A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?
A. The administrator must upload the file instead of the hash for Cisco AMP to use.
B. The APK must be uploaded for the application that the detection is intended.
C. The MD5 hash uploaded to the simple detection policy is in the incorrect format.
D. Detections for MD5 signatures must be configured in the advanced custom detection policies.
D should be correct
the right answer is D
https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf
Custom Detections – Advanced
Advanced Custom Detections are like traditional antivirus signatures, but they are
written by the user. These signatures can inspect various aspects of a file and have
different signature formats. Some of the available signature formats are:
• MD5 signatures
• MD5, PE section-based signatures
• File body-based signatures
• Extended signature format (offsets, wildcards, regular expressions)
• Logical signatures
• Icon signatures
IMPORTANT! Any time you add or remove a signature you MUST click on Build a
Database from Signature Set
Note that when you create an advanced custom detection for a file, it is subject to
caching for an hour. If a file is added to an advanced custom detection set, the cache
time must expire before the detection will take effect. For example, if you add an
advanced custom detection for an unknown file 5 minutes after it was cached, the
detection will not take effect for another 55 minutes.
IMPORTANT! Advanced Custom Detections only work on files of unknown
disposition…