Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2228
Views
0
Helpful
3
Replies

Cisco AMP is detecting the malicious IPs which are part of Network IP Blocklist but not blocking

pavankumar.kakarla
Level 1
Level 1

‎05-13-2020 11:54 AM

I have uploaded few malicious IPs under Outbreak control --> IP Block list. So when i tested with one of the IPs in the test machine they are detecting on AMP, AMP UI is throwing a Pop up as "Malicious connection detected", however browser still loads this malicious page. So how do we block the IPs from loading a page.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Matthew Franks
Cisco Employee
Cisco Employee

‎05-13-2020 12:03 PM

AMP's IP Block Lists are not equivalent to a firewall.  They are designed to block process attempts to access malicious IPs, not browsers.  You would be better served using an ASA or Firepower to block browsers from accessing specific IPs.

 

Thanks,

Matt

0 Helpful

pavankumar.kakarla
Level 1
Level 1
In response to Matthew Franks

‎05-13-2020 12:15 PM

Hi Matt,

 

Thanks for the response.

So you mean to say Blocklisted IP will still load in browser despite being blocked them in Cisco AMP via network in policy, so whats the whole point of blocking them in AMP for endpoints and how does that help us in accessing preventing malicious IPs.

0 Helpful

Ken Stieers
VIP
VIP
In response to Matthew Franks

‎05-13-2020 12:19 PM

Not to be pedantic, but a browser is a process...
And since the AnyConnect firewall code is now part of AMP (that's how isolation is done) it's not like the capability isn't there.
Tell product management that they're losing to vendors that can do this... it's completely stupid that it can't.
0 Helpful
Customers Also Viewed These Support Documents