AMP Frequently Asked Questions

What is Cisco's AMP (advanced malware protection)?

How can I pose questions about AMP?

Please contact the Information Security Office at:

Who can use AMP?

AMP can be used on any university-owned systems at no cost. AMP is available for Windows, Mac, Linux, Android and iOS operating systems.

Can AMP be used by students or for personal use?

Staff or faculty doing university business on personal computers can use Cisco AMP to better secure their systems.
Their local IT support staff can provide a link to a downloadable AMP connector for their college, school, or unit.

(ATTN: IT Support Staff - The Download Connector page in the Cisco AMP conole allows you to download installer packages for each type of AMP for Endpoints Connector or copy the URL from which they can be downloaded once you have selected a group. The installer package can be placed on a network share or distributed via management software. The download URL can be emailed to users to allow them to download and install it themselves, which can be convenient for remote users.)


Students who are interested in such protection should refer to the FREE standalone sister product:

Do I have to pay for AMP?

AMP users do not have to pay for the service.  The AMP service is paid for by the UT Information Security Office to better address the proliferation of malicious code on campus devices. 

I'm a Technical Support Coordinator for my department -- how do I get an account for AMP?

Please see the following page.

Where's the AMP console?

Please see the following page.  Detailed support documentation is also available here.

Where can I find a AMP deployment guide?

This is available via the AMP console, simply search for 'Cisco AMP for Endpoints Deployment Strategy Guide'.

Should AMP Connectors be updated periodically?

Yes. When a product update is available, you can choose whether or not to update your endpoints on a per-policy basis. You will see an entry in the Product Version showing which version you are going to and it will populate the Update Server so you can see where the files will be pulled from. You can then configure the Start Update Window and End Update Window. The Update Interval allows you to specify how long your Connectors will wait between checks for new product updates. This can be configured between every 30 minutes to every 24 hours to reduce network traffic.

Should I enable Device Flow Correlation (DFC) in my policy?

DFC can be very effective in proactively detecting and defending against malicious connections that are precursors to more significant infections. The ISO suggests enabling the quarantine action so that the client blocks network connections to malicious hosts.  Note that is is possible legitimate traffic (e.g., destined to previously compromised endpoints) could be adversely affected.  Please see the following page for more details.

How do I get support for AMP?

Please first review the support articles via the console.  If you still have questions or issues, please send e-mail to the Information Security Office so that we can assist or escalate to the vendor on your behalf, if needed.