I cannot block cmd.exe or wscript in my environment as a whole, but I would like to prevent MSWord and Excel from spawning them. There is no legitimate reason for Office products to kick of these. Can this be done through AMP?
Forum Posts
This is my first time posting I hope this is that correct place I'm trying to do a silent install of amp connector using the following command line with switches fireampsetup.exe /R /S /desktopicon 0 /startmenu 1 /contextmenu 1 /D=C:\Program File...
We are beginning the deployment of AMP for endpoints. The current policies were auto-generated 2-3 years ago when the main account was originally created, the product has not been touched until now. In a "training" class the instructor said we may ...
Dear Community and Cisco Support, As part of the uninstallation of an existing antivirus product on over 2000 workstations, I would like to run a PowerShell script that moves the computer from Audit mode into Protect mode. Is there any way to move ...
Hi, folks!I have the questions about IOC scan in AMP.1) What is the purpose of this feature? Is it like a full system scan in any other antivirus/antimalware software like McAfee?2) Does every malware has it's own IOC? Or there is a one big cisco IO...
FMC 750 was running on 6.2.2 version and when we tried to upgrade it to latest version 6.2.3 it failed. The ping was working fine but we are not able to access the FMC GUI. We tried to reboot the device, no luck. Then we tried to restore the image vi...
Resolved! mls as a router and vtp server client
Hi all.Not only the pc's can not each other, they can not even ping their own getway. Moreover, although I have written the command IP ROUTING on the mls, the command doesn't appears in the show running page!!I have posted the gns3 file.
Team, While we instal AMP 1.8.1 ver on RHEL 6.9 the server crashes. I have read the instructions mentioning a reboot to be made mandatory after installation but in my case the server crashes...Once the server comes back it says the AMP installation n...
I got a few files that do not have any file trajectory information. I would like to know why this happens and if there is any workaround to gather that information for deeper file investigation. Thanks, -Dave
Does anybody knows the difference between connectors and installs counters on the dashboard page? Thanks, -Dave
Hello, I'm in the process of upgrading the Cisco AMP connector from 5.x version to 6.1.7 version, in order to patch this process exclusions bug. I'm interesting also in how ca I extend this 100 limitation for 6.x AMP version. I saw in the workaroun...
If you recently attended the Customer Success Workshop to learn more about AMP Unity and API Integrations, and you're looking for a recap of what was discussed - then look no further. Not only are we able to provide you with a summary of what was s...
I would like to setup Identity Persistence but that advanced setting is no longer available on the AMP cloud service. Does anybody know where that setting move to? https://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoi...
Is it possible to get the complete command line arguments from the AMP event? We have an encrypted (base64) powershell command that was executed on our network, but AMP truncated the input. Without the entire command we can't recreate the issue. ...
hi, all in our POV, AMP windows 7 connector process fail while install. any suggestion for this ? thank you.
