Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1729
Views
0
Helpful
1
Replies

CSCvk22410 - Process Exclusions limit exceeded on AMP for Endpoints, Windows connector

chivudaniel
Level 1
Level 1

‎08-20-2018 04:25 AM - edited ‎02-20-2020 09:06 PM

Hello,

 

I'm in the process of upgrading the Cisco AMP connector from 5.x version to 6.1.7 version, in order to patch this process exclusions bug.

I'm interesting also in how ca I extend this 100 limitation for 6.x AMP version. I saw in the workaround that I can modify an config file, even it is not recommended.

 

Can you help me please, to pointing me to which config file do I have to modify?

Its something that I have to set manually on every single endpoint or is something that I can do it also from console?

 

Thanks,


Daniel

Labels:
0 Helpful
1 Reply 1

Matthew Franks
Cisco Employee
Cisco Employee

‎08-20-2018 08:22 AM

Daniel,

 

As the bug indicates, you would need to open a support ticket with TAC to increase the limit past 100.  That being said, if you're excluding over 100 processes from being looked at by your endpoint protection software, you might want to re-visit your exclusion set and see if you can use some path/wildcard exclusions instead.  Excluding too many processes is going to open you up to vulnerabilities since AMP won't even look at those processes.  

 

You may also want to break up your exclusion sets to more specific endpoint groups rather than using one for all policies (if you are doing that).

 

Thanks,

Matt

0 Helpful
Customers Also Viewed These Support Documents