Which of the following statements is true regarding the outbreak control feature of AMP for Endpoints? (Select the best answer.)
- It cannot block polymorphic malware.
- It must wait for a content update before blocking specific files.
- It cannot whitelist specific applications.
- It can use application blocking lists to contain compromised applications.
The outbreak control feature of Cisco Advanced Malware Protection (AMP) for Endpoints can use application blocking lists to contain compromised applications. AMP for Endpoints is a hostbased malware detection and prevention platform that runs on Microsoft Windows, Mac OS X, Linux, and Google Android. Like many other antimalware packages, AMP for Endpoints monitors network traffic and application behavior to protect a host from malicious traffic. However, unlike many of its competitors, AMP for
Endpoints continues its analysis after a disposition has been assigned to a file or traffic flow. When malware is detected, the outbreak control feature of AMP for Endpoints can use application blocking to ensure that a compromised application is contained and that it does not spread the infection. Outbreak control provides for granular control over which applications are blocked and can use whitelists to ensure that missioncritical software continues to run even during an outbreak.
The outbreak feature works in conjunction with the continuous analysis, continuous detection, and retrospective security features of AMP for Endpoints to quickly contain and control the spread of malware. Once a file or application has been detected as malicious, the outbreak control feature can use custom detection rules to quickly block the specific file or application without waiting for a signature file content update. In addition, custom signatures can be created to detect polymorphic malware, which is malicious software than can evolve its code or behavior as it propagates.