Endpoint Security

False-positive of lum-sdk

Hello, ClamAV a project of Talos by Cisco falsely detected several files of Luminati SDK as a virus, type: Win.Packed.Icloader Yesterday I have submitted the files at https://www.clamav.net/reports/fp and didn't got confirmation email or link to fol...

AMP: Archiving Events

Hello, We need to archive some events so they're not lost forever after 30 days. I believe Splunk can integrate with the AMP API and can do this but alas we do not have Splunk or any other decent SIEM for that matter. Any bright ideas on how we could...

Resolved! AMP - Computers existing named as Demo_xxxx

Hello, I have a silly question but want to be sure before doing something, on a new deployment of AMP for Endpoints, there are already listed computers named as Demo_Dridex, Demo_Dyre, etc. but it generates information that is complicated on my dashb...

A4E showing exploit prevention warning on lsass.exe

I keep getting this alert from AMP for Endpoints several times per day for the same endpoint. I can't really find the source of it. Device Trajectory is just showing me that a file associated with it is called c:\windows\system32\eac_usermode_19230...

Threat grid update failure

I am having a issue to update threat grid in lab , it shows the following error when doing update. ssh: connect to host appliance-updates.threatgrid.com port 22: No route to host Failure during transfer Dirty interface is able to ping internet a...

AMP causing server to crash/reboot?

Windows Server 2012 R2, fully updated, physical server. Installed AMP connector version 6.2.5.10848 last night. Since then the server has crashed/rebooted twice. Seeing several event ID 36887 Schannel errors since the install - "A fatal alert was rec...

Cisco AMP bug info wanted

Team, got the email of a bug for amp. Anyone got the BugID, details, or severity? Thx, RickCisco AMP for Endpoints Announcement - AMP for Endpoints Connector downloads --- A bug has been identified in the installer of AMP for Endpoints Connector for ...

AMP for Endpoints - Quarantine failures on download temporary files

Can some kind dev fix the issue where when a file is fully downloaded AMP triggers on a signature on the file.crdownload or whatever your browser du jour decides to temp name downloads, but before AMP can act the browser renames it to the correct fil...

Resolved! AMP: Disabling DFC and TETRA on Servers

Hello all, I'm under the impression that if installing the AMP connector on a Windows server, we should disable DFC and TETRA. Can anybody point me at an up-to-date document or web page that shows this recommendation? Many thanks in advance, Matt...

Number of VM running in ThreatGrid

Hi I am working on some case where the customer asked me about the no. VM (for sandboxing) running on the Threat Grid firewall. I neither find it in the Admin guide nor in datasheet and any other portal. Could someone help me on this please? Regards...

Resolved! Upgrade SSL

So I am running security scans on our network for the first time. I have a long list of things to fix. One is the SSL/TLS suite another is upgrading the key to the diffie-hellman key exchange. I was hoping to get pointed in the right direction on how...

What can we do ? When I find a suspect file on PC ?

Hi Sir: My environment is below: 1.AMP Endpoint for MAC and windows 2. Private Cloud on Intranet When I find one suspect file (I think it's malware file.)but AMP endpoint can't analyze it. It think it's normally. What can I do for this file ? Can...

AMP and Rapid Threat Containment

Hi, I am currently evaluating Rapid Threat Containment with Firepower Threat Defense and ISE. Does anyone if it's possible to add AMP for endpoints to this solution and have AMP to automatically scan a client that has been quarantined by Firepowe/I...

CISCO AMP high Memory consumption on Linux host

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND Hi I have AMP version - AMP for Endpoints Connector v1.9.1.603 Redhat release 7.4 And i have AMP processes being among top memory consumers. Are there any suggestions around...

AMP Exclusions "Network Location"

Can a network share or a file on a network share be added to exclusions? If so, what is the syntax?I have an .exe on a share that I have whitelisted, but it still gets caught by AMP from time to time. (by Tetra per tech support) They said it is a b...

Endpoint Security

Forum Posts

False-positive of lum-sdk

AMP: Archiving Events

Resolved! AMP - Computers existing named as Demo_xxxx

A4E showing exploit prevention warning on lsass.exe

Threat grid update failure

AMP causing server to crash/reboot?

Cisco AMP bug info wanted

AMP for Endpoints - Quarantine failures on download temporary files

Resolved! AMP: Disabling DFC and TETRA on Servers

Number of VM running in ThreatGrid

Resolved! Upgrade SSL

What can we do ? When I find a suspect file on PC ?

AMP and Rapid Threat Containment

CISCO AMP high Memory consumption on Linux host

AMP Exclusions "Network Location"

log entries re [ExecHandler.swift@335] ... "hash found in cache!"

Code Integrity determined that a process (\Device\HarddiskVolume3\Wind

Feature Request: Safe Mode Reboot Protection in Cisco Secure Endpoint

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Orbital Execute Powershell Cmdlet for installed modules from PSGallery

Cisco FMC Scheduled Backup Error "Error creating tar archive"

Better Understanding

Anyone experiencing blue screens with Cisco Secure Endpoint 8.4.4?

FTD Backups sent to FTP Server is Failing

Secure Endpoint API PATCH methods