Endpoint Security

A4E showing exploit prevention warning on lsass.exe

I keep getting this alert from AMP for Endpoints several times per day for the same endpoint. I can't really find the source of it. Device Trajectory is just showing me that a file associated with it is called c:\windows\system32\eac_usermode_19230...

Threat grid update failure

I am having a issue to update threat grid in lab , it shows the following error when doing update. ssh: connect to host appliance-updates.threatgrid.com port 22: No route to host Failure during transfer Dirty interface is able to ping internet a...

AMP causing server to crash/reboot?

Windows Server 2012 R2, fully updated, physical server. Installed AMP connector version 6.2.5.10848 last night. Since then the server has crashed/rebooted twice. Seeing several event ID 36887 Schannel errors since the install - "A fatal alert was rec...

Cisco AMP bug info wanted

Team, got the email of a bug for amp. Anyone got the BugID, details, or severity? Thx, RickCisco AMP for Endpoints Announcement - AMP for Endpoints Connector downloads --- A bug has been identified in the installer of AMP for Endpoints Connector for ...

AMP for Endpoints - Quarantine failures on download temporary files

Can some kind dev fix the issue where when a file is fully downloaded AMP triggers on a signature on the file.crdownload or whatever your browser du jour decides to temp name downloads, but before AMP can act the browser renames it to the correct fil...

Resolved! AMP: Disabling DFC and TETRA on Servers

Hello all, I'm under the impression that if installing the AMP connector on a Windows server, we should disable DFC and TETRA. Can anybody point me at an up-to-date document or web page that shows this recommendation? Many thanks in advance, Matt...

Number of VM running in ThreatGrid

Hi I am working on some case where the customer asked me about the no. VM (for sandboxing) running on the Threat Grid firewall. I neither find it in the Admin guide nor in datasheet and any other portal. Could someone help me on this please? Regards...

Resolved! Upgrade SSL

So I am running security scans on our network for the first time. I have a long list of things to fix. One is the SSL/TLS suite another is upgrading the key to the diffie-hellman key exchange. I was hoping to get pointed in the right direction on how...

What can we do ? When I find a suspect file on PC ?

Hi Sir: My environment is below: 1.AMP Endpoint for MAC and windows 2. Private Cloud on Intranet When I find one suspect file (I think it's malware file.)but AMP endpoint can't analyze it. It think it's normally. What can I do for this file ? Can...

AMP and Rapid Threat Containment

Hi, I am currently evaluating Rapid Threat Containment with Firepower Threat Defense and ISE. Does anyone if it's possible to add AMP for endpoints to this solution and have AMP to automatically scan a client that has been quarantined by Firepowe/I...

CISCO AMP high Memory consumption on Linux host

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND Hi I have AMP version - AMP for Endpoints Connector v1.9.1.603 Redhat release 7.4 And i have AMP processes being among top memory consumers. Are there any suggestions around...

AMP Exclusions "Network Location"

Can a network share or a file on a network share be added to exclusions? If so, what is the syntax?I have an .exe on a share that I have whitelisted, but it still gets caught by AMP from time to time. (by Tetra per tech support) They said it is a b...

AMP - Outdated Definitions, Endpoints not checking in after Connector Update

We are seeing several endpoints not checking in or receiving definition updates after being updated to connector version 6.2.3.10814. There is nothing unique about these machines in our environment. The last 3 events for these machines are as follows...

AMP file policy best practise ASA's?

Hi! What is the best practice for file policy's on ASA's? Im curently running a file policy with 2 rules. rule 1: File types: Category Dynamic Analysis Capable Action: Block Malware Spero, Dynamic Analysis and Reset connection Store files Malware Ru...

Cisco AMP update procedure

Hello, We use Cisco AMP (cloud) and we have about 4000 endpoints. When we started the endpoints update, a lot endpoints started to update at the same times and our bandwidht was painfully impacted. Can you please share with me an recommended update p...

Endpoint Security

Forum Posts

A4E showing exploit prevention warning on lsass.exe

Threat grid update failure

AMP causing server to crash/reboot?

Cisco AMP bug info wanted

AMP for Endpoints - Quarantine failures on download temporary files

Resolved! AMP: Disabling DFC and TETRA on Servers

Number of VM running in ThreatGrid

Resolved! Upgrade SSL

What can we do ? When I find a suspect file on PC ?

AMP and Rapid Threat Containment

CISCO AMP high Memory consumption on Linux host

AMP Exclusions "Network Location"

AMP - Outdated Definitions, Endpoints not checking in after Connector Update

AMP file policy best practise ASA's?

Cisco AMP update procedure

log entries re [ExecHandler.swift@335] ... "hash found in cache!"

Code Integrity determined that a process (\Device\HarddiskVolume3\Wind

Feature Request: Safe Mode Reboot Protection in Cisco Secure Endpoint

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Orbital Execute Powershell Cmdlet for installed modules from PSGallery

Cisco FMC Scheduled Backup Error "Error creating tar archive"

Better Understanding

Anyone experiencing blue screens with Cisco Secure Endpoint 8.4.4?

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods