Hi all,

Just wondering if Secure Endpoint has any CLI-based tools to assist in remote work on an endpoint itself (e.g., disable the service for troubleshooting, enable debug logging without using the GUI, get/change configuration, etc.); and, if so, if there is accompanying documentation.

"C:\Program Files\Cisco\AMP\*\ipsupporttool.exe"

This seems like a diagnostic tool ( akin to the GUI-based Diagnostics button for computers ), and the IPSupportTool log suggests there are switches for it ([-h] [-d install_path] [-o output_path] [-t timed_support] [-m archive_size] [-j job_id] [-H time_stamp]). However these switches don't appear to work nor is there an archive created post-execution. It just dumps some files in 'C:\Program Files\Cisco\AMP' (installed_app.csv, running_process.csv, installed_services.csv, systeminfo.txt, etc.). These files do not appear to be in the resultant archive from the Console-based 'Diagnostics' feature for a computer.

"C:\Program Files\Cisco\AMP\*\AmpCLI.exe"

Would appear to be the right tool, but only looks to have one option (posture) that prints basic Secure Endpoint status information

"C:\Program Files\Cisco\AMP\*\sfc.exe"

Seems to be the primary Secure Endpoint process for scanning and such, but no CLI interface options

Thank you