About Brisco1165

Brisco1165 · 10-09-2018

I have a hash for a file. I have blacklisted it under Application Blocking. I have it set to quarantine under Simple Detection. So why is it that my users can download it and execute it? It is marked malicious by AMP. VirusTotal has a ratio of 34/67 ...

Brisco1165 · 10-05-2018

I cannot block cmd.exe or wscript in my environment as a whole, but I would like to prevent MSWord and Excel from spawning them. There is no legitimate reason for Office products to kick of these. Can this be done through AMP?

Brisco1165 · 08-09-2018

I have an executable file, I used sha256deep to generate a hash. I confirmed that hash with an upload to VirusTotal as well as generating a hash through 7zip. I added the sha256 hash to my blocklist. Updated the policy on my endpoint. I was still abl...

Brisco1165 · 12-03-2018

It will not remove malware if it installed. What AMP does is hopefully get the file before it is executed and it will quarantine. So if the user downloads a malicious executable and puts in their Documents folder, AMP will detect it and quarantine it...

Brisco1165 · 10-17-2018

I don't think a tool is very efficient if every time I need it to do what it is supposed to do, I have to open a case with TAC to have them write custom rules. If I did that, it would take all my time. This is supposed to already do that. If there is...

Brisco1165 · 10-17-2018

ok, this is not fileless malware, it is a toolbar addon application. Yes I see it multiple times within the environment. So, if I understand you correctly, you are saying that what AMP does is allow the malicious file to execute and then sometime aft...

Brisco1165 · 10-15-2018

My policy is either protect or triage. Both are set to block and quarantine. The hash has been added to the Quarantine for simple detection and it is also blacklisted on the application blocking. You can see it is supposed to be quarantined and/or bl...

Brisco1165 · 10-09-2018

Do you mean, will it clean an infected system? I do not believe that capability is part of AMP. It will quarantine a malicious file (Supposedly) and prevent a malicious file from executing (Supposedly), but once a system is infected you will need to ...

Member Since	‎03-25-2009 02:12 PM
Date Last Visited	‎04-08-2019 11:18 AM
Posts	11
Total Helpful Votes Received	5

User Statistics

User Activity

Why can an endpoint execute a blacklisted hash!

Can AMP be configured to prevent Word from spawning child processes?

AMP for Endpoints Application Blacklist not 100%

Re: Will AMP for Endpoint remove Malware or just quarantine?

Re: Why can an endpoint execute a blacklisted hash!

Re: Why can an endpoint execute a blacklisted hash!

Re: Why can an endpoint execute a blacklisted hash!

Re: Will AMP for Endpoint remove Malware or just quarantine?