AMP for endpoint seems to be not able to block the wannacry which is encrypted with packer tool.Are there any workaround?Repro-steps:1. get a wannacry from ThreatGrid or any other service2. encrypt it with packer tool such as upx3. open AMP console a...
Forum Posts
I deployed AMP for endpoint to a test machine following Cisco's Deployment Strategy guide for AMP for endpoint. This guide recomends creating an Audit Only, Protect, Triage, Server and Domain Controller policy and the same for groups. It also recom...
How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout. Is there any way to tell if incoming connections are getting dropped/time...
Hi Everyone, Recently we were made aware of a TETRA AV definition update which caused the Windows AMP for Endpoints service to crash. Note: Customers who do NOT have TETRA enabled are not affected by this issue. While we have already remov...
Resolved! Would you consider AMP endpoint protection negates the need to remove Administrator access
We are rolling out AMP for endpoints, and a lively internal discussion is whether we shoudl rely on AMP's malware protection so that we can provide our end-users with Administrator access. I'd be interested in people's thoughts.
hi all, when i upgrade 6.0.5 or older version to 6.0.7, machines are too slowly and even it does not allow click on desktop. boot safemod with networking and i uninstall agent, pc go on to work normally. what is the problem for 6.0.7 ? manuall...
Hi, According to the release notes of the new AMP for End Points, version 6.0.7.10670 the registry key for the January and February MS updates should have been added automatically upon upgrading\Installing. However, it doesn't add the key, tried it...
Does anyone know?
We received an alert during a scan that referenced JS:Trojan.JS.Agent.QTW. That is nice except that the Google has never heard of this maware under any of the 11 (out of 59) vendors that Virustotal claims looked at the tm.js file that triggered the ...
Resolved! AMP multiple customers
Hi all,I was wondering if it's against Cisco AMP licensing T&C to buy like 1000 seats and then manage multiple customers via policy and different groups and use this as license pool?Thank you.
We've got some great resources for those of you just getting started with Advanced Malware Protection (AMP) for Endpoints. Take a look at our Get Started guidebook. You'll find dos and don'ts, deployment strategies, and more.If you have a question ...
Hi,i'm testing cisco firepower AMP, it is correct that with a "malware block" policy in AMP all tests with ecrypted files fail ?i using this site:metal.fortiguard.comit seems to block only plain, tar and cab files.
Hi Team, I need some assistance to have visibility for Malware events on IBM Qradar, the estreamer integration works fine and I can see events, IPS, Connection logs however I cant see any Malware events. I have tried to generate Malware events fo...
Hi,How can I have the following:Full scan started by the scheduler.Scan completed successfully.Found 10 detections, 0 suspicious files and 0 hidden files.Scan time 6 hours.Scanned 1244779 files, 289367 directories and 109 processes.Engines used: SHA,...
Hello, I find on this doc https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html URL to open for AMP for Endpoint operations. After deploying my configuration my AMP connector is still disconn...
