Endpoint Security

We received an alert during a scan that referenced JS:Trojan.JS.Agent.QTW.  That is nice except that the Google has never heard of this maware under any of the 11 (out of 59) vendors that Virustotal claims looked at the tm.js file that triggered the ...

We've got some great resources for those of you just getting started with Advanced Malware Protection (AMP) for Endpoints.  Take a look at our Get Started guidebook. You'll find dos and don'ts, deployment strategies, and more.If you have a question ...

Hi,i'm testing  cisco firepower AMP,  it is correct that with a  "malware block" policy  in AMP  all tests   with ecrypted files fail ?i using this site:metal.fortiguard.comit seems to block only plain, tar and cab files.

Hi Team,   I need some assistance to have visibility for Malware events on IBM Qradar, the estreamer integration works fine and I can see events, IPS, Connection logs however I cant see any Malware events.   I have tried to generate Malware events fo...

Hi,How can I have the following:Full scan started by the scheduler.Scan completed successfully.Found 10 detections, 0 suspicious files and 0 hidden files.Scan time 6 hours.Scanned 1244779 files, 289367 directories and 109 processes.Engines used: SHA,...

Hello, I find on this doc https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html URL to open for AMP for Endpoint operations. After deploying my configuration my AMP connector is still disconn...

is there any way to know or scan a network where my computers resides and know if a computer is not running AMP for Endpoint and install it??    

I created a new group with new a policy. i got to and endpoint and click on management and click move to group. everything looks good. In the console it looks like it moves but on the endpoint still points to the old policy. even if i stop and start ...

HI,  How can I set real time notification for security team. I intend to real time monitor and alert if security event occurs on endpoint.  

Are there any known issues with SCCM deployments of AMP and logging into the Deployment Summary logs in the AMP console.  I have recently deployed connectors and the systems do not show up in the Deployment summary list but the machines do appear as ...

Hello Experts,   can any one please explain me, what does deleting session and new session means in below logs from source fire appliance. Though the rules are allowed on firewall , only one way traffic is seen, I cannot see bi-directional traffic.  ...

Are there any known issues with SCCM AMP deployments not showing in the Deployment Summary logs??   I recently did a deployment of connectors that are not showing in the logs but do show under the managed connector policy.  Any help would be greatful...