Topics Map > IT Services > IT Security
Cisco AMP - General User Guide for Windows
Cisco AMP for Windows Frequently Asked Questions and General User Guide
What is Cisco AMP?
Cisco AMP is an antivirus product.
How do I install Cisco AMP on my Windows Device?
Deployment for Cisco AMP is managed by Information Technology. To ensure the Cisco AMP is running on your Windows computer, navigate to the Windows notification area or status bar (lower right of the screen), click on the Up Arrow to access the Cisco AMP.
- Right-click on the Cisco AMP icon circled in red above
- Select Open Cisco AMP for Endpoints to access the Cisco AMP, or select Presentation Mode, Start a flash (quick) scan. It is not recommended to hide the tray Icon.
Troubleshooting Service Stopped:
If you encounter the "Service Stopped" issue, restart your computer.
- If the restart does NOT resolve the issue, STOP and contact the IT Help Desk at 920-424-3020 or email@example.com to request assistance.
Scan provides you with different options to scan the computer: Flash(quick scan), Full Scan, and Custom Scan
The two following images below notify you when the scan is in progress
There are different views available in History. Status check marks below help you understand the meaning of each event
Malicious File Detected, no action yet taken.
Malicious File Successfully Quarantined
Cisco AMP Error Warning
All File Events: All events are listed in chronological order. Clicking on any file or event displays details in the right pane.
This will show details of all scans performed by the connector. Clicking on an event displays details in the right pane, including the scan type, the result of the scan, and the date the scan was performed.
Quarantine File History
Quarantine file history lists all Detection and Quarantine events associated with malicious files on the computer. Clicking on an event displays details in the right pane, including the detection name, the path where the infected file was found, the path of the executable that was processing the infected file, and the date the event occurred.
The Settings interface show configuration settings of the AMP client. All the entries in the settings are read-only and are provided solely for informational and diagnostic purposes.
The Sync Policy button allows you to check for a policy update outside of the normal heartbeat interval. Sync Policy is particularly useful during an outbreak situation where new custom detections have been added or if programs have been added or removed from allowed lists and blocked application lists. When you click on the Sync Policy button, a window will pop- up showing a "Policy Update Status". Click OK to exit.