Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a hash for a file. I have blacklisted it under Application Blocking. I have it set to quarantine under Simple Detection. So why is it that my users can download it and execute it? It is marked malicious by AMP. VirusTotal has a ratio of 34/67 ...
I cannot block cmd.exe or wscript in my environment as a whole, but I would like to prevent MSWord and Excel from spawning them. There is no legitimate reason for Office products to kick of these. Can this be done through AMP?
I have an executable file, I used sha256deep to generate a hash. I confirmed that hash with an upload to VirusTotal as well as generating a hash through 7zip. I added the sha256 hash to my blocklist. Updated the policy on my endpoint. I was still abl...
It will not remove malware if it installed. What AMP does is hopefully get the file before it is executed and it will quarantine. So if the user downloads a malicious executable and puts in their Documents folder, AMP will detect it and quarantine it...
I don't think a tool is very efficient if every time I need it to do what it is supposed to do, I have to open a case with TAC to have them write custom rules. If I did that, it would take all my time. This is supposed to already do that. If there is...
ok, this is not fileless malware, it is a toolbar addon application. Yes I see it multiple times within the environment. So, if I understand you correctly, you are saying that what AMP does is allow the malicious file to execute and then sometime aft...
My policy is either protect or triage. Both are set to block and quarantine. The hash has been added to the Quarantine for simple detection and it is also blacklisted on the application blocking. You can see it is supposed to be quarantined and/or bl...
Do you mean, will it clean an infected system? I do not believe that capability is part of AMP. It will quarantine a malicious file (Supposedly) and prevent a malicious file from executing (Supposedly), but once a system is infected you will need to ...
