cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2269
Views
0
Helpful
4
Replies

Script process protection in AMP for Endpoints

We have enabled Script process protection feature in our environment, however we dont see any filter for this feature under "Events" tab. How can we filter or find the script process protection alerts on AMP console for our machines.

4 Replies 4

Matthew Franks
Cisco Employee
Cisco Employee

It is listed under System Process Protection.

screenshot.png

Thanks,

Matt

Thanks Matt for the response!!

 

We see only "System process protection" and not "Script process protection". Incase if its a subset of "System process protection" feature how do we see a particular alert for "Script process protection". Please guide me here.

Sorry for the confusion, I misread your post.  The Script Protection events will be under Threat Detected or Quarantine events, they are not listed separately at this time.

 

Thanks,

Matt

Troja007
Cisco Employee
Cisco Employee

Hello @pavankumar.kakarla,

als @Matthew Franks already explained, today Script Protection is focusing on Scanning Files provided by Microsoft AMSI. Therefore it is shown as a File Detection Event. This is the actual Product Design of the Engine.

This may change in future releases of the engine.

Greetings,

Thorsten

 

 

Screenshot File Scanning Script Protection.jpg

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: