Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1922
Views
0
Helpful
1
Replies

Ransomware email notifications

natolin
Level 1
Level 1

‎09-21-2017 12:44 AM - edited ‎03-08-2019 05:44 PM

Hi,

please be aware that AMP "potential ransomware" email notifications does NOT work properly.

We've tested it with the most obvious wannacry samples. Threat was detected as ransomware and quarantined but notifications are not send. We've opened TAC, and are awaiting, but as these takes for the networking company weeks to solve it, update your detection procedures.

Nat

Labels:
0 Helpful
1 Reply 1

stabulic
Cisco Employee
Cisco Employee

‎09-21-2017 09:49 AM

Hi Natolin,

 

when using subscription to specific event types in AMP console. That event type must be triggered.  Though you may have tested with wanna cry, the detection may have come across our system as flagged via a simple threat detection on one of our detection engines.  The events that can be flagged under Potential Ransomeware are pieces of possible malware that have not been flagged in our database as definitively bad but express behaviors and indicators that could be linked to newer pieces of malicious software.  Thank you for your input and we shall use it to better the functionality of our filters in the future.

 

best regards,

S.

0 Helpful
Customers Also Viewed These Support Documents