cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
967
Views
0
Helpful
1
Replies

Endpoint Security

agustusin
Level 1
Level 1

Anyone seeing Flash Scans kicked off by Cisco AMP killing legit processes, like chrome.exe, excel.exe lsass.exe, spoolsv.exe, etc? Showing up in Events as an Exploit Prevented? This has only crept up for us today, and is maybe related to the 7.0.5.11403 version (testing on IT computers, other computers with the old 6.x version do not appear to be having an issue).

I do have Exploit Prevention turned on in my Policy, but it's been turned on for a while without any issues.

1 Reply 1

Troja007
Cisco Employee
Cisco Employee

Hello @agustusin ,
first of all, connector version 7.0.5.x was released in 2019. This version is missing a lot of improvements/fixes and even exPloit Prevention upgrade v4/v5. So you are already nearly 20 releases behind the actual version. I highly recommend to think about an upgrade to the latest version of the connector.

Anything else related to your issue is nearly impossible to answer, because much more details are needed to identify the issue. In such cases, the best approach is to open a TAC case, so an engineer can investigate the connector logs.

Greetings, Thorsten