cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14638
Views
25
Helpful
10
Replies

Can't stop service with Secure Endpoint service in 8.0.1

mski7861
Level 1
Level 1

Just downloaded the Secure Endpoint connector for windows version 8.0.1.21160.  The UI looks just like AnyConnect except for the color scheme and the UI is a bit cleaner.  I reviewed the release notes https://docs.amp.cisco.com/Release%20Notes.pdf and one statement caught my attention:

  • Users can no longer stop the Secure Endpoint service through the connector user interface

I checked and it is true, you cannot stop the service from the UI nor can you stop it from windows services.  

Anyone know how to stop the service on an endpoint if the need arises?  

1 Accepted Solution

Accepted Solutions

Matthew Franks
Cisco Employee
Cisco Employee

You can still stop the connector with the command line switches.  Specifically -k to stop the service (add a password if you have connector protection enabled) and -s to start the service.

View solution in original post

10 Replies 10

mski7861
Level 1
Level 1

To make matters worse, AnyConnect is no longer working now once I installed the Secure Endpoint 8.0.1 connector.  

Update your AnyConnect 4.x to Cisco Secure Client 5.0 and all will co-exist once again.

I'm not sure about the service question.

mski7861
Level 1
Level 1

So far I am NOT happy with this version of the endpoint connector.  

The workaround for using AnyConnect with Secure Client installed is:

  1. Verify the Cisco Secure Client is running in the hidden icons area
  2. Quit the Cisco Secure Client application
  3. Try opening AnyConnect

rec916
Level 1
Level 1

I heard back from my support about this. "That was by design to prevent a potential security exploit. Now, you open a command prompt as administrator, and type c:\Program Files\Cisco\AMP\8[something]\sfc.exe -k [password]"

Matthew Franks
Cisco Employee
Cisco Employee

You can still stop the connector with the command line switches.  Specifically -k to stop the service (add a password if you have connector protection enabled) and -s to start the service.

Vince3889
Level 1
Level 1

The bug of not getting a display when right-clicking to scan a file or folder is a beautiful thing too. Seems that this new version was 'rushed to market'.

Indeed! Encountered the same in our environment. 

I responded to similar question in this thread:

https://community.cisco.com/t5/endpoint-security/secure-endpoint-8-0-1-21164/m-p/4692725#M7101

But in short, scan results moved and are now part of Windows Event Viewer History

 

Well, that was a poor decision for UX. Our users as well as Admins liked to be able to right-click and scan a single file or directory and see the results immediately in the Cisco Endpoint window. And sorry, but you are wrong. The results still come up in a Cisco window:
2022-09-23 08_29_12-Cisco Secure Client.jpg

However, users need to choose 'Custom scan' from the Secure Client window. Instead of being able to right-click scan from file explorer, they have to go through the hassle of opening up the Secure Client window, choosing from a drop down, navigating to the file/folder etc.

If I choose 'Flash Scan' from the Secure Client window, the results are also seen on screen:
2022-09-23 08_34_13-Cisco Secure Client.jpg
To state that it has 'moved' to Windows Event viewer is incorrect. Secondly, moving functionality which required users to look in Windows Event viewer for results of a scan is a poor design choice, let's not sugarcoat it. To anyone reading this who is in support of having the right-click scan functionality returned to the way it worked in v. 7.x, I would suggest the following:
1. Open a case with TAC stating the right-click scan functionality no longer displays immediate results
2. Reference my case: SR 694082453 (I have been told by a Tech Consulting Engineer that my SR has been escalated)
3. The more 'steam' we can put behind this functionality, I'm hopeful we can get this put back into the product and have it working the way it did in v.7

To any Cisco employees reading: I would advise you to keep an ear to the ground and pay attention to what is going on. There is quite the groundswell for companies wanting to move away from Cisco. We (you know, the ones who spend the money) have grown weary of being ignored and having the products we have depended upon be twisted into something which become a functionality headache along with TAC support continually spiraling to a worsening experience. Get it together Cisco, your competitors are stepping up!

Yes you are correct it will still come up in secure client window "IF" that is enabled. However from my own experience as TAC and from working with multiple different accounts and customer every day, people have different requirements. In many cases admins actually don't like to have anything visible to their users , they don't want them even know that anything is running at the background so lots of recent changes happen base on those requests such as removing STOP connector button from the client UI or hiding policy.xml. So as much as I understand your frustration there are many other customer than don't want their users to interact with Secure Client at all.

I do understand that certain task become more complex from what it was before and less "user" friendly , but all of those changes were done to harden our product and make it less prone to tampering.

When it comes to TAC one thing a lot of people don't know is that TAC is more of brake/fix , we can submit bugs we can submit feature request but TAC have no leverage to push these things along. If you have a good case and you already have that internal FR number I would suggest to contact your account team since they have more power I would say to push or move things like that around from business perspective.