PDF(178.8 KB) View with Adobe Reader on a variety of devices
ePub(179.8 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(144.7 KB) View on Kindle device or Kindle app on multiple devices
Updated:June 22, 2022
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the changes added to the Cisco-Maintained Exclusions.
Cisco-Maintained Exclusions are created and maintained by Cisco to provide better compatibility between the Advanced Malware Protection (AMP) for Endpoints Connector and antivirus, security or other software, these exclusions can be added to new versions of an application.
Cisco recommends that you have knowledge of these topics:
Exclusions in AMP for Endpoints
The information in this document is based on these software and hardware versions:
AMP for Endpoints console version 5.4.20190820
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Expectations When You Update
When the Cisco-Maintained lists are changed, a policy update occurs on the backend to reflect that change. As each of the Endpoints use that list check in on their heartbeat, they pull the updated policy. These policy changes are not reflected in the audit log as it is technically a change to the exclusion list, not the policy itself, and Cisco-maintained exclusion lists do not exist within the normal audit log on individual consoles. For large scale environments, this looks like a flood of policy updates and the end result will be better performance on each of the Endpoints.
The update period depends on each endpoint. If all the machines are online, the updates would take place within 1-2 heartbeats. If this is a global environment, updates continue to occur as machines come online so don't be surprised to see additional policy updates 24-48 hours after the maintained list is pushed.
Through the month of October, malformed exclusions that were introduced to the Secure Endpoint environment during earlier iterations of the product will be removed from custom exclusion lists. More information related to this initiative can be found Here.
December 14th - 2022
Microsoft Windows Default
Backend Changes - Windows
csc_ui.exe added to Exploit Prevention Global Exclusions for V5 and Script Control.