Cisco AMP User Guide for Windows

Owned by Liz Christopher
Last updated: Jun 21, 2023 by Gianna Goodermuth
3 min read

What is Cisco AMP?

Cisco AMP is an antivirus product.

How do I install Cisco AMP on my university-owned Windows Device?

Deployment for Cisco AMP is managed by Information Technology. To ensure the Cisco AMP is running on your Windows computer:

  1. Navigate to the Windows notification area or status bar (lower right of the screen), click on the Up Arrow to access the Cisco AMP

  2. Right-click on the Cisco AMP icon circled in red above

  3. Select Open Cisco AMP for Endpoints to access the Cisco AMP, or select Presentation Mode, Start a flash (quick) scan. It is not recommended to hide the tray Icon.

Other Notes and Functions

Restart your computer. 

If the restart does NOT resolve the issue, STOP and contact the IT Help Desk to request assistance.

Scan Now provides you with different options to scan the computer: Flash(quick scan), Full Scan, and Custom Scan.

The two following images below notify you when the scan is in progress.

There are different views available in History.  Status check marks below help you understand the meaning of each event:

Good/Clean File

Malicious File Detected, no action yet taken.

Malicious File Successfully Quarantined

Cisco AMP Error Warning

All File Events

Listed in chronological order. Clicking on any file or event displays details in the right pane.

Scan History

This will show details of all scans performed by the connector. Clicking on an event displays details in the right pane, including the scan type, the result of the scan, and the date the scan was performed.

Quarantine File History

Quarantine file history lists all Detection and Quarantine events associated with malicious files on the computer. Clicking on an event displays details in the right pane, including the detection name, the path where the infected file was found, the path of the executable that was processing the infected file, and the date the event occurred.

The Settings interface show configuration settings of the AMP client. All the entries in the settings are read-only and are provided solely for informational and diagnostic purposes.

The Sync Policy button allows you to check for a policy update outside of the normal heartbeat interval. Sync Policy is particularly useful during an outbreak situation where new custom detections have been added or if programs have been added or removed from allowed lists and blocked application lists. When you click on the Sync Policy button, a window will pop- up showing a "Policy Update Status". Click OK to exit.

About shows information for the AMP Version as well as copyright information.