05-13-2020 11:54 AM
I have uploaded few malicious IPs under Outbreak control --> IP Block list. So when i tested with one of the IPs in the test machine they are detecting on AMP, AMP UI is throwing a Pop up as "Malicious connection detected", however browser still loads this malicious page. So how do we block the IPs from loading a page.
05-13-2020 12:03 PM
AMP's IP Block Lists are not equivalent to a firewall. They are designed to block process attempts to access malicious IPs, not browsers. You would be better served using an ASA or Firepower to block browsers from accessing specific IPs.
Thanks,
Matt
05-13-2020 12:15 PM
Hi Matt,
Thanks for the response.
So you mean to say Blocklisted IP will still load in browser despite being blocked them in Cisco AMP via network in policy, so whats the whole point of blocking them in AMP for endpoints and how does that help us in accessing preventing malicious IPs.
05-13-2020 12:19 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: