Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
TL;DR
Below, we examine the way Cisco Secure Endpoint's defenses reacted to and evolved with the HermeticWiper malware threat, and draw three operational lessons for the defender:
Use local controls to override default behavior when necessary.Look b...
Note: This article was originally posted on 15 Dec 2021 and last updated on 20 Dec 2021.
1. What's New?
Well, it's been a while since our last Orbital Query Corner update, and we've been eager to talk about several new things related to Orbital, but ...
Oh! I have slipped the surly bonds of EarthAnd danced the skies on laughter-silvered wings;Sunward I’ve climbed, and joined the tumbling mirthOf sun-split clouds, – and done a hundred thingsYou have not dreamed of – wheeled and soared and swungHigh i...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability". [1] The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Securit...
Well, I’m obviously a biased source of information, since I work on the Secure Endpoint (new name for AMP for Endpoints) team myself, but we usually do pretty well in things like the AV-Comparatives tests. Since you also use Firepower and Umbrella, ...
This may be related to a false positive on Chrome Notification Helper. If so, it should be better shortly. Great thing about retrospective events: they work both ways.
That's excellent advice from Jim2k. The only thing I'd add is that, if you ever think you might enable the classic AV scanning on our side, use policy to disable the Offline Engine (referred to as Tetra for Windows connectors), instead of using the ...
In addition to the couple of articles on Orbital searches (I just posted a summary of the "orbital query corner" articles to date here
https://community.cisco.com/t5/security-blogs/orbital-query-corner-update/ba-p/4440510), also note that PrintNight...
