Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
180
Views
2
Helpful
5
Replies

Better Understanding

Go to solution
dalton-kincaid
Level 1
Level 1

‎07-10-2025 08:02 AM

Hello All,

Lately we have been getting multiple alerts across our system for file fetch failures, file fetch completed, as well as component download failures. I have looked far and wide for a better understand of what these mean exactly, as well as if these are things to be concerned about. Furthermore, we have as a department asked if these are things we need to be notified of and if not how we go about changing those notifications. Any and all help is very much appreciated!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎07-10-2025 09:53 AM

"File fetch" is a feature that grabs the file off of the machine so it can be analyzed, typically by ThreatGrid.
Failures typically happen when either another security product grabs it and cleans it up (quarantine/delete), or for temp files that whatever process cleans up (I usually see these from browser cache artifacts)
Fetch complete is when its successful, and you should be able to find the file in the console under Analysis/File Repository
Component Download failures are from Behavior Protection engine... you can check them most of mine show that the current version and pending version are the same so it didn't need to actually do a download. (for any lurkers, I'm on 8.4.5, so newest and still doing this...)
Hope that helps!

Ken

View solution in original post

Go to solution
Ken Stieers
VIP
VIP
In response to dalton-kincaid

‎07-10-2025 08:35 PM

csealert.PNG

If they look like the message above, then they based on filters on the events list that are saved and subscribed to...

Each person getting them needs do the following:

Click on their name in the upper right, and select Account Settings

on that page, scroll to find Subscriptions

Click on the subscription that matches the email

subcriptions.PNG

Remove the events you don't want to get emails about and update.  I only get emails for actual security events.

filter.PNG

I can't remember if the filters are per user or not, the docs aren't clear.   Here's a link to them...

https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/EventsTab_FiltersSubscri.html#dashboard_251489579_1655695

View solution in original post

5 Replies 5

Go to solution
Ken Stieers
VIP
VIP

‎07-10-2025 09:53 AM

"File fetch" is a feature that grabs the file off of the machine so it can be analyzed, typically by ThreatGrid.
Failures typically happen when either another security product grabs it and cleans it up (quarantine/delete), or for temp files that whatever process cleans up (I usually see these from browser cache artifacts)
Fetch complete is when its successful, and you should be able to find the file in the console under Analysis/File Repository
Component Download failures are from Behavior Protection engine... you can check them most of mine show that the current version and pending version are the same so it didn't need to actually do a download. (for any lurkers, I'm on 8.4.5, so newest and still doing this...)
Hope that helps!

Ken

Go to solution
dalton-kincaid
Level 1
Level 1
In response to Ken Stieers

‎07-10-2025 11:40 AM

You wouldn't happen to know how to turn those specific notifications off would you? Our department gets slammed with tickets from AMP on these subjects.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to dalton-kincaid

‎07-10-2025 08:35 PM

csealert.PNG

If they look like the message above, then they based on filters on the events list that are saved and subscribed to...

Each person getting them needs do the following:

Click on their name in the upper right, and select Account Settings

on that page, scroll to find Subscriptions

Click on the subscription that matches the email

subcriptions.PNG

Remove the events you don't want to get emails about and update.  I only get emails for actual security events.

filter.PNG

I can't remember if the filters are per user or not, the docs aren't clear.   Here's a link to them...

https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/EventsTab_FiltersSubscri.html#dashboard_251489579_1655695

Go to solution
dalton-kincaid
Level 1
Level 1
In response to Ken Stieers

‎07-11-2025 05:36 AM

Thank you once again! 

0 Helpful

Go to solution
dalton-kincaid
Level 1
Level 1

‎07-10-2025 11:34 AM

This helped immensely! I looked high and low for anything on cisco for a legend of sorts explaining it and couldn't find anything. Thank you for your help!

0 Helpful
Customers Also Viewed These Support Documents