By reading the FirePOWER documentation and by looking at Cisco Live slides (see uploaded slide), it seems that files are submitted for dynamic analysis by the ASA-SFR directly for dynamic analysis. Could the files be submitted for dynamic analysis ...
Forum Posts
So I have a user using excel with a macro/script and AMP keeps flagging VBA.ObfDldr.1.Gen How can I whitelist this file so it's not alerting 100x a day. The hash changes when they use the file.
Hello there, I am attempting to add a new user to one of our customer deployments lets call them "person@company.com", but it keeps telling me that email address is already in use. I know for a fact that this email is not in use on this deploym...
Hi Sir: Could you help me to confirm AMP4Endpoit detect the event of below scenario ?When client click the malicious website and download the malware. The malware will try to compromise the other computers at the same subnet. What kind of event tha...
Hi Community, I have loaded the IOC packet from the FireJumper and run a scan against my computer. The result is 24 matches of 171 IOCs. Now I want to understand why there are 24 matches and why these IOCs were found. Here a small excerpt of the fo...
Hey all, Calling all AMP experts - Looking for some help with an issue that has been driving me bananas. My client has a website in which they open with IE and it loads an activeX addon (which is installed on the computer and has a C++ component to...
Anybody ever have issues uninstalling AMP? I have a handful of computers still with v6.2.5 on them that I have been trying to upgrade to 6.2.9, but the upgrade fails because the 6.2.5 service can't be stopped. Even after a reboot, the service just ca...
Resolved! AMP Private Cloud Download
I've been scratching my head trying to locate the download .ova for AMP private cloud. I would like follow the guide Installation and Configuration of FireAMP Private Cloud but it references the OVF that I can't find in the Cisco downloads anywhere. ...
Hello, evaluating AMP for Endpoints first configuring policy to Audit, and after that first scan I change computers to group of Protect, check image attached, and my question is, how to apply the actions?? There are files detected that I delete it a...
Hello, On one of my host I see 3 threats 1. Category=CnC Connected, Event Type=Intrusion Event - malware-cnc and Description= The host may be under remote control. 2. Category=Impact 2 Attack, Event Type= Impact 2 Intrusion Event - attempted-admin an...
Hello, ClamAV a project of Talos by Cisco falsely detected several files of Luminati SDK as a virus, type: Win.Packed.Icloader Yesterday I have submitted the files at https://www.clamav.net/reports/fp and didn't got confirmation email or link to fol...
Hello, We need to archive some events so they're not lost forever after 30 days. I believe Splunk can integrate with the AMP API and can do this but alas we do not have Splunk or any other decent SIEM for that matter. Any bright ideas on how we could...
Hello, I have a silly question but want to be sure before doing something, on a new deployment of AMP for Endpoints, there are already listed computers named as Demo_Dridex, Demo_Dyre, etc. but it generates information that is complicated on my dashb...
I keep getting this alert from AMP for Endpoints several times per day for the same endpoint. I can't really find the source of it. Device Trajectory is just showing me that a file associated with it is called c:\windows\system32\eac_usermode_19230...
I am having a issue to update threat grid in lab , it shows the following error when doing update. ssh: connect to host appliance-updates.threatgrid.com port 22: No route to host Failure during transfer Dirty interface is able to ping internet a...
