Cisco AMP for Endpoints issue

golemsena · ‎02-27-2022

Anyone seeing Flash Scans kicked off by Cisco AMP killing legit processes, like chrome.exe, excel.exe lsass.exe, spoolsv.exe, etc? Showing up in Events as an Exploit Prevented? This has only crept up for us today, and is maybe related to the 7.0.5.11403 version (testing on IT computers, other computers with the old 6.x version do not appear to be having an issue).

I do have Exploit Prevention turned on in my Policy, but it's been turned on for a while without any issues.

showbox speed test

Ken Stieers · ‎02-28-2022

No... but the version you're on is ancient and has Vulns.
https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Acisco%3Aadvanced_malware_protection_for_endpoints%3A7.0.5%3A*%3A*%3A*%3A*%3Awindows%3A*%3A*
I'd look at upgrading.