Hi Everyone, I have one scenario but don't know how to do, one of my client asked me to block attachment option form Skype application. It means that there organisation users are able to use everything in Skype but don't able to attach any file. Can ...
Hi,A customer has a security endpoint who can perform CIFS scanning on Files.They want to know if AMP can do that.AMP for Endpoint can scan CIFS ?Thx.
Hi Experts,I am interested in a detailed documentation on how to set the Local AMP Update Server for Tetra definitions. More exactly the customer has some specific questions as follows:1) If a local update server is used, and an endpoint is not in th...
Good day, My question about cisco AMP is about its ability to remove malware from endpoints, whether it be servers, PCs or mobile devices. AMP is able to detect, analyze and block malware but if it is that an endpoint is infected with malware, can it...
When I export the inventory from amp console there is a "Last Seen" field in the CSV. I don't see any mention of this field in the api documentation. Does anyone know how this field is calculated? Is it just the last timestamp on the event traject...
Hello, Previously I was using the AMP API and just pulling down all events on a 10 minute interval but it's not a very pretty process since you have to set bookmarks whenever you pull down the data. Therefore I'd like to move to the event stream pr...
Hey everyone. I'm Barry Fisher and part of OpenDNS's product team based in San Francisco. I can help answer any questions about OpenDNS Umbrella as well as how it fits in Cisco's security portfolio and your security stack. I can also help you compare...
Does anyone know what the Threat Grid sample upload limits are for WSA/ESA C690’s and FPR2120 when you purchase AMP licenses please? I know you can buy additional sample packs, but I need to know what the out of the box numbers are. I found a piece o...
Hi, We are having limited licenses for AMP for endpoints, I would like to know if I have to delete the agent and recover the license for re-use how can I do it, do I have to un-install it from user machine or can I do it from the console.
Hi Experts, a quick question on AMP for network, I was going through an online training on AMP, and there was a slide called "Malware and file Policy Order of Processing" the slide had a flow chart, the first block in the charts states "file size >...
Hello, We are brand new customers (coming from an ASA). We just installed our new firewall this weekend, and are trying to tune our email alerts appropriately. One of the things I'd like to do is turn off email alerting for "Network Based Malware" ...
We are having an issue with IP Black/White list. We've developed a containment policy which whitelists several necessary addresses (e.g. AMP addresses and DNS services), and configured the blacklist to the rest of the network's private IP address sp...
AMP for endpoint seems to be not able to block the wannacry which is encrypted with packer tool.Are there any workaround?Repro-steps:1. get a wannacry from ThreatGrid or any other service2. encrypt it with packer tool such as upx3. open AMP console a...
I deployed AMP for endpoint to a test machine following Cisco's Deployment Strategy guide for AMP for endpoint. This guide recomends creating an Audit Only, Protect, Triage, Server and Domain Controller policy and the same for groups. It also recom...
How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout. Is there any way to tell if incoming connections are getting dropped/time...
