This document describes various methods to disable and enable the AMP Connector service. When you troubleshoot, you might need to disable the AMP Connector service. There are a few reasons why you might need to do this:
In order to remove a corrupt database or log file.
In order to uninstall AMP connector due to an error, corrupt installation, or incomplete installation.
Replace the policy.xml file (for advanced troubleshooting purposes).
Manage the AMP Connector Service on Microsoft Windows
The AMP Connector can be disabled via the Control Panel. In order to disable the Connector via the Control Panel, complete these steps:
Choose Start > Control Panel.
In the Control Panel, click System and Security and then click Administrative Tools.
In the Services window, scroll down and locate the Cisco AMP for Endpoints Connector service.
Left-click the Cisco AMP for Endpoints Connector and then click Stop underneath the service name on the left.
You can also use the command prompt in order to disable the AMP Connector service.
1. You have to identify the correct service name.
2. Choose Start > Control Panel.
3. In the Control Panel, click System and Security and then click Administrative Tools.
4. Double-click Services.
5. In the Services window, scroll down and locate the Cisco AMP for Endpoints Connector service.
6. Right-click this service and click on Properties.
7. Note the service name here that will be used in the next steps.
Note: The service name changes as per the version of the AMP Connector that is installed.
8. Go to the Start menu and find the cmd.exe file.
9. Right-click and choose Run as Administrator.
10. At the command prompt, enter this command in order to stop the AMP Connector:
C:\Windows\system32> net stop CiscoAMP_6.3.1
11. Alternatively, you may use the wmic command as well.
wmic service where name="CiscoAMP_6.3.1" call stopservice
12. In order to restart the Connector, enter this command:
C:\Windows\system32> net start CiscoAMP_6.3.1
(OR) wmic service where name="CiscoAMP_6.3.1" call startservice
13. When a Connector starts, this output is displayed.
Note: These steps do not work if Connector Password Protection is enabled. Use the next steps to include the protection password in order to stop the service. This command only works on version 4.3.0 and later of the AMP Connector.
14. Enter this command:
sfc.exe -k password
Replace the word "password" with the actual password set in your policy.
Note: The directory will change as per the version of Cisco AMP Connector installed.
Stop the Service with the User Interface
You can also stop the password protected service from the user interface.
Manage the AMP Connector Service on OSX
In order to disable the AMP service on OSX, enter this command in a terminal: