Re: What can we do ? When I find a suspect file on PC ?

peter.peng · ‎12-16-2018

Hi Sir:

My environment is below:

1.AMP Endpoint for MAC and windows

2. Private Cloud on Intranet

When I find one suspect file (I think it's malware file.)but AMP endpoint can't analyze it. It think it's normally. What can I do for this file ? Can we send it to AMP Threat Grid by Private Cloud ? or provide me any recommendation ? Thanks

tcristina1 · ‎01-28-2019

Hello Peter!

With Threat Grid you can analyze the suspect file, and use the AMP to block the file or the computer.

David Janulik · ‎01-28-2019

If the file gets TG score >95, AMP will retrospectively quarantine it.

Cyber security escalation engineer

MajidShirzadeh · ‎01-28-2019

Send it to Threat Grid for more investigation, or copy SHA-256 and paste it in Cisco Visibility, All integrated devices (WSA, ESA, CES, FMC, etc.) including AMP for Endpoints are entitled to 200 samples per day regardless of the number of devices and this is applicable for the license bought after 12/1/2017.

peter.peng · ‎01-29-2019

Hi MajidShirzadeh:

If my client had bought the Threat Grid. We can upload any file to it and analyze it. Right ?

(Because I had tried to upload the file to public cloud . It must approve by Cisco and I will receive the mail. It will tell me it ok or not. Then I can find the file on the File analyze.If my client buy the Thread Guid application. We can control the file upload it or not right ?)