Cisco AMP - Reporting an Issue With AMP on DoIT SE Managed Servers

This article describes the process for reporting issues seen on servers managed by DoIT SE if those issues are suspected to have been caused by the AMP connector. If you are not a client of DoIT SE and have AMP-related questions, please send an email to cybersecurity@cio.wisc.edu rather than following the procedures outlined in this document.

Reporting an Issue or Performance Discrepancy Caused by the AMP Connector
  1. Determine the severity of the issue. If the issue has a moderate to low impact on the machine, we ask that you do not uninstall the connector, as uninstalling the connector will slow down the troubleshooting process. If the issue is severe and is causing crashes or highly limiting functionality of the machine, uninstall the AMP connector. If you are not able to uninstall the AMP connector yourself, please reach out to the appropriate DoIT SE contact to request the connector be uninstalled. 

    If you must uninstall, instructions on how to do this on the basis of OS are below (requires admin privileges for all OSes):

    Linux: Run the following command to remove the AMP connector: sudo yum remove ciscoampconnector -y

    Windows: Navigate to the control panel, under programs select Uninstall a Program, select the Cisco AMP for Endpoints program from the list and follow the prompts to uninstall it.

  2. Send an email to ampsupport@lists.wisc.edu with the Subject line AMP Server Issue - [Brief Description of the Issue]. In the email, please provide the following details:

    1. A description of the issue the server is encountering (e.g., High CPU usage and Performance Issues)
    2. The name and OS of the impacted server (if multiple, include details about all impacted machines)
    3. Is the AMP connector still installed on the machine?
    4. What, if any, services are down or impacted by the issue?

  3. We will work to troubleshoot your response ASAP. You should expect to hear back from the AMP support team within 24 hours of sending your email. Depending on the issue, it is possible that we will ask you for additional details as we work on a resolution.