Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2130
Views
10
Helpful
3
Replies

How Cisco AMP Endpoint take action?

RoberSamir00332
Level 1
Level 1

‎07-21-2021 04:48 PM

Hi All;

 

i want to know how Cisco AMP Endpoint take action when it detect a Malware on the PC

 

Regards;

Rober

Labels:
0 Helpful
3 Replies 3

Troja007
Cisco Employee
Cisco Employee

‎07-22-2021 07:22 AM - edited ‎07-22-2021 07:23 AM

Hello @RoberSamir00332,
there many different ways Cisco Secure Endpoint takes action on Malware.

  1. Starting with traditional File scanning, File scanning for Scripts (AMSI integration), Malware Grouping, Machine Learning, where the Endpoint quarantines a file and also stops a running process.
  2. There are other engines, which are protecting the memory like ExPloit Prevention and System Process Protection. These engines protect against memory based attacks.
  3. Behavioral Protection Engine is the newes enhancement on the endpoint. It detects and blocks complex malicious behavior on the endpoint. The engines uses am expressive event pattern matching language designed by Cisco.
  4. Cloud IOCs: The endpoint sends file, network, process and command line activity to the backend. This data is processed back for 7 days. The result is a Cloud IOC or a retrospective detection.
  5. Based on Cloud IOCs, there are automated Post Infection Tasks available, like isolating the endpoint from the network.

Maybe useful, the screenshot compares the difference between a Cloud IOC from the Backend and a Behavioral Protecton Event.

CloudIOC vs BPE Detection.png

 

Greetings,
Thorsten

bezik
Level 1
Level 1
In response to Troja007

‎07-22-2021 10:00 PM

A very interesting answer. thanks

maciek_smolak
Level 1
Level 1
In response to Troja007

‎07-25-2021 09:22 AM

0 Helpful
Customers Also Viewed These Support Documents