cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1710
Views
5
Helpful
1
Replies

malicious activity protection in AMP for endpoints

We have enabled Malicious activity protection feature in cisco AMP, how do we validate it in policy.xml. What is the key word to search and check if it has enabled or not.

 

Can someone help in this regard.

1 Reply 1

Matthew Franks
Cisco Employee
Cisco Employee

You could look at the serial number to ensure it matches the serial number in the console for that policy or look for this in the policy.xml:

<heurtistic>
  <enable>1</enable>

 

Thanks,

Matt