cisco AMP Tetra definitions as on today.  Last definition was updated on 28th dec and version is 79287, we see there is definitions released on 6th dec (79376) and they are not updating on any of the m...

I have Treat Grid and showing below Error while i am going for update, Please help me how to shut the existing update process and start new process or any other reason to this error. Check the attached snaps.  'Unable to lock update directory; a sepa...

What is the relationship in AMP between the "Network Conviction Mode" and "Device Flow Corrrelation" under the advanced network settings? If the "Enable Device Flow Correlation" be enabled must the conviction mode for network active be at least audit...

The overview page on the dashboard. Is 30 days the furthest the data goes?I would love to see all the threats detected for the whole year.