This document describes the procedure to force manually the new TETRA definitions in Advanced Malware Protection (AMP) for Endpoints.
Contributed by Jesus Javier Martinez and Uriel Torres and Edited by Yeraldin Sanchez, Cisco TAC Engineers.
Cisco recommends that you have knowledge of these topics:
AMP for endpoints
The information in this document is based on Cisco AMP for Endpoints for Windows.
The information in this document was created from the devices in a specific environment:
Windows 10 device
AMP connector 7.0.5 version
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Refer to the User Guide, TETRA is a full antivirus replacement and it never has to be enabled if another antivirus engine is installed. TETRA can also consume significant bandwidth when the definitions are downloaded.
Caution: Tetra must be exercised in a test environment before a large deployment.
Since AMP version 6.3.1 when TETRA engine is enabled and its definitions are up to date, Windows Defender needs to be disabled, therefore AMP is designated as the active Antivirus and Threat Protection provider.
The definitions are downloaded automatically, however, you can force manually TETRA definitions update.
Note: On AMP for Endpoints Connector version 7.2.7 and above, you can force the connector to fetch the updates using the argument '-forceupdate'