Cisco AMP General User Guide for Mac
What is Cisco AMP?
Cisco AMP is an antivirus product.
How can tell if Cisco AMP is protecting my computer?
You can determine the Mac Connector's status from the icon's appearance on your Mac's menu bar in the upper right corner of the window:
Operational: The connector is connected to the AMP cloud and the system is protected.
Alert: The connector has encountered an error and is not operating correctly. Protection is off and action is required.
Scanning: A scan is in progress.
How do I access AMP Settings and Information?
Click on the Cisco AMP icon in the upper right of the screen
You will see a menu, which provides information for:
When the last scan was conducted
The current status
The policy the connector is using
You can also start, pause, and cancel scans from the menu.
Settings
Events
Click on the Event Type drop down to see all possible events that Cisco AMP is logging
The event details will show below
How do I see what files AMP has remediated?
Click on the Event Type drop down
Select Quarantine
Quarantine is a function of antivirus software that automatically isolates infected files on a computer's hard disk. Files put in quarantine are no longer capable of infecting their hosting system.
Quarantine exception for Apple Mail
Email messages containing malware will not be quarantined by the AMP for Endpoints Mac Connector to prevent corruption of the local mail database.
Email messages will be scanned, and a detection event will be generated for any malware allowing the administrator to remove the malicious email directly from the mail server, but a quarantine failed event will also appear.
If Mail.app is configured to download attachments automatically, any malicious attachments will be quarantined as expected.
How do I see other anomalies that AMP has detected?
Click on the Event Type drop down
Select Detection
Detection monitors a network or system for malicious activity or policy violation.
How do I check the status of the updates on AMP?
Click on the Event Type drop down
Select Update
Update logs show new, improved, or fixed software, which replaces older versions of the same software.
Updates are often provided by the software publisher free of additional charge.
How do I find the status of previous or ongoing scans?
Click on the Event Type drop down
Select Scans
Scans show all the activities performed during flask, full or custom scan
It provides the date time and details of the each event
Is my Cisco AMP version up-to date?
Click on the Policy icon
Sync Policy will check to make sure your Connector is running the most recent version of the policy. If not, it will download the latest version.
Clicking the sync button will prompt it to check for a new policy update.
How can I scan my Computer?
Click on the Scan icon
Scan provides you with different options to scan your system: Flash (quick) scan, Full Scan, and Custom Scan
Choose the your preferred scan option.
How can I find out the version of my Cisco AMP?
Click on the About icon
The About dashboard provides the information for the Cisco AMP version.