Norton 360 blocks Cisco AMP Secure Endpoint

My company is using Cisco AMP for Endpoints for all its laptops. Recently the IT department told me they got several notifications from my laptop. It seems this has happened since I installed Norton 360. Some examples are as below.

It seems to me that Norton 360 wrongly blocked some files that Cisco deems as necessary. To be honest, I don't want to uninstall Norton 360, as it is very useful to me, compared to Cisco. But at the same time, I don't want to get into trouble with my company's policies. The IT guy, who is a good friend of mine, told me that sometimes, Cisco Secure Endpoints in my laptop sent nearly a hundred notifications (like the examples above) per day to his end. He also told me that if his boss finds out about this, I will be required to remove Norton 360. I had to temporarily turn off  both Smart Firewall and Auto Protect modes. However, I need a long-term solution for this.

Do you know how to whitelist Cisco AMP and prevent it from being blocked by Norton 360? If this is not possible, can you release a patch to fix this type of false detection? Thank you.

There is no way to use the Norton Backup feature without installing Norton 360.

You might check with your company to see if they have a suggestion/recommendation for a backup solution for their laptop. 

 

Thanks @SoulAsylum and everyone else. After much consideration, I have decided that I will remove it from my company-owned laptop. But there is one more thing that still concerns me. Apart from Norton VPN, I need to use the Backup feature of Norton 360 to save my data. Is there any way that I can install that backup feature standalone without the rest of Norton 360?

All: Cisco AMP for Endpoints does indeed register as the default A/V protection with Windows when installed. Norton will do the same as well. Therefore there are two separate endpoint trying to register with Windows causing conflicts. Removing Norton will correct the issues with Cisco reporting. Is this laptop your company's property or your personal property for use to work from home? If its company owned. There isn't any responsible way to have Norton exclude Cisco because its configured to ignore its reporting because your company IT manager has Windows group policy set at their level to prevent changes to that policy. I would remove Norton and stick with what your company has in place. You can install the stand alone Norton VPN vice the N360 suite and have a reasonable aspect of WiFi security and encryption. 

Cisco, has the following cloud based attributes:

  • Cisco AMP is built on an extensive collection of real-time threat intelligence and dynamic malware analytics supplied by the Talos Security Intelligence Group and Threat Grid intelligence feeds.

https://community.cisco.com/t5/endpoint-security/how-will-amp-interact-with-windows-defender/td-p/4195975#:~:text=Windows%20Defender%20is%20included%20in,deactivate%20Windows%20Defender%20periodic%20scans.

SA

 

 

Hi @bjm_

Thanks for your suggestion and sorry for my late reply due to my busy schedule. The main reason I installed Norton 360 on my work laptop is because it provides me with more than what Cisco AMP offers. Cisco AMP is basically an antivirus. Norton 360 offers me an antivirus, a firewall, a VPN and a large storage.

I sometimes go to the local public library in my area. The internet at the library is faster than mine. Also, the library offers a more quiet atmosphere. The only problem is the library's WIFI has no password and no security at all (I mean literally no security at all). The VPN feature of Norton 360 encrypts and secures my data from any potential hacker. The firewall feature of Norton 360 secures my laptop. I read that it is more powerful than Windows Firewall. Furthermore, Norton 360 provides me with a large backup storage, which is very useful.

This is the reason why I use Norton 360 on my work laptop. I will see if I can grab the wrongly-detected files and send them to Norton following the links that you provided.

I noticed you mentioned setting up mutual exclusions. Could you please tell me how can I tell Norton 360 to ignore Cisco AMP?

Thanks

@anthonysoftdev

Please post progress

Why run Norton 360 with Cisco Advanced Malware Protection? 
Why run two real-time security solutions? 
Does Cisco AMP register to Windows Security Center? 
Have you created mutual exclusions?  

Problems running multiple security products
https://support.norton.com/sp/en/us/home/current/solutions/kb20080520095244EN

Why you should never have multiple antivirus programs on your computer
https://www.av-comparatives.org/why-you-should-never-have-multiple-antivirus-programs-on-your-computer/

````````````````````````````````````````````````````````````

anthonysoftdev:
I need a long-term solution for this.
It seems to me that Norton 360 wrongly blocked some files

remove Norton 360

````````````````````````````````````````````````````````````

Report a suspected incorrect detection to Norton
https://support.norton.com/sp/en/us/home/current/solutions/v126152382

Submit a file to Norton
https://support.norton.com/sp/en/us/home/current/solutions/kb20090602171902EN

Respond to incorrect Norton alerts that a file is infected or a program or website is suspicious
https://support.norton.com/sp/en/us/home/current/solutions/kb20100222230832EN


Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.