Which of the following is a Cisco AMP for Endpoints feature that can prevent specific programs from running on managed endpoints? (Select the best answer.)
- file reputation
- device trajectory
- file trajectory
- outbreak control
The outbreak control feature of Cisco Advanced Malware Protection (AMP) for Endpoints can prevent specific programs from running on managed endpoints. AMP for Endpoints is a hostbased malware detection and prevention platform that runs on Microsoft Windows, Mac OS X, Linux, and Google Android. Like many other antimalware packages, AMP for Endpoints monitors network traffic and application behavior to protect a host from malicious traffic. However, unlike many of its competitors, AMP for Endpoints continues its analysis after a disposition has been assigned to a file or traffic flow. When malware is detected, the outbreak control feature of AMP for Endpoints can use application blocking to ensure that a compromised application does not spread the infection. Outbreak control provides for granular control over which applications are blocked and can use whitelists to ensure that missioncritical software continues to run even during an outbreak.
File reputation, file trajectory, and device trajectory are not AMP for Endpoints features that prevent specific programs from running on managed endpoints. File reputation uses information collected from a global network of security devices to analyze and detect malicious traffic. File trajectory tracks the spread of suspicious files throughout the network, which can reduce the analysis time if a suspicious file is determined to be malicious. Likewise, device trajectory tracks file and network activity on endpoints to reduce the overall analysis time when malicious software is detected.