cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
374
Views
0
Helpful
0
Replies
Highlighted

AMP for Endpoints- Unknown detection

We have had a detection on one of our customers network which is named UNKNOWN and has a SHA of all 0's, it has been quarantined and is creating tickets in the AMP inbox, but there is no way to tell what this is.

 

Has anyone seen this before and is there any way of looking into this without a diagnostics file being obtained and sent to Cisco TAC?

 

Thank you,

 

Molly

Everyone's tags (4)