• What is Cisco's AMP (advanced malware protection)?
• How can I pose questions about AMP?
• Who can use AMP?
• Can AMP be used by students or for personal use?
• Do I have to pay for AMP?
• I'm a Technical Support Coordinator for my department -- how do I get an account for AMP?
• Where's the AMP console?
• Where can I find an AMP deployment guide?
• Should AMP Connectors be updated periodically?
• Should I enable Device Flow Correlation (DFC) in my policy?
• How do I get support for AMP?

Please see the following for more information about AMP http://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html

Please contact the Information Security Office at: security@utexas.edu
 

Staff or faculty doing university business on personal computers can use Cisco AMP to better secure their systems.
Their local IT support staff can provide a link to a downloadable AMP connector for their college, school, or unit.

(ATTN: IT Support Staff - The Download Connector page in the Cisco AMP conole allows you to download installer packages for each type of AMP for Endpoints Connector or copy the URL from which they can be downloaded once you have selected a group. The installer package can be placed on a network share or distributed via management software. The download URL can be emailed to users to allow them to download and install it themselves, which can be convenient for remote users.)

----

Students who are interested in such protection should refer to the FREE standalone sister product: http://www.immunet.com

AMP users do not have to pay for the service.  The AMP service is paid for by the UT Information Security Office to better address the proliferation of malicious code on campus devices. 

Please see the following page.

Please see the following page.  Detailed support documentation is also available here.

This is available via the AMP console, simply search for 'Cisco AMP for Endpoints Deployment Strategy Guide'.

Yes. When a product update is available, you can choose whether or not to update your endpoints on a per-policy basis. You will see an entry in the Product Version showing which version you are going to and it will populate the Update Server so you can see where the files will be pulled from. You can then configure the Start Update Window and End Update Window. The Update Interval allows you to specify how long your Connectors will wait between checks for new product updates. This can be configured between every 30 minutes to every 24 hours to reduce network traffic.

DFC can be very effective in proactively detecting and defending against malicious connections that are precursors to more significant infections. The ISO suggests enabling the quarantine action so that the client blocks network connections to malicious hosts.  Note that is is possible legitimate traffic (e.g., destined to previously compromised endpoints) could be adversely affected.  Please see the following page for more details.

Please first review the support articles via the console.  If you still have questions or issues, please send e-mail to the Information Security Office so that we can assist or escalate to the vendor on your behalf, if needed.