Content Comparison

What is Cisco AMP?

Cisco AMP is an antivirus product.

How can tell if Cisco AMP is protecting my computer?

You can determine the Mac Connector's status from the icon's appearance on your Mac's menu bar in the upper right corner of the window:

• Operational: The connector is connected to the AMP cloud and the system is protected.

  Image RemovedImage Added

• Alert:  The connector has encountered an error and is not operating correctly.  Protection is off and action is required.

  Image Removed

  Offline: The Connector is disconnected from the AMP cloud. Protection is limited to the offline engine.

  Image RemovedImage Added

• Scanning: A scan is in progress.

  Image RemovedImage Added

How do I access AMP Settings and Information?

1. Click on the Cisco AMP icon in the upper right of the screen

2. You will see a menu, which provides information for:

   • When the last scan was conducted

   • The current status

   • The policy the connector is using
     

You can also start, pause, and cancel scans from the menu.

...

Settings

Events

Click on the Event Type drop down to see all possible events that Cisco AMP is logging

• The event details will show below

  Image RemovedImage Added

How do I see what files AMP has remediated?

1. Click on the Event Type drop down

2. Select Quarantine

   • Quarantine is a function of antivirus software that automatically isolates infected files on a computer's hard disk. Files put in quarantine are no longer capable of infecting their hosting system.

     Image RemovedImage Added

Quarantine exception for Apple Mail

• Email messages containing malware will not be quarantined by the AMP for Endpoints Mac Connector to prevent corruption of the local mail database.

  • Email messages will be scanned, and a detection event will be generated for any malware allowing the administrator to remove the malicious email directly from the mail server, but a quarantine failed event will also appear.

    • If Mail.app is configured to download attachments automatically, any malicious attachments will be quarantined as expected.

How do I see other anomalies that AMP has detected?

1. Click on the Event Type drop down

2. Select Detection

   • Detection monitors a network or system for malicious activity or policy violation.

     Image RemovedImage Added

How do I check the status of the updates on AMP?

1. Click on the Event Type drop down

2. Select Update

   • Update logs show new, improved, or fixed software, which replaces older versions of the same software.

   • Updates are often provided by the software publisher free of additional charge.

     Image RemovedImage Added

How do I find the status of previous or ongoing scans?

1. Click on the Event Type drop down

2. Select Scans

   • Scans show all the activities performed during flask, full or custom scan

     • It provides the date time and details of the each event

       Image RemovedImage Added

Is my Cisco AMP version up-to date?

1. Click on the Policy icon

2. Sync Policy will check to make sure your Connector is running the most recent version of the policy. If not, it will download the latest version.

   • Clicking the sync button will prompt it to check for a new policy update.

...

1. • Image Added

How can I scan my Computer?

1. Click on the Scan icon

2. Scan provides you with different options to scan your system: Flash (quick) scan, Full Scan, and Custom Scan

   1. Choose the your preferred scan option.

      Image RemovedImage Added

How can I find out the version of my Cisco AMP?

1. Click on the About icon

2. The About dashboard provides the information for the Cisco AMP version.

   Image RemovedImage Added