Enabling Detection Engines in Secure Endpoint

5 Views
Published
Secure Endpoint is designed to detect and prevent known threats, as well as support to identify unknown threats and remove them from the computer systems. All these can be achieved by using multiple engines.

Engines are configured individually for each Policy in the Management -- Policy tab. Depending on the operating system running on the endpoint, different engines can be enabled:

Windows:
- Files
- Network
- Malicious activity protection
- System Process Protection
- Script protection
- Exploit prevention
- Exploit Script Control
- Behavioural Protection
- TETRA

Linux and Mac:
- Files
- Network
- ClamAV

iOS:
- Network

To simplify engines configuration, we introduced two buttons that will apply recommended engines configuration, based on the best practices:
- Apply Workstation Settings
- Apply Server Settings

Apart of applying recommended engines settings it is important to set the latest connector version in the Product Updates tab while editing the Policy, so you can get the most benefit from the AMP for Endpoint functionality.

Visit the following resources for more information:
- Security ATXs/ACCs:
https://learningnetwork.cisco.com/s/atx-integrated-secure-operations

- Endpoint Protection self-guided journey page:
https://www.cisco.com/c/m/en_us/products/security/advanced-malware-protection/setup-guide.html

- Cisco Video:
https://video.cisco.com/video/6241614747001
Category
Cisco
Be the first to comment