Hello, We are brand new customers (coming from an ASA). We just installed our new firewall this weekend, and are trying to tune our email alerts appropriately. One of the things I'd like to do is turn off email alerting for "Network Based Malware" ...
Forum Posts
We are having an issue with IP Black/White list. We've developed a containment policy which whitelists several necessary addresses (e.g. AMP addresses and DNS services), and configured the blacklist to the rest of the network's private IP address sp...
AMP for endpoint seems to be not able to block the wannacry which is encrypted with packer tool.Are there any workaround?Repro-steps:1. get a wannacry from ThreatGrid or any other service2. encrypt it with packer tool such as upx3. open AMP console a...
I deployed AMP for endpoint to a test machine following Cisco's Deployment Strategy guide for AMP for endpoint. This guide recomends creating an Audit Only, Protect, Triage, Server and Domain Controller policy and the same for groups. It also recom...
How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout. Is there any way to tell if incoming connections are getting dropped/time...
Hi Everyone, Recently we were made aware of a TETRA AV definition update which caused the Windows AMP for Endpoints service to crash. Note: Customers who do NOT have TETRA enabled are not affected by this issue. While we have already remov...
Resolved! Would you consider AMP endpoint protection negates the need to remove Administrator access
We are rolling out AMP for endpoints, and a lively internal discussion is whether we shoudl rely on AMP's malware protection so that we can provide our end-users with Administrator access. I'd be interested in people's thoughts.
hi all, when i upgrade 6.0.5 or older version to 6.0.7, machines are too slowly and even it does not allow click on desktop. boot safemod with networking and i uninstall agent, pc go on to work normally. what is the problem for 6.0.7 ? manuall...
Hi, According to the release notes of the new AMP for End Points, version 6.0.7.10670 the registry key for the January and February MS updates should have been added automatically upon upgrading\Installing. However, it doesn't add the key, tried it...
Does anyone know?
We received an alert during a scan that referenced JS:Trojan.JS.Agent.QTW. That is nice except that the Google has never heard of this maware under any of the 11 (out of 59) vendors that Virustotal claims looked at the tm.js file that triggered the ...
Resolved! AMP multiple customers
Hi all,I was wondering if it's against Cisco AMP licensing T&C to buy like 1000 seats and then manage multiple customers via policy and different groups and use this as license pool?Thank you.
We've got some great resources for those of you just getting started with Advanced Malware Protection (AMP) for Endpoints. Take a look at our Get Started guidebook. You'll find dos and don'ts, deployment strategies, and more.If you have a question ...
Hi,i'm testing cisco firepower AMP, it is correct that with a "malware block" policy in AMP all tests with ecrypted files fail ?i using this site:metal.fortiguard.comit seems to block only plain, tar and cab files.
Hi Team, I need some assistance to have visibility for Malware events on IBM Qradar, the estreamer integration works fine and I can see events, IPS, Connection logs however I cant see any Malware events. I have tried to generate Malware events fo...
