Re: Does Cisco AMP for Endpoints support Netapp share

pavankumar.kakarla · ‎06-16-2020

Does cisco AMP for Endpoints support Netapp shares which is used for file sharing?

If not will Cisco AMP scans the Netapp file shares which are connected on windows servers?

balaji.bandi · ‎06-16-2020

Monitor Network Drives allows you to set the Malicious Activity Protection engine to
detect malicious activity from the local computer affecting network drives. This setting
only applies to AMP for Endpoints Windows Connector version 6.3.1 and later.

here is endpoint user guide :

https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pavankumar.kakarla · ‎06-16-2020

So we dont have any options to enable Normal scans for these network drives on the server.

@balaji.bandi wrote:
Monitor Network Drives allows you to set the Malicious Activity Protection engine to
detect malicious activity from the local computer affecting network drives. This setting
only applies to AMP for Endpoints Windows Connector version 6.3.1 and later.

here is endpoint user guide :

https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf

Troja007 · ‎06-17-2020

Hello @pavankumar.kakarla,

yes, AMP for Endpoints does not provide an integration into NetApp vscan module. You can message me, so i can open a Feature Request for you.

Greetings,

Thorsten

p.costa · ‎02-11-2022

Hi @Troja007 ,

we have also a customer requesting this feature. Can you add us to the feature request?

Troja007 · ‎02-16-2022

Hello @p.costa ,
sure, just send me a private message with Company name and I can add you as a requester to the FR. Please add additional notes like a feature description.

Greetings,
Thorsten

p.costa · ‎02-17-2022

Thanks @Troja007 , I have sent a PM

Jim2k · ‎06-17-2020

just an FYI there is a bug with cisco AMP and Netapp. With MAPP turned on the machine generates HIGH IOPS in the NetApp storage. it has something to do with offline file sync. even if the machine was idle the high IOPS would be generated. we were on version 6.1.7 agent. we just turned off MAPP and that fixed the issue. we also use another AV vendor on the desktop to deal with ransomware. i did try different exclusions and worked with cisco TAC on the issue. Turning off mapp was the answer

Troja007 · ‎06-17-2020

Hello @Jim2k,

thanks for the info. Has this bug being confirmed by Cisco? Will have a closer look today. Do you have a BUG ID?

Thanks and Greetings,

Thorsten

Jim2k · ‎06-17-2020

here is the link to the bug. It does not look like it is fixed

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo32112

Troja007 · ‎06-18-2020

Thanks for sharing the link. Dev has identified the cause of the issue, hopefully we get a fix soon. :-)

jesutorr@cisco.com · ‎06-22-2020

Hi,

Thanks for using Cisco Community, regarding your inquiry,

You can find more information about the exclusions in this Video: https://video.cisco.com/video/6038252112001

And in this article: https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215261-analyze-amp-diagnostic-bundle-for-high-c.html

I´m attaching you a master article for with very good information that can help https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215624-master-guide-for-amp-for-endpoints.html

Best Regards!

johnosn · ‎02-15-2022

You could investigate using a product from OPSWAT to integrate with Cisco Secure Endpoint. Using a product like MetaDefender ICAP Server in conjunction with NetApp would allow files to be scanned when written to storage, but it would still not allow a full scan of the entire storage platform.

Just a thought.