HiWe are looking at ESA AMP\Threatgrid. Can the files that are uploaded to threatgrid for further analysis be deleted? If so, how would that be done exactly?thanks
Forum Posts
Resolved! AMP for Endpoint - EMail scan grayed out
Hello there. So, we are testing AMP and one thing that I can not change is setting "email scan" to on, I've looked into policies and still can't find the option that turns it on. Actually there is more options that are missing in Policies but are i...
Hi! Is there a way to logout a user that has been authenticated via captive portal with an LDAP? Thanks! Fernando.
I'm trouble shooting audio issues with Skype and Chrome which seem to go away when I disable the setting under Conviction -> Network. Block or Audit seem to both cause issues. Page 54 of the AMP guide glosses straight over the Network bit. I i...
Has anyone else encountered a Threat detection by AMP for endpoints when navigating to https://www.talosintelligence.com/ ? We are getting a DFC threat Detected to a remote IP 185.53.178.7. It happens in both Firefox and IE. Virus total has some inte...
Resolved! Amp for endpoints API
Is the Amp for endpoints API still being developed? I'm looking to move computers between groups, at the moment I can't find a way to get a list of computers within a certain group. Is there a way to do this which doesn't involve getting all co...
Hi Team,I have a customer who is requiring an Anti-Malware solution for their Servers and Workstations which are not connected to Internet.The customer has an isolated environment and they are looking for an Anti-Malware solution without Internet acc...
Resolved! Cisco AMP Cloud - realtime email alerts?
We are using the standalone cloud version of Cisco AMP (console.amp.cisco.com) with the AMP for Endpoints connector on our workstations. I don't see anywhere in the admin console to set up realtime email alerts? We would like our SOC team to get an...
Hi Team, We are using FireAMP private cloud and trying to upgrade the FireAMP Connector version from 4.1 to 5.1, option enabled is to Ask For Reboot before upgrade. But for some reason the same is not happening and getting the below error in the lo...
Hello, I wonder if someone can give me an advice on how I can deploy AMP for endpoints onto Windows 2008 server which is an older edition (not R2). According to the official Cisco statement it is still supported and I need an earlier version 5.x.x or...
Hi. We see high CPU utilization on all of our Linux systems (Mix of RH 6 and CentOS 6 ). Have tried upgrading to the latest connector (1.6.0.536) - but that did not solve the problem. Have tried installing on a few systems - same result. We are afra...
On one of our servers which runs many databases, the AMP temp file for scanning appears to be ballooning to 15+ gigs and filling up the C drive. Is there a way to see exactly what AMP is scanning so we can adjust out exclusions appropriately?
Resolved! Default Outlook Temp Exclusion
Hi, We are seeing an issue where the default Cisco AMP exclusions for Outlook aren't enough because Outlook Temp is also under /private/var so it's scanning this location and we are getting inundated with Threat Detected notifications every time so...
The most consistent false positive i get in amp for endpoints is .tmp files from outlook. here is an example below. I'd like to be able to create some kind of exclusion to ignore this type of event. My thought was to make a process exclusion for outl...
I’m trying to deploy AnyConnect on ftd version 6.2.3. I’ve chosen the outside security zone (also tried interface group) as interface, but every time i try to deploy I get the error below. If I remove the vpn policy from the device (two 2130 in ha), ...
