Hello,When investigating a threat detected, is there a way to see how the infected file got on the machine? Is secure endpoint able to track it from a website, email, USB, etc?Thanks
Hi everyone,Cisco AMP found different malicious files, I saw 2 different dispositions on Cisco AMP:Disposition: MaliciousDisposition: BlocklistedBoth files quarantined but can someone explain what is the difference between blocklisted and malicious d...
Hi, We are using Cisco for Endpoint (former AMP) on all our windows clients and server and would like to use the feature called "Kenna Risk score" but on all client it says that windows 10 i required, we are using windows 10, win 11, win 2019 server ...
I am currently running a project where we are updating Cisco Secure Endpoint on all over our servers from 7.3.15 to 7.5.5. Since we first deployed what was originally known as Cisco AMP we have experienced 100% CPU issues with a fair amount of our E...
Over the past few weeks, I have been getting quite a few notifications about tmp files getting flagged in Cisco AMP, but the file never gets quarantined. It just says that it failed to quarantine the file because it's already been "deleted, moved, or...
We see a lot of events regarding the solitarie.exe (Solitaire colection) detected as a threat on windows 11.We are able to allow the application un AMP but would like to report this as a false poitive, just to avoid all events. Since i dont have any ...
Hello,
I'm deploying the Umbrella module of the Cisco Secure Client 5 in Windows and macOS devices, and I've seen the Auto-Update feature available from the Umbrella Dashboard is not supported by Cisco Secure Client 5 (only for Anyconnect 4.x).
I ne...
For a long time I received many alerts about the Powershell being indentified as Malware, when a retrospective Malware alert was received making that file as Clean.Common detecion: W32.PowershellEncodedBuffer.iocDid anyone else see this same behavior...
Good morning.
I understand that integration with Talos Cloud is necessary to properly use malware detection through FMC and FTD.
How can I apply it in a closed network?
SRU or Geo information can be manually imported, and I wonder if the FMC also has...
We output Secure Endpoint events to our SIEM. I am seeing Cloud IOC events in the SIEM, however, upon review of the endpoint in Secure Endpoint, the IOC indicators are displayed. This appears to be true of low-criticality events. Also, when I at...
I am implementing ISE 3.1 in my organization. In open mode devices are reachable and available on network irrespective of their authentication status. But in close mode new devices are not getting authenticated and due to that they are unable to join...
Hey everyone,
Just wondering if anyone knows why a user would get a Event 5400 Authentication failed (Failure Reason is 22056 Subnet not found in the applicable identity store(s). The laptop has just gone through a successful authentication and swit...
Hello fellow IT peeps!I have been doing some testing with deploying 8.0.1 on to some clients that have 7.5.1 and I'm getting mixed results. I created a new policy to update the client and added 6 PCs to a new group that has the policy assigned to i...
Hello,
I am just getting familiar with Secure Endpoint and would like to know more about Spero and Ethos engine.
I could not find DETAILED information about how these engines work and what they do.
Would be grateful if someone provides documentation....
Good day all! We've come across a few incidents where we would initiate a scan(full or flash) on a machine from the console and the events of the scan starting and finishing would show up over an hour after those events actually happened. Is this com...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: