The disposition for the following 5 hashes have already been updated to "Unknown."849f5e35c3e4da91815655ee0008f460abfd62ed6ed82f1d86c60ac1030e6fb3 Pas.WebApi.exe 33f59d71810ca02406d550732b1909cf652a3fd574847829271f2e4339117fbd parallelsclient.exe f45...

With the debugging enabled, it provides us more context and enables us to correlate things with the dump. Btw, if after following the recommendations below you're still not seeing any .dmp files, please open a TAC case and use this discussion as refe...

You should see it under Program Files > Cisco > AMP. However, I forgot to mention earlier that there's a setting that'll determine if the dump will be written and saved locally or sent to the cloud. This setting, called "Automatic Crash Dump Uploads"...

@mandrews, I suggest checking the Secure Endpoint directory for crash dumps then opening a TAC case. If you have an open SR, feel free to PM me the number so I can review/follow up with the TAC engineer. 

Sorry for the delay in the response. AMP has released the following Cloud IOCs and Behavioral Protection (BP) signature since Thursday afternoon:   W32.WinwordLaunchedControl.ioc (Cloud IOC) W32.SuspiciousControl_RunDLLExecution.ioc (Cloud IOC) Suspi...