Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
1
Replies

Secure Endpoint folder permissions?

itguy1024
Level 1
Level 1

‎10-11-2022 10:47 AM

Hi,

I have seen some failed quarantine events come through and in the details it said access denied. I don't remember AMP needing a service account or setting one up but maybe I'm mistaken. Does AMP have full access to the file systems?

Labels:
0 Helpful
1 Reply 1

Troja007
Cisco Employee
Cisco Employee

‎10-12-2022 05:35 AM

Hello @itguy1024 ,
yes, Secure Endpoint has full access to the disk, but if the service does not get the right access permission from the Operating System (e.g. running process), this might generate a failed quarantine event. Another option could be, that the file is a temporary file from the browser cache. So when Secure Endpoint wants to remove the file, it is not there any more.
In such a case, we need a closer look how the event looked like.
Greetings,
Thorsten

0 Helpful
Customers Also Viewed These Support Documents