Cisco AMP - General User Guide for Windows

Cisco AMP for Windows Frequently Asked Questions and General User Guide

What is Cisco AMP?

Cisco AMP is an antivirus product.

How do I install Cisco AMP on my Windows Device?

Deployment for Cisco AMP is managed by Information Technology. To ensure the Cisco AMP is running on your Windows computer, navigate to the Windows notification area or status bar (lower right of the screen), click on the Up Arrow to access the Cisco AMP.

Win AMP

Right-click on the Cisco AMP icon circled in red above
Select Open Cisco AMP for Endpoints to access the Cisco AMP, or select Presentation Mode, Start a flash (quick) scan. It is not recommended to hide the tray Icon.

WinAmp1

Troubleshooting Service Stopped:

If you encounter the "Service Stopped" issue, restart your computer.

If the restart does NOT resolve the issue, STOP and contact the IT Help Desk at 920-424-3020 or helpdesk@uwosh.edu to request assistance.

Service Stopped

Scan Now

Scan provides you with different options to scan the computer: Flash(quick scan), Full Scan, and Custom Scan

WinAMP2

The two following images below notify you when the scan is in progress

WinAMP3

WindowsAMP2

History

There are different views available in History. Status check marks below help you understand the meaning of each event

Clean File CheckMark

Good/Clean File

Malicious File Detected

Malicious File Detected, no action yet taken.

Malicious File Quarantined

Malicious File Successfully Quarantined

CiscoAMP Error Warning

Cisco AMP Error Warning

All File Events: All events are listed in chronological order. Clicking on any file or event displays details in the right pane.

Scan History

This will show details of all scans performed by the connector. Clicking on an event displays details in the right pane, including the scan type, the result of the scan, and the date the scan was performed.

Scan History

Quarantine File History

Quarantine file history lists all Detection and Quarantine events associated with malicious files on the computer. Clicking on an event displays details in the right pane, including the detection name, the path where the infected file was found, the path of the executable that was processing the infected file, and the date the event occurred.

WinAMP6

Settings

The Settings interface show configuration settings of the AMP client. All the entries in the settings are read-only and are provided solely for informational and diagnostic purposes.

The Sync Policy button allows you to check for a policy update outside of the normal heartbeat interval. Sync Policy is particularly useful during an outbreak situation where new custom detections have been added or if programs have been added or removed from allowed lists and blocked application lists. When you click on the Sync Policy button, a window will pop- up showing a "Policy Update Status". Click OK to exit.

PolicyUpdate

About:

About shows information for the AMP Version as well as copyright information

WinAMP10