Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2028
Views
5
Helpful
1
Replies

Script protection in Cisco AMP for Endpoints

pavankumar.kakarla
Level 1
Level 1

‎07-22-2020 10:18 AM

I have enabled Script protection feature in our environment. Where do i verify if it is enabled or not in "Policy.XML" file. Can some one help with what is the keyword to check if this feature is enabled or not on a specific machine.

Labels:
0 Helpful
1 Reply 1

UMontero
Cisco Employee
Cisco Employee

‎07-22-2020 10:36 AM

Hello,

 

In order to check if you have Script Protection enabled on the Policy, please refer to the AMSI portion of it.

You might have something like this

<amsi>
<enable>1</enable> - Tells you if it's enabled or not
<mode>2</mode> Tells you if it's set to Quarantine or Audit
</amsi>

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents