Cisco AMP - Running a Scan from the Local GUI

This article describes the process of starting an AMP scan directly from a machine with AMP installed.

Note: To successfully run all of the scan types available, the AMP console administrator for your department must enable the AMP GUI via the console. For more information on how to do this, see this article on enabling Tetra & Clam AV.

  • Starting a Scan Locally on a Windows Endpoint:

      1. To trigger a scan on your machine, you must start the Cisco AMP GUI. To do so, type Cisco AMP into the Start Menu Search Bar of your machine. If AMP is installed on your machine, the Cisco AMP for Endpoints Connector should appear. Double click the Application to start it.
        IMG12.png

      2. The AMP GUI should now appear, but if it does not, you may have to navigate to your system tray on the lower right hand corner of your screen. Double click the AMP Icon to start the GUI (Icon shown in the green box in the image below).
        IMG13.png

        AMP GUI:
        IMG14.png

      3. Click the Scan Now button. You will be presented with the option to run several different kinds of scans. To learn more about each of the scan types, see below:

          • Flash Scan: will scan the processes running and the files and registry entries used by those processes.

          • Custom Scan: will scan a particular filepath that you give it.

          • Full Scan: will scan the processes running, the registry entries, and all the files on disk. This scan can be very resource-intensive.

          • Rootkit Scan: scans the computer for signs of installed rootkits.

        IMG15.png

      4. Selecting a scan type will automatically trigger the scan. When you start a scan, a window showing scan progress should appear. You will have the option to pause or stop the scan.
        IMG16.png

      5. When the scan is completed, a results window will appear.
        IMG17.png



  • Starting a Scan Locally on a Mac Endpoint:

      1. To trigger a scan on your machine, you must start the Cisco AMP GUI. To do so, click the magnifying glass in the upper right hand corner of your screen, then type Cisco AMP into the Spotlight Search Bar that appears. If AMP is installed on your machine, the Cisco AMP for Endpoints Connector should appear. Double click the Application to start it.
        IMG18.png

      2. The AMP GUI Icon should now appear in the processes bar in the upper right hand corner of your screen. Click the AMP Icon to expand information about AMP (Icon shown in the green box in the image below).
        IMG19.png

      3. Hover your mouse over the Scan option. You will be presented with the option to run several different kinds of scans. To learn more about each of the scan types, see below:

          • Flash Scan: will scan the processes running and the files and registry entries used by those processes.

          • Full Scan: will scan the processes running, the registry entries, and all the files on disk. This scan can be very resource-intensive.

          • Custom Scan: will scan a particular filepath that you give it.

        IMG20.png

      4. Selecting a scan type will automatically trigger the scan. When you start a scan, clicking the AMP Icon again will show scan progress. You will also have the option to pause or stop the scan.
        IMG21.png

      5. To view results, click the AMP icon and select Settings. An AMP GUI will appear. Navigate to the Events tab to view all recent events on the endpoint. If the scan found anything, an event for the findings will appear in this tab.
        IMG22.png





Keywords:start scan from my machine computer interface AV anti virus scanning clamav tetra malware   Doc ID:94374
Owner:Oakes D.Group:Office of Cybersecurity
Created:2019-09-10 06:52 CSTUpdated:2019-10-15 11:03 CST
Sites:Office of Cybersecurity, UW-Milwaukee Help Desk
Feedback:  0   0