Hello @Sekou DIOMANDE, Threatgrid at the moment does not support ICAP.    We are focusing using a standardized API for integration, which opens a broader range of integration. You can find more information here: https://developer.cisco.com/threat-grid/. Your Cisco Representative may also open a Feature Request for you. Which integration you need? Proxy Integration?   Greetings, Thorsten ... View more

Hello sbrown@cyracom.com, no sorry, for the default reports you cannot add a specific date for the report.         What kind of Report or which Information do you need? Greetings, Thorsten     ... View more

Hello @Xavier Roche, sent the file for analysis to our backend team.    The easiest way for you is to open a Case directly at Talos: https://talosintelligence.com   Greetings, Thorsten   ... View more

Hello @chandrasekharpulicharla1451, there is also a script on GitHub available to process your Diagnostic files. https://community.cisco.com/t5/security-documents/troubleshooting-amp-for-endpoints-summary/ta-p/3863477#toc-hId--573319595   Direct Link to GitHub: https://github.com/CiscoSecurity/amp-05-windows-tune   Hope this helps, and it would be interesting what the outcome of your investigation is. Greetings, Thorsten ... View more

Hello @probson55, will forward your recommendation to our internal Team. Anything else where we can assist you? Greetings, Thorsten ... View more

Hello Phil, for real secure testing you should start with audit mode for all engines. If you installing AMP connector in a test environment, you can also start with blocking mode for all engines. Starting with Audit mode is recommended for productive systems. For servers with high bandwidth consumption, we recommend to install AMP without DFC. You can find the right command line here: https://www.cisco.com/c/en/us/support/docs/security/sourcefire-fireamp-endpoints/118587-technote-fireamp-00.html   System Process Protection is designed to protect Windows Processes, so this Engine should be activated, also Exploit Prevention. For the first steps, you can also use the Cisco maintained Exclusion Lists, which are including many useful exclusions.   Hope this helps, cheers, Thorsten           ... View more

Hello @Kewal sharma, your local responsible Cisco Partner or a Cisco Systems Engineer should be able to go through your results.  If not, just send me a message, so i can support you.   Based on the Events, YES, there someone should take a deeper look into your environment.   Greetings, Thorsten ... View more

Hello @EnverSingh7603, would be great to know what TAC answered for this. Greetings, Thorsten   ... View more

Agree with @matt, the error code indicates the following. Btw, i have seen such "challenges" also with other AV products, where an engine does not get exclusive access rights to a file on the disk. Error Code in Decimal: 3221225539 Meaning: STATUS_SHARING_VIOLATION Possible Reason:  Attempted open operation conflicts with an existing open If you translate the DEC to HEX, your are getting the following result: C0000043 In the Microsoft Documentation (https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/8f11e0f3-d545-46cc-97e6-f00569e3e1bc) this Error Code shows the following information.           Reasons can be File is opened by another process, so AMP does not get a file handle from the OS. File was already removed from the disk (also often happens with temporary files)   Are you still seeing this error codes? Cheers ... View more

Hello @Kewal sharma, if there is any unexpected behavior where you need more technical deep dive background, opening a TAC case can help to answer these questions. What do you mean with "AMP4E is not a product"?? Cheers, Thorsten ... View more

Thanks for the screenshot. As described in my previous answer, looks like AMP console works as expected. The only thing we can do are. 1) maybe TAC has additional information. 2) Talking to your Cisco Representative to open a Feature Request. Greetings, Thorsten ... View more

Hello @listky, took a look into the API documentation and found to following information.     Maybe TAC can help here, but i´m not sure. Sorry not having a better answer. Greetings, Thorsten ... View more

Hello @enversingh, AMP console works here as expected. You can take a look into the AMP help directly in the AMP and searching for "Unprivileged Users". The article describes the user management in detail.   We are highly interested into Feedback. So please, get in contact with your Cisco representative to add a Feature Request.   Cheers, Thorsten ... View more