Meraki

kordm · ‎Jan 9 2019

We use ESET in our org, and updates are being blocked by AMP, however it is not generating events in the Security Center nor is it showing as filtered content in the Network Wide Event Log. Disabling AMP temporarily allows ESET to update successfully. Is there a way to see exactly what AMP is blocking, so I can whitelist the false positives?

I saw one event in the Security Center where communication with one of the ESET subdomains had flagged the download as "User-Agent known malicious user-agent string - Win.Trojan.Batlopma". I've added "eset.com" to the whitelisted URLs under AMP in the Threat Protection window, but that didn't do anything. ESET uses a hundred or so subdomains to deliver updates ... do I need to add ALL of those subdomains to the whitelist?

I'm having the same issue with AMP blocking updates to Google services on wireless devices ... whitelisting "1e100.net" had no effect. Neither did "*.1e100.net"

How can I identify and allow false-positives without disabling AMP?

PhilipDAth · ‎Jan 9 2019

If you are not running 14.x code yet - upgrade to that. It resolves a lot of the AMP issues.

View solution in original post

PhilipDAth · ‎Jan 9 2019

If you are not running 14.x code yet - upgrade to that. It resolves a lot of the AMP issues.

kordm · ‎Jan 9 2019

Thanks Philip. My MX is running 13.33. I'll get that updated.

HScar · ‎May 10 2019

Hi,

We are seeing AMP blocking websites and not logging as well. We are on 14.39. Nothing in Dashboard Event logs or syslogs.

An example website is espressif.com

Meraki

Community

Verbose Event Log for AMP?

Verbose Event Log for AMP?

Network down event log

API for Client Roaming Event Logs

Event Logs Across the Organization

dns.google - Event log overload

Event logs reporting frequent RSTP events