Cisco AMP General User Guide for Mac

What is Cisco AMP?

Cisco AMP is an antivirus product.

How can tell if Cisco AMP is protecting my computer?

You can determine the Mac Connector's status from the icon's appearance on your Mac's menu bar in the upper right corner of the window:

  • Operational: The connector is connected to the AMP cloud and the system is protected.

  • Alert:  The connector has encountered an error and is not operating correctly.  Protection is off and action is required.

  • Scanning: A scan is in progress.

How do I access AMP Settings and Information?

  1. Click on the Cisco AMP icon in the upper right of the screen

  2. You will see a menu, which provides information for:

    • When the last scan was conducted

    • The current status

    • The policy the connector is using

You can also start, pause, and cancel scans from the menu.



Click on the Event Type drop down to see all possible events that Cisco AMP is logging

  • The event details will show below

How do I see what files AMP has remediated?

  1. Click on the Event Type drop down

  2. Select Quarantine

    • Quarantine is a function of antivirus software that automatically isolates infected files on a computer's hard disk. Files put in quarantine are no longer capable of infecting their hosting system.

Quarantine exception for Apple Mail

  • Email messages containing malware will not be quarantined by the AMP for Endpoints Mac Connector to prevent corruption of the local mail database.

    • Email messages will be scanned, and a detection event will be generated for any malware allowing the administrator to remove the malicious email directly from the mail server, but a quarantine failed event will also appear.

      • If is configured to download attachments automatically, any malicious attachments will be quarantined as expected.

How do I see other anomalies that AMP has detected?

  1. Click on the Event Type drop down

  2. Select Detection

    • Detection monitors a network or system for malicious activity or policy violation.

How do I check the status of the updates on AMP?

  1. Click on the Event Type drop down

  2. Select Update

    • Update logs show new, improved, or fixed software, which replaces older versions of the same software.

    • Updates are often provided by the software publisher free of additional charge.


How do I find the status of previous or ongoing scans?

  1. Click on the Event Type drop down

  2. Select Scans

    • Scans show all the activities performed during flask, full or custom scan

      • It provides the date time and details of the each event

Is my Cisco AMP version up-to date?

  1. Click on the Policy icon

Sync Policy will check to make sure your Connector is running the most recent version of the policy. If not, it will download the latest version.

Clicking the sync button will prompt it to check for a new policy update.

How can I scan my Computer?

  1. Click on the Scan icon

  2. Scan provides you with different options to scan your system: Flash (quick) scan, Full Scan, and Custom Scan

    1. Choose the your preferred scan option.


How can I find out the version of my Cisco AMP?

  1. Click on the About icon

  2. The About dashboard provides the information for the Cisco AMP version.