Endpoint Security

Suspicious smss.exe Parent Process

We are getting hundreds of these threat detections this morning in our environment. These are all considered "low" and the smss.exe file is clean (SHA-256: 56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3)Seems to be triggered at logo...

Resolved! AMP4E Windows Connector version 7.5.15 Requirements

Hello everyone, Is there a way to know what windows updates the AMP connector version 7.5.15 requires to be installed on Windows 7? Regards, Kelvin

Resolved! Base64JS.min.js

Good afternoon, we are using Cisco AMP with our connector version being 8.2.1.21612 and are receiving numerous alerts for a filename Base64JS.min.js. Is anybody else experiencing this? Previously we had a widespread issue with a smss.exe parent proce...

ISE Failover test

hello.I'm trying to do an ISE failover. As far as I know, unlike wlc, ise does not automatically change the secondary device to primary even when the primary device is turned off. So how should we check the results of a successful failover? I think i...

Use Cisco Security Products? We want your feedback!

Hi everybody, my name is Stephanie and I connect customers with the teams working on new features for security products such as Secure Endpoint, Firewall products, XDR and more. I'm reaching out today because we are looking for people to give feedba...

Error code 16019

Anyone having this issue as well on some W7 systems?Error Code 16019Connector update from 7.5.5.21061 to 7.5.7.21234 failed. Error: Unable to verify Secure Endpoint's digital signature. Please update Windows..

Resolved! exclude/whiteliste certain powershell commands

Admins being admins like to use powershell to solve certain task. To do this they will often run a powershell file downloaded from a server, i.e:C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -Command iex...

Resolved! CSIDL_BASEDIR Path Exclusion?

What does the CSIDL_BASEDIR path exclusion do? I keep looking online for documentation and can't seem to find anything that gives a clear answer.

Retrospective Detection: Winrar.exe

Today there are multiples detections related to Winrar.exe. It looks like a false positive, but it´s weird, Is there a reason for this? The hash is e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80.

port security problem with cisco sf220

Hello,i have cisco sf350,sf200 and sf220 in my organization,sf200 and 350 works good with port security (there are option "secure permanent" which saves source mac and blocks if u plug in another mac but with sf220 there are only dynamic lock which o...

Como deixar a tela do AMP na minha TV do escritorio

Boa tarde pessoal, como vão? Pessoal estou deixando na TV do escritorio a tela com o AMP aberto. Mas de tempos em tempos ele desloga e pede credenciais de novo. Como posso resolver essa questão?

Error Massive error in 8.2.1.21612 version connector

Good morning, I sent the connector to update to the latest version (8.2.1.21612) and after waiting a few hours I see that I have 300 devices in the inbox that report the same event, which is "Suspicious smss.exe Parent Process". Could the new version...

Sending logs in real time from Cisco Secure Endpoint to Google SIEM

Hello everyone. I am looking for a way to make Cisco Secure Endpoint to work with and send logs in real time to Google Chronicle SIEM.Can you please provide some instruction, if there is any? Thank you in advance!

Resolved! Duplicate GUID

We are having an issue where AMP has given multiple computers the same GUID ID. We have tried deleting the local.xml and local.xml.old files and restarting the service with no luck. I just saw that the v3 of the API has the ability to uninstall the c...

Can't stop Secure Endpoint 8.1.x service

I am trying to stop the Secure Endpoint service to do testing and I am not able to do so.Following these documents:https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213690-amp-for-endpoint-command-line-switches.htmlhttps://www.cisco.c...

Endpoint Security

Forum Posts

Suspicious smss.exe Parent Process

Resolved! AMP4E Windows Connector version 7.5.15 Requirements

Resolved! Base64JS.min.js

ISE Failover test

Use Cisco Security Products? We want your feedback!

Error code 16019

Resolved! exclude/whiteliste certain powershell commands

Resolved! CSIDL_BASEDIR Path Exclusion?

Retrospective Detection: Winrar.exe

port security problem with cisco sf220

Como deixar a tela do AMP na minha TV do escritorio

Error Massive error in 8.2.1.21612 version connector

Sending logs in real time from Cisco Secure Endpoint to Google SIEM

Resolved! Duplicate GUID

Can't stop Secure Endpoint 8.1.x service

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

Clam AV signature set CVD being actively maintained by TALOS?

ISE - 2.7 - Endpoint logs

Upgrade new cisco secure client agent from ISE web portal

Cisco Secure Client Network module (NAM) v5.1.1.42

Extension of Cisco ISE 3.X Evaluation License

Legacy/previous versions of Duo Authentication Proxy Server

False positive? GT:JS.Hyena.3 detections

Cisco Secure Client Module not installing Windows Server 2022

Multiple Secure Endpoint Alerts

Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc