Introduction to Advanced Malware Protection (AMP)

Introduction to Advanced Malware Protection (AMP)

Learn about the core AMP functionality in this Security Chalk Talks video. Brian McMahon, Technical Marketing Engineer, provides an overview of AMP’s core features, including cloud-based file reputation lookups, dynamic analysis with Threat Grid, and retrospection. To learn more about how to protect your business from malware visit:


  1. Karu. Raja Samy on September 9, 2021 at 10:56 pm

    Excellent video! Simple but very clear on the concepts!!! Thanks Brain!

  2. Ruben on September 9, 2021 at 10:58 pm

    Seems like if it is unknown detection and gets sent to a sandbox for further analysis. Well I wonder if it can be bypassed by having Malware only execute on the machine by using finger printing techniques to only run on the machine to be attack. So it then gets sent to sandbox and doesn’t execute because malware only executes on the machine to be attacked

  3. Garima Sharma (Gasha) on September 9, 2021 at 10:59 pm

    Amazing video!! Clear concept! Thankyou Brian:)

  4. Logic First on September 9, 2021 at 11:01 pm

    Isn’t counter intuitive to use 2 step verification to improve upon file disposition? What information does the Threat Grid has that the AMP database doesn’t that qualifies for an improved disposition on that file? If Threat Grid has this sort of advance disposition feature, it should be in sync with AMP Cloud at all times to display correct disposition on the first attempt. Secondly, on Firepower Access control policy’s advance section (Files and Malware Settings) is defaulted at "Allowing file if cloud lookup for the block Malware takes longer then (2) seconds". What if this entire process is taking longer then 2 seconds, the file is allowed.

  5. Arian747 on September 9, 2021 at 11:05 pm

    ok Good

  6. Pavlo Khazov on September 9, 2021 at 11:08 pm

    Where can I find such a blackboard?)

  7. PJA on September 9, 2021 at 11:11 pm

    If this is running on Firepower or ESA, how would AMP handle the encrypted data? Would we need to run HTTPS inspection in the middle for example?

  8. Ricky Sandhu on September 9, 2021 at 11:12 pm

    This is the best explanation of the entire AMP process I’ve seen. Finally the concept is now clear. Never had a clear understanding of how all the pieces fit in together until now. Thank you!

  9. Ankur Singh on September 9, 2021 at 11:13 pm

    does my every file which i have downloaded or copied from any sources get submitted to AMP and AMP TG holds the whole content of the file

  10. Qamar Islam on September 9, 2021 at 11:19 pm

    Hi Brian,

    Thanks for the information. If we have private cloud on premises and also Cisco Thread Grid Appliance on premises. If the end point is at home and he download the malicious file at home and then how it works on the private cloud. The End point send file SHA256 to the on promises private cloud or what happened?

  11. JOSE G AVALOS on September 9, 2021 at 11:25 pm

    what does amp do if the threat score of the unknown file is 94. 94 is still very high

  12. Takis Samanis on September 9, 2021 at 11:30 pm

    Excellent explanation

  13. Alexei Tsapaev on September 9, 2021 at 11:30 pm

    And how the TG gives the scores. The peace of code is either malicious or not, giving score point pushed us to assumption based on probability. What if TG is wrong?

  14. Imran Haider on September 9, 2021 at 11:37 pm

    A 480P video in 2016, really Cisco?

  15. 85Damix on September 9, 2021 at 11:39 pm

    is he writing it all backward/reversed on a glass?

  16. Nicholas Marcantonio on September 9, 2021 at 11:42 pm

    What is the point of the SHA-256 encryption?

  17. Secret Boys on September 9, 2021 at 11:44 pm

    AMP sucks! I have to go around my company with the free version of malwarebytes because my company wasted thousands of dollars on this stupid endpoint solution.

  18. binou365 on September 9, 2021 at 11:48 pm

    Simple and very nice presentation. Thank you Brian:).

Leave a Comment