Cisco AMP for Windows Frequently Asked Questions and General User Guide
Cisco AMP is an antivirus product.
Deployment for Cisco AMP is managed by Information Technology. To ensure the
Cisco AMP is running on your Windows computer, navigate to the Windows notification
area or status bar (lower right of the screen), click on the Up Arrow to access the Cisco AMP.
Troubleshooting Service Stopped:
If you encounter the "Service Stopped" issue, restart your computer.
Scan provides you with different options to scan the computer: Flash(quick scan), Full Scan, and Custom Scan
There are different views available in History. Status check marks below help you understand the meaning of each event
Good/Clean File
Malicious File Detected, no action yet taken.
Malicious File Successfully Quarantined
Cisco AMP Error Warning
This will show details of all scans performed by the connector. Clicking on an event displays details in the right pane, including the scan type, the result of the scan, and the date the scan was performed.
Quarantine file history lists all Detection and Quarantine events associated with malicious files on the computer. Clicking on an event displays details in the right pane, including the detection name, the path where the infected file was found, the path of the executable that was processing the infected file, and the date the event occurred.
The Settings interface show configuration settings of the AMP client. All the entries in the settings are read-only and are provided
solely for informational and diagnostic purposes.
The Sync Policy button allows you to check for a policy update outside of the normal heartbeat interval. Sync Policy is particularly useful during an outbreak situation where new custom detections have been added or if programs have been added or removed from allowed lists and blocked application lists. When you click on the Sync Policy button, a window will pop- up showing a "Policy Update Status". Click OK to exit.