Topics Map > IT Services > IT Security

Cisco AMP General User Guide for Mac

Cisco AMP for Mac Frequently Asked Questions and General User Guide

What is Cisco AMP?

Cisco AMP is an antivirus product.

How can tell if Cisco AMP is protecting my computer?

You can determine the Mac Connector's status from the icon's appearance on your Mac's menu bar in the upper right corner of the window:

  • Operational: The connector is connected to the AMP cloud and the system is protected.Operational Status
  • Alert:  The connector has encountered an error and is not operating correctly.  Protection is off and action is required. Alert Status
  • Offline: The Connector is disconnected from the AMP cloud. Protection is limited to the offline engine.Offline Status
  • Scanning: A scan is in progress.Scanning Status

How do I access AMP Settings and Information?

  1. Click on the Cisco AMP icon in the upper right of the screen
  2. You will see a menu, which provides information for:

    • When the last scan was conducted
    • The current status
    • The policy the connector is using
You can also start, pause, and cancel scans from the menu.

MacAMP

Settings

Events

Click on the Event Type drop down to see all possible events that Cisco AMP is logging

  • The event details will show below

MacAMP3


How do I see what files AMP has remediated?

  1. Click on the Event Type drop down
  2. Select Quarantine
    • Quarantine is a function of antivirus software that automatically isolates infected files on a computer's hard disk. Files put in quarantine are no longer capable of infecting their hosting system.

Quarantine

Quarantine exception for Apple Mail

  • Email messages containing malware will not be quarantined by the AMP for Endpoints Mac Connector to prevent corruption of the local mail database.
    • Email messages will be scanned, and a detection event will be generated for any malware allowing the administrator to remove the malicious email directly from the mail server, but a quarantine failed event will also appear.
      • If Mail.app is configured to download attachments automatically, any malicious attachments will be quarantined as expected.

How do I see other anomalies that AMP has detected?

  1. Click on the Event Type drop down
  2. Select Detection
    • Detection monitors a network or system for malicious activity or policy violation.

Detection


How do I check the status of the updates on AMP?

  1. Click on the Event Type drop down
  2. Select Update
    • Update logs show new, improved, or fixed software, which replaces older versions of the same software.
    • Updates are often provided by the software publisher free of additional charge.

MacAMP4


How do I find the status of previous or ongoing scans?

  1. Click on the Event Type drop down
  2. Select Scans
    • Scans show all the activities performed during flask, full or custom scan
      • It provides the date time and details of the each event

MacAMP6


Is my Cisco AMP version up-to date?

  1. Click on the Policy icon

Sync Policy will check to make sure your Connector is running the most recent version of the policy. If not, it will download the latest version.

Clicking the sync button will prompt it to check for a new policy update.

Policy

How can I scan my Computer?

  1. Click on the Scan icon
  2. Scan provides you with different options to scan your system: Flash (quick) scan, Full Scan, and Custom Scan
    1. Choose the your preferred scan option.

ScreenShot2019-10-30at11.08.31AM

How can I find out the version of my Cisco AMP?

  1. Click on the About icon
  2. The About dashboard provides the information for the Cisco AMP version.

MacAMP10




Keywords:Cisco,AMP,Antivirus,anti-virus   Doc ID:95508
Owner:Christian B.Group:UW Oshkosh
Created:2019-11-01 13:58 CDTUpdated:2019-11-15 11:59 CDT
Sites:UW Oshkosh
Feedback:  1   0