malicious activity protection in AMP for endpoints

pavankumar.kakarla · ‎08-26-2020

We have enabled Malicious activity protection feature in cisco AMP, how do we validate it in policy.xml. What is the key word to search and check if it has enabled or not.

Can someone help in this regard.

Matthew Franks · ‎08-26-2020

You could look at the serial number to ensure it matches the serial number in the console for that policy or look for this in the policy.xml:

<heurtistic>
<enable>1</enable>

Thanks,

Matt