ciscosecurity / amp-05-health-checker-windows Goto Github PK

Cannot run, "failed to execute script main_page" when loading using AMP_Health_Checker_03Aug2021.exe

Can you add a note to readme.md that you need to run as administrator as below?

In the absence of not running as administrator, i was never able to Generate Diagnostic from the health check tool. I was always faced with the error:

When i start the exe file i get the following error:

Star leading exclusions cause performance issues on the endpoint and are a legacy type of exclusion that no longer function properly. An alert should be presented to tell the user to delete them if the policy has start leading exclusions.



Hey there,

Receiving the error "Changing log level requires running AMP Health Checker as Admin. Please try again as Admin." but I am in fact running as admin. Dug through the checker_log.log and found it was trying to run the sfc.exe in the 8.0.1.21164 folder but due to me having to roll back, I am now on 7.5.7.21234. Looks like when the connector gets updated the folders are not getting deleted as I have the last 4 version folders still in place. They still contain global.xml && SecurityProductInformation.ini. I briefly looked at the data.py file and noticed it's looking for the highest_build so wasn't sure if there is a workaround or something I could change to test.

Thanks and appreciate the tool!

Need to check to see if there is a way to have a dropdown to select an organization or have the org name pulled automatically. It is possible to be a member of multiple organizations, so not having to specify it in the .env file would be ideal. This may lead to issues with the API keys though. Needs investigation.

When I run as admin, it doesn't believe.

And I say yes...

And it informs me that I'm not, in fact, running as admin.

• Version: Health_Checker_03_Aug_2021
• Secure Endpoint version: 7.4.1.20439
• Windows version: Windows 10 21H1 19043.1151

When running AMP Health Checker on a computer with Windows connector v7.5.7.21234, a "Fatal error detected" dialog box pops up that says, "Failed to execute script main_page".

Log file:
amp_health_checker_log.log

Running version 7.4.1 and error as seen in screenshot - appears to be stuck on finding the version number.

Worked previously on 7.3.x

Hello,

We use Secure Endpoint Version 8.1.5 on our Clients, I created API Credentials in the Secure Endpoint Console and SecureX Console.
When I start the AMP Health Checker I see the Error "Unable to pull the policy guid due to KeyError".

I am not sure if the API Credentials have enough Privilege.
In the Documentation I also could not find any info what privilege is requiered for the API Credentials to work.
Do have any info what scopes and what checkboxes need to be enabled when creating the API Credentials in Secure Endpoint and SecureX.

Thanks.

08-03 20:42:39 root DEBUG data.py tetra_def_compare tetra_latest: 85334
08-03 20:42:39 root DEBUG data.py tetra_def_compare data.tetra_version: 85262
08-03 20:42:39 root DEBUG data.py tetra_def_compare data.tetra_version: 85262

Having an option to save the API creds will help as the tool currently asks to feed the API creds everytime it is re-run.
Probably, have api_creds.conf file and give user and option to save the creds in it.
If the api_creds.conf is not found by the tool then prompt for entering creds to be provided.

Thanks for this great tool!

Can we add proxy support for this tool as well?
Without proxy support, there are two things not working:

1. API - which consequently means no Tetra version fetch, no policy number fetch and no isolation unlock code fetch
2. Connectivity Test button is showing red for all the 17 *.amp.cisco.com domains.

Please enable an option to list the connector UUID as it will be useful in tracking or troubleshooting Duplicate UUID issues.
refer: https://techzone.cisco.com/t5/AMP-Public-Cloud/Steps-to-find-UUID-of-Cisco-Secure-Endpoint-Connector-of-an/ta-p/1917314

Seems some people are having problems configuring their API keys properly in the .env file which can result in a KeyError. Need to look into having a popup request the credentials if they are not correct and then writing them to a .env file.

We are using Cisco AMP in our organization with the Basic Authentication settings for the proxy. (more than 1000 Devices)
Every time I run the amp-05-health-checker-windows --> Connectivity Test, All the website status is
CiscoAMPConnectivityTestRED.docx
"RED".
Could you please help to fix it?

The URL Scanner engine should be removed from the Engines list as it is not a viable policy option so will never be enabled.