AMP for Endpoints- Unknown detection

1375

Views

Helpful

Replies

We have had a detection on one of our customers network which is named UNKNOWN and has a SHA of all 0's, it has been quarantined and is creating tickets in the AMP inbox, but there is no way to tell what this is.

Has anyone seen this before and is there any way of looking into this without a diagnostics file being obtained and sent to Cisco TAC?

Thank you,

Molly

0 Replies 0

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Review Cisco Networking for a $25 gift card