Endpoint Security

FTD Malware File Policy

Hi, I have created a malware file policy to block malware for PDF & Executables. When I attach the malware file policy to my Access Control Policy acl I receive a warning " Configured Ports will prevent the file policy from being triggered" The acl...

Resolved! AMP and selfservice

Is there a way to offer our users a self service facility to upload and analyze their files? Do they have to contact us everytime they have / receive a suspicious file or attachment? thx

Resolved! Exclude/whitelist a source server IP address

Is there a way to either whitelist or create an exclusion in Cisco AMP so that anything coming from that IP address or server is ignored by the Cisco AMP agent? We have a KACE appliance that downloads Windows updates to the clients and I would like t...

Using exclusions in AMP For Endpoint.

I’m preparing a number of PoV’s on AMP4E and wonder hos exclusions should be handled. According to the user guide (and the raining I have received) exclusions must be made on both AMP and the antivirus. It all make sense. Never the less; I’m running ...

Resolved! Best recommended book for sourcefire/firepower

Hi All, Any recommended book to learn cisco sourcefire/firepower from zero to hero??

AMP for Endpoint

Does AMP for Endpoints have any native memory-based malware blocking capability? Not looking for detection, but active protection for memory based malware without the use of CTA? Thanks,

Resolved! AMP on Citrix environment

Hi all, We have a customer who is interested for AMP for Endpoint deployment. All the clients are on Citrix environment and I don't know specially how citrix works. Do I need one instance of AMP for each console or just one instance on the citrix ser...

AMP for Endpoints - Deploying on VMView VDIs

Has anyone had any real world experience deploying AMP for Endpoints on Virtual Desktops (VMView to be specific) Our VDI environment uses non-persistent WIndows 7 and WIndows 10 desktops. The official CISCO/Firepower documentation is a bit vague. I ...

FireAMP for Endpoint: Windows Virus/Spyware Protection Notification

I've recently installed FireAMP with TETRA on Windows 7 and 10 and have deinstalled/deactivated any onther security product, including the built-in Windows Defender (which will, annoyingly, automatically turn itself back on after some time). Shouldn'...

Can AMP be configured to prevent Word from spawning child processes?

I cannot block cmd.exe or wscript in my environment as a whole, but I would like to prevent MSWord and Excel from spawning them. There is no legitimate reason for Office products to kick of these. Can this be done through AMP?

Command Line Switches for AMP Connector Install

This is my first time posting I hope this is that correct place I'm trying to do a silent install of amp connector using the following command line with switches fireampsetup.exe /R /S /desktopicon 0 /startmenu 1 /contextmenu 1 /D=C:\Program File...

Default AMP Policies

We are beginning the deployment of AMP for endpoints. The current policies were auto-generated 2-3 years ago when the main account was originally created, the product has not been touched until now. In a "training" class the instructor said we may ...

Moving computer to new group automatically via a script - Cisco AMP for Endpoints

Dear Community and Cisco Support, As part of the uninstallation of an existing antivirus product on over 2000 workstations, I would like to run a PowerShell script that moves the computer from Audit mode into Protect mode. Is there any way to move ...

General questions about AMP

Hi, folks!I have the questions about IOC scan in AMP.1) What is the purpose of this feature? Is it like a full system scan in any other antivirus/antimalware software like McAfee?2) Does every malware has it's own IOC? Or there is a one big cisco IO...

Firepower Upgrade from 6.2.2 to 6.2.3 failed

FMC 750 was running on 6.2.2 version and when we tried to upgrade it to latest version 6.2.3 it failed. The ping was working fine but we are not able to access the FMC GUI. We tried to reboot the device, no luck. Then we tried to restore the image vi...

Endpoint Security

Forum Posts

FTD Malware File Policy

Resolved! AMP and selfservice

Resolved! Exclude/whitelist a source server IP address

Using exclusions in AMP For Endpoint.

Resolved! Best recommended book for sourcefire/firepower

AMP for Endpoint

Resolved! AMP on Citrix environment

AMP for Endpoints - Deploying on VMView VDIs

FireAMP for Endpoint: Windows Virus/Spyware Protection Notification

Can AMP be configured to prevent Word from spawning child processes?

Command Line Switches for AMP Connector Install

Default AMP Policies

Moving computer to new group automatically via a script - Cisco AMP for Endpoints

General questions about AMP

Firepower Upgrade from 6.2.2 to 6.2.3 failed

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

Knowledge Hub: Cisco Technology for Securing the Enterprise

Announcing Resources That Guide You to Success

Byod access with ISE guest portal using AD store

Cisco Secure Endpoint Service Launcher fail after update

Cisco Secure Endpoint Horizon Environment Duplicates in Console

Veeam Backup and Replication. Cisco Endpoint for SureBackup anti malwa

How to investigate high number of alerts for browser cache files

Hidden User Created | CtxPkmService

Using Local ISE users for 802.1X

nvsmartmax.dll - W32.PCShareBackdoorDetected.ioc

Automatic Isolation didn't happen with retrospective detection

Malicious disposition for putty-64bit-0.73-installer.msi