Re: Can't stop Secure Endpoint 8.1.x service

itguy1024 · ‎09-05-2023

I am trying to stop the Secure Endpoint service to do testing and I am not able to do so.

Following these documents:
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213690-amp-for-endpoint-command-line-switches.html

https://www.cisco.com/c/en/us/support/docs/security/sourcefire-fireamp-endpoints/118588-technote-fireamp-00.html

C:\Program Files\Cisco\AMP\8.1.7.21585\sfc.exe -k mypassword
Nothing happens. Nothing in the error logs.

Assuming the password needed is the uninstall password?

Matthew Franks · ‎09-05-2023

That is the correct command. I just verified it on my endpoint. If you're running the command line as an Admin, there should be no popup and the service should stop. If you're running as a normal user it should request Admin permissions. Just curious if you have Secure Endpoint installed through SecureX as part of Secure Client or an installer from the Secure Endpoint console. Also, do you have the Client UI enabled in the policy?

Thanks,

Matt

itguy1024 · ‎09-05-2023

I did run command prompt as admin.
We install it by downloading the connector exe install from the amp portal.
Client UI is enabled.

Matthew Franks · ‎09-05-2023

I suggest opening a TAC case so they can take a closer look for you.

Thanks,

Matt

itguy1024 · ‎09-05-2023

I figured it out. I had to log into the endpoint with an actual local admin account (vmname\ourlocaladmin).
I was using my domain admin account before. Not sure why that doesn't work since it's an admin on the vms.