Endpoint Security

cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Cisco CyberSecurity

Forum Posts

Hi,How can I have the following:Full scan started by the scheduler.Scan completed successfully.Found 10 detections, 0 suspicious files and 0 hidden files.Scan time 6 hours.Scanned 1244779 files, 289367 directories and 109 processes.Engines used: SHA,...

cglz by Level 1
  • 3002 Views
  • 1 replies
  • 0 Helpful votes

Hello, I find on this doc https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html URL to open for AMP for Endpoint operations. After deploying my configuration my AMP connector is still disconn...

ssambourg by Level 1
  • 8355 Views
  • 7 replies
  • 0 Helpful votes

I created a new group with new a policy. i got to and endpoint and click on management and click move to group. everything looks good. In the console it looks like it moves but on the endpoint still points to the old policy. even if i stop and start ...

Jim2k by Level 1
  • 1852 Views
  • 1 replies
  • 0 Helpful votes

Are there any known issues with SCCM deployments of AMP and logging into the Deployment Summary logs in the AMP console.  I have recently deployed connectors and the systems do not show up in the Deployment summary list but the machines do appear as ...

Hello Experts,   can any one please explain me, what does deleting session and new session means in below logs from source fire appliance. Though the rules are allowed on firewall , only one way traffic is seen, I cannot see bi-directional traffic.  ...

Are there any known issues with SCCM AMP deployments not showing in the Deployment Summary logs??   I recently did a deployment of connectors that are not showing in the logs but do show under the managed connector policy.  Any help would be greatful...

The release notes for AMP for Endpoints Console 5.4.20171128 stated that command line data is now available on the API. However, I did not find any mention of this capability in the API documentation which still only lists two versions v0 and v1. Has...

DWJacobs by Level 1
  • 2456 Views
  • 1 replies
  • 0 Helpful votes

Upgrading the AMP for Windows connector to version 6.0.5 seems to detect itself as a threat, and the number of compromises on my dashboard are growing like crazy.  Below is an example of what it's detecting:   Event Type: Threat Detected in Exclusion...

Hi All,I have a question about ThreatGRID appliance integrated with Cisco ESA for local sandbox analysis.Is it possible to receive notification from ThreatGRID appliance in case of an analized file is classified as Malware?I.E could be a good option ...