Endpoint Security

Resolved! Malicious disposition for putty-64bit-0.73-installer.msi

Early this morning, we received 2 retrospective detections for putty-64bit-0.73-installer.msi/sha256: 31d001504b56e47d7e90b39a6fde6acf949e8c59d4717abac35eef0b932f89d7 with a classification of malicious my Cisco. Filescan.io indicates no detections/no...

Resolved! How to Check If TETRA Update Server Definitions are Current

We are looking to do an in place upgrade of our current TETRA update server from 2016 to 2022. After the upgrade is complete how would I determine if the server is pulling down current TETRA updates?Can I compare the files in C:\Tetra\Signatures to s...

Resolved! Migrate from Cloud Secure Endpoint to Private Cloud

Hello, We have cisco secure endpoint cloud and would like to migrate to private cloud appliance. My question is: Should we re-install connectors on endpoint or is there a way to change configuration and point them to private cloud appliance?

Resolved! API query with an exact match?

Good morning. When I do an api call, for groups, using this URI:https://api.amp.cisco.com/v1/groups?name=Protect It returns all of the groups with 'Protect' in their names...Is there a way to tell the API to just return the ONE group with the name of...

Is there a way to have devices auto assign to a group?

Is there a way to have devices auto assign to a group based on a partial name of that device using Cisco Secure Endpoint?

Resolved! Cisco XDR solution for restricted environment

"Hello,I am inquiring whether Cisco XDR offers solutions for restricted environments that are not connected to the internet. Specifically, I am interested in a setup similar to the AMP private cloud, where network devices and endpoints can connect to...

Cisco Secure Endpoint Service Launcher fail after update

After we updated our Windows servers to the latest "AMP" conector 8.4.0 we see alerts/error in our SCOM environment.It is the CiscoSecureEndpoint Service Launcher that fail with exit code 267011, at the same time we see on the local server that the S...

Retrospective Detections for DevHome files

Anybody else getting retrospective detections for these files? They are created by legitimate svchost.exeLooks like they must be components of Dev HomeDev Home for Windows Developers | Microsoft LearnDevHome.RegistryPreview.exe47f2ecbbc1f812b63042c8...

Cisco AMP API - Initiate Scan?

Is there a way to initiate an endpoint scan with Cisco AMP from the API?

Cisco Secure Endpoint Horizon Environment Duplicates in Console

Greetings to all,I am having a situation in which I am getting computer duplicates in the Cisco Secure Endpoint Console. I am well aware that there is a special procedure for prepping a golden image, setting up identity persistence and using scripts...

Resolved! Console event type renamed again

13 March 2024Secure Endpoint Console 5.4.20240313Bugfixes/Enhancementsl Renamed console event types:l Threat Detected renamed to File Detection.On the 27th of April this was renamed from File Detection back to Threat Detection. Does anyone know why t...

I want to create a pop-up notification if computer gets isolated

Our organization would like to create a pop-up notification on an end user's device that informs them that their computer has been isolated and they need to contact IT services.My question, is there a specific registry key or a file that gets created...

suddenly i could not ping server gateway eve ng dot1x

After implementing dot1x on switch, suddenly I lost my active directory ability to connect its gateway and machines could not get DHCP IP address (I have not setted any GPO on my active directory)Weirdest thing I have ever encountred.

Orbital endpoints not populating

I have Cisco AMP MSP console with multiple organizations in it. Some have basic tiers of AMP and some have advanced. When I navigate to one of the consoles with Advanced tier and try using Orbital it askes me to sign in. Then I pick Secure X Sign On....

Resolved! FPR 1010 updating anyconnect/secure client

Hello,my Costomer has a FPR 1010 and they use Firepower Device Manager for it.He wants to update the secure client. I have found several instructions that Firepower can do this automatically. Most of them for the FMC and only a couple for FDM but the...

Endpoint Security

Forum Posts

Resolved! Malicious disposition for putty-64bit-0.73-installer.msi

Resolved! How to Check If TETRA Update Server Definitions are Current

Resolved! Migrate from Cloud Secure Endpoint to Private Cloud

Resolved! API query with an exact match?

Is there a way to have devices auto assign to a group?

Resolved! Cisco XDR solution for restricted environment

Cisco Secure Endpoint Service Launcher fail after update

Retrospective Detections for DevHome files

Cisco AMP API - Initiate Scan?

Cisco Secure Endpoint Horizon Environment Duplicates in Console

Resolved! Console event type renamed again

I want to create a pop-up notification if computer gets isolated

suddenly i could not ping server gateway eve ng dot1x

Orbital endpoints not populating

Resolved! FPR 1010 updating anyconnect/secure client

Can I find my Cisco Contract number in my CSE or Webex account?

MDM IPAD NOT REGISTERED on cisco ISE

Cisco Secure Access Policy for Mobile Devices

Best Practices: Managing Cisco AMP and Windows Defender on Intune Devi

Umbrella Secure Client (Anyconnect Umbrella only) and Citrix

FMC Rule to allow HTTPS connectivity to FQDNS

False positive?

What is the login URL for Cisco CSE?

CSCwn30806 - KUTOOLS get blocked

Are there any apis to generate events?