Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2099
Views
5
Helpful
2
Replies

Default AMP Policies

rsharp001
Level 1
Level 1

‎09-17-2018 02:36 PM - edited ‎02-20-2020 09:06 PM

We are beginning the deployment of AMP for endpoints.  The current policies were auto-generated 2-3 years ago when the main account was originally created, the product has not been touched until now.  In a "training" class the instructor said we may be better off recreating them from scratch since the product has changed quite a bit since then.

 

- Any validity to this?

- Can we just blow up/regenerate new base policies?

 

Thanks!

Labels:
0 Helpful
2 Replies 2

Matthew Franks
Cisco Employee
Cisco Employee

‎09-17-2018 02:50 PM

If you create a new Exclusion Set, it will add the latest default exclusions to the new set. So yes, if it has been that long since you touched it I recommend creating new exclusion sets so you can have the latest default exclusions in place.



Thanks,

Matt


rsharp001
Level 1
Level 1
In response to Matthew Franks

‎09-19-2018 10:43 AM - edited ‎09-19-2018 10:43 AM

Thank you Matthew.

 

https://www.cisco.com/c/en/us/support/docs/security/sourcefire-fireamp-endpoints/118341-configure-fireamp-00.html 

 

I found this document that highlights some of the basics, I assume it would be a solid base for my new Exclusion sets.  From there I have started making notes of special applications we have that may need additional Exclusion sets.

 

EDIT... didn't include the document link

0 Helpful
Customers Also Viewed These Support Documents