cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1567
Views
5
Helpful
1
Replies

Script protection in Cisco AMP for Endpoints

I have enabled Script protection feature in our environment. Where do i verify if it is enabled or not in "Policy.XML" file. Can some one help with what is the keyword to check if this feature is enabled or not on a specific machine.

1 REPLY 1
UMontero
Cisco Employee

Hello,

 

In order to check if you have Script Protection enabled on the Policy, please refer to the AMSI portion of it.

You might have something like this

<amsi>
<enable>1</enable> - Tells you if it's enabled or not
<mode>2</mode> Tells you if it's set to Quarantine or Audit
</amsi>

 

Create
Recognize Your Peers
Content for Community-Ad