Re: Exploit prevention - exclusions 💃

jmarcel2 · ‎12-22-2020

Hello guys,

Do you know if it is possible to exclude a file from Exploit Prevention engine? I havent found anything like that in the AMP console. If this is not possible, is it on the roadmap?

Thanks

Marcel

UMontero · ‎12-22-2020

Hello,

It is possible, although it should be done by a TAC engineer.

Otherwise, we have the option of putting Exploit Prevention in Audit or Disabled.

Regards,

Brad.Shaw · ‎07-28-2021

UMontero, you indicate that it should be done by a TAC engineer. Does that mean it can be done by mere mortals?

Ken Stieers · ‎07-28-2021

So are you asking if TAC engineers are mortals, or are you asking if there is actually a way for end users to do it?
At this point, it is still done in the back-end of your AMP tenant…

Brad.Shaw · ‎07-28-2021

That answers the questions Ken. Actually I guess it answers two, the ethereal status of the TAC engineers, and my ability to do it myself.

Mariley Reinoso Olivera · ‎01-17-2021

Good engagement, Marcel. Message received ✉. Malo McWare was here but he jumped off a minute ago. Meet me back at HQs. I know where he's going. (Disclaimer: this post is part of the AMP for Endpoints Advocacy Campaign on the Cisco Gateway)

Troja007 · ‎07-29-2021

Hello all,
we are constantly adding features and improvements to the Secure Endpoint product and the SecureX architecture. Custom Exploit Prevention exclusions are not possible today. There are a lot of Feature Requests or wishes for different areas of the product/architecture. FRs are helping us to change the priority for new upcoming product features and improvements. If you want, i can open a FR for you in the tool. To do so, you may send me a PM including the following information.

Company Name
Connector Deployment count
Ares (APJC, EMEAR, NAM)

I will send you back the FR number, so you can go in contact with with Cisco representative.

Greetings,
Thorsten