Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2554
Views
15
Helpful
0
Comments

Cisco Security ATXs FAQ: Secure Endpoint (formerly AMP for Endpoints)

Sherry Pang
Cisco Employee
Cisco Employee

on ‎08-08-2021 07:42 PM - edited on ‎02-15-2023 07:55 PM by Community Manager

Here are some commonly asked questions and answers to help with your adoption of Cisco Secure Endpoint. Subscribe (how-toto this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
 
Q. How does Orbital query impact the endpoints?
Orbital is a lightweight application, the installation will not impact endpoint workload too much. It provides instant query and snapshot generation. Instant query is a specific information query, which will not consume too much system resources. Snapshot generation is a more comprehensive collection of system information, and it is recommended to perform during non-peak hours.

Q. How could I apply for a trial of AMP for Endpoints?
Please reference the following link: Get your Secure Endpoint 30-day free trial.

Q. Is TETRA considered a full antivirus service or only Anti-malware? Is it advisable to disable TETRA if we have another antivirus?
A. TETRA is a full antivirus service and it should not be enable with another antivirus, it is advisable to disable TETRA if you are using another AV.

Q. What does Secure-X Threat hunting mean? Is it a service or is it a training?
A. It refers to the capability to identify threats found within the environment delivered through highly automated human-driven hunts based on playbooks producing high-fidelity alerts. For additional information: 
https://www.cisco.com/c/dam/en/us/products/collateral/security/securex-threat-hunting-faq.pdf

Q. By installing a AMP Update Server, will that make a difference, specific for the non-persistent VDI environment?
A. The AMP Update Server will help you conserve Internet bandwidth but will not affect system performance.

Q. Does AMP support file monitoring? Not just for malicious files but integrity check for any change in any file system executables and all. If yes, please share the resources.
A. AMP for Endpoints will keep monitoring all the files status, while there's file copy, move, delete, AMP for Endpoints will keep track that and you can use Device trajectory to check the file's history trajectory in the endpoint.
But please do note that even that it does look for malicious changes, AMP is not a replacement for FIM (File Integrity Monitoring).

Q. What is the best practice recommendation for exclusion for protected processes and applications?
A. Here is the exclusion best practice that you can refer to: https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213681-best-practices-for-amp-for-endpoint-excl.html
 


Looking for more resources? Access the latest guides, recordings and more via Cisco Endpoint Security ATXs Resources. 

Want to learn more and get real-time Cisco expert advice? Through live Q&A and solution demos, Ask the Experts (ATXs) real-time sessions help you tackle deployment hurdles and learn advanced tips to maximize your use of Cisco technology. View and register for the upcoming Ask the Experts (ATXs) sessions today. [Pro tip: Subscribe to the event listing for new session updates.]

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents