Cisco Cisco AMP 7150 Guía Para Resolver Problemas

We always strive to improve and expand the threat intelligence for our Advanced Malware
Protection (AMP) technology. If your AMP product did not trigger an alert in the real time, you can
take some actions to prevent any further impact to your environment. This document provides a
guideline on those action items.

If you believe that your AMP solution did not protect your network from a threat, take the following
actions immediately:

Isolate the suspicious machines from the rest of the network. This could include turning the
machine off, or disconnecting it from the network physically.

1.

Write down the important information about the infection, such as, the time when the
machine might be infected, the user activities on the suspicious machines, etc.

2.

Warning: Do not wipe out or reimage the machine. It eliminates the chances of finding the
offending software or files during forensic investigation or troubleshooting process.

Use the Device Trajectory feature to begin your own investigation. Device Trajectory is
capable of storing approximately the 9 million most recent file events. The AMP for Endpoints
device trajectory is very useful for tracking down files or processes that led to an infection.

In the dashboard, navigate to Management > Computers.

1.