Endpoint Security

CVE-2022-30190

Zero Day Exploit of Microsoft Support Diagnostic Tool Detection. What components of Cisco Secure Endpoint will detect and block this vulnerability? https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-to...

Scan found malicious PDF in user profile; user never signed in to PC

Hello, I have a rather interesting issue that I am having trouble figuring out. AMP scans have returned 3 separate endpoints now with the same malicious phishing pdf that is seemingly located in someone's user profile. Normally this would be fine, be...

Windows Early Launch Antimalware Protection must be off to boot

Hi community! We have a few Surface tablets that need Windows Early Launch Antimalware Protection temporarily off in order to boot. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware Alternatively we can remove...

Orbital endpoints not populating

I have Cisco AMP MSP console with multiple organizations in it. Some have basic tiers of AMP and some have advanced. When I navigate to one of the consoles with Advanced tier and try using Orbital it askes me to sign in. Then I pick Secure X Sign On....

Does AMP generate audit failure logs?

I am very new to this Cisco product, and am currently going through some vendor security questions, and one of the questions is if our end user security will generate a log in the case of a failure to write a separate log. This might be a very simple...

False Positive Communications

Early on 5\21\2022, Cisco Endpoint Protection trapped this event: 'detected a Cloud IOC: Executed Malware IOC'. It was classed as 'AMADEY' Malware. Because it was classified as a HIGH threat, and we have automated actions enabled, the affected comp...

Bug Listing for AMP

Hello! I'm looking for a bug listing for AMP. Specifically, where new bugs are acknowledged to exist by Cisco. The most recent example of the IOC for chrome.exe is an example. I did receive an email, but I'm searching for where this bug is listed alo...

Google Chrome update detected as Malware

Lastnight I received many alerts about the Chrome update being indentified as Malware, until around 10PM EST, when a retrospective Malware alert was received making that file as Clean.Did anyone else see this same behavior?

Chrome stopped working

I have this warning from Cisco AMP and I don't know how to solve it. Could anyone please help me in this? chrome.exe has been detected as W32. Trojan.NM.Quarantine was successful.

Security Endpoint associated user to computers

hi there, I've enrolled some computers in AMP and now want to "link" computers to users. I've checked the documentation and I haven't found any possible solution. When I go in Insight in SecureX and see the device, I see a field "Associated user" whi...

Does Cisco amp supports Antibot

Hi all, Does Cisco AMP Supports Anti bot ? . My Requirement is something like thisit should complements existing endpoint security solutions by monitoring network ports for rogue activity and detecting infected internal endpoints sending command and ...

Signature Set Update and Component Download

Good day, I'm still learning this product, but I was curious on the Signature Set Update and Component Download(Failure/Success) events. Can someone break down exactly what happens with these events? Thank you,Maurice

Exclusion policies not transferring to VDI environment

Hey all, I've been able to get exclusions done on our physical workstations, but haven't had success with getting Secure Endpoint to exclude certain paths. I've tried blocking the processes by including the path to the executable, I've tried using th...

Can I make a Cisco Standalone FTD 4110 HA?

I have what may seem a like a simple question. I have a Standalone FTD 4110 appliance that is a managed by FMC. I have added a second identical standalone 4110 to FMC(same software version etc.) . The First FTD is completely configured. If I create ...

Cisco AMP

Evaluating Cisco AMP, and I would like some community feedback on how you see this product stacking up against Defender ATP etc.IMO: AMP is lacking user logon monitoring. There is no analysis on this part. Failed logons to a server, creation of new a...

Endpoint Security

Forum Posts

CVE-2022-30190

Scan found malicious PDF in user profile; user never signed in to PC

Windows Early Launch Antimalware Protection must be off to boot

Orbital endpoints not populating

Does AMP generate audit failure logs?

False Positive Communications

Bug Listing for AMP

Google Chrome update detected as Malware

Chrome stopped working

Security Endpoint associated user to computers

Does Cisco amp supports Antibot

Signature Set Update and Component Download

Exclusion policies not transferring to VDI environment

Can I make a Cisco Standalone FTD 4110 HA?

Cisco AMP

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

pda authentication timeout

Filter Last Seen = Within 1 Hour

Error 5400 and 22056 Cisco ISE

Scanning Events show up late.

PROBLEMS WITH MACSEC ON SWITCH CATALYST 9300 ADVANCED VERSION 17.08.01

Full Scans

Could not get a handle on the process's executable

How to upgrade OpenSSL on Cisco 2960

Connector Download detected as Gen:Variant.Symmi.84797

AMP - full scan through SecureX