About Matthew Franks

Matthew Franks · 02-12-2026

If you open a TAC case, they can collect some logs and recommend specific Exploit Prevention exclusions that would allow you to use the engine but exclude a specific DLL. You might also want to try upgrading to a newer version of the connector. The i...

Matthew Franks · 02-12-2026

This is likely caused by the Exploit Prevention engine. Even in Audit mode it performs memory monitoring tasks for alerting that could potentially interfere like this. I suggest disabling the Exploit Prevention engine to test and see if the issue is ...

Matthew Franks · 09-24-2025

There is no way to achieve this through the UI, but you can use the /v1/computers/{connector_guid}/trajectory API endpoint. More information is available here:https://developer.cisco.com/docs/secure-endpoint/v1-api-reference-computer/Thanks, Matt

Matthew Franks · 08-20-2025

Looks like we made a change early last month for this. The previously applied exclusions should work with no changes but any new changes would require the update. -Matt

Matthew Franks · 08-20-2025

@Ken Stieers CSIDL_PROGRAM_FILES/Cisco/AMP seems to work just fine in my environment. CSIDL_BASEDIR as in your photo looks like it needs a / at the end to be taken. You can see the same with FOLDERID. Thanks, Matt

Member Since	‎03-09-2015 05:59 AM
Date Last Visited	‎03-26-2026 08:49 PM
Posts	330
Total Helpful Votes Received	276

User Statistics

User Activity

Re: Outlook NETAPI32.dll Error and Cisco Secure Endpoint

Re: Outlook NETAPI32.dll Error and Cisco Secure Endpoint

Re: Cisco AMP - Is there a way to preserve the device trajectory event

Re: CSIDL_BASEDIR Path Exclusion?

Re: CSIDL_BASEDIR Path Exclusion?