Re: Urls blocking using amp

sv7 · ‎03-01-2023

Hi All,

Is it possible to restrict or block any urls using amp ?. Like client wants to restrict windows update using amp install in user machine.

Please advise.

pmedinac · ‎03-01-2023

Hi @sv7

Cisco Secure Endpoint (formerly AMP) cannot block some/any URLs since the solution is not a firewall, Will only bring capabilities to isolate a machine but the URLs cannot be blocked. I would recommend a firewall for that task since it is pure purpose.

~Pedro

smjehanzeb · ‎05-31-2023

Since EDR shows Complete Employee/User Visibility so why we can't block URL at end-host, Why request make overhead on a network to block on Firewall.

Ken Stieers · ‎05-31-2023

URL blocking is NOT a feature of Cisco Secure Endpoint. It's just NOT there.
For URL blocking you need to either do it in something like Umbrella, Web Security Appliance or Firewall (assuming FTD or Palo Alto, or similar devices)

smjehanzeb · ‎05-31-2023

Appreciate your Response.

UMontero · ‎03-01-2023

Adding to what Pedro mentioned.

Indeed, CSE is not a firewall, so it does not provide URL blocking mechanism, but there is a feature in Cisco Secure Endpoint which works with IP/CIDR block ranges.

Possibly this feature can help you

smjehanzeb · ‎05-31-2023

Cisco Endpoint is not a complete solution which block/Quarantine Malicious File Block Hash, IP URL and Domain.

It only Block Malicious File Hash, Quarantine File , Scan System and IP Allow and Block

What about web browser (Google Chrome/Firefox) malicious hits? Does it block malicious URL on end-Host