How to add Exclusion set for the MID Server in Cisco AMP to prevent MID Server upgrade failSummaryIf Cisco AMP is running, MID Server upgrade failed. As a work around we need to exclude the MID Server process in Cisco AMP. In what follows we explain how we can add the proper exclusion set for MID Server upgrade. The exclusion set needs to have the following exclusions File Scan for wrapper-windows-x86-64.exe under agent\bin folder (with Apply to child processes marked)File Scan for java.exe under agent\jre\bin folder (with Apply to child processes marked)Wildcard for the MID Server folder ReleaseundefinedInstructionsStep1: Create a new Exclusion Set for the MID Server wrapper Login to the amp console as an admin: https://console.amp.cisco.comUnder Management choose ExclusionsChoose "Custom Exclusions", "Windows" and click on "+ New Exclusion Set…" and create a new exclusion set.Create a new exclusion, choose a name Step2: Add Exclusions to Exclusion Set Step2.1: Add File Scan Exclusion for wrapper-windows-x86-64.exe On the exclusion set choose "File Scan" under Process section for the typeAdd the complete path for "wrapper-windows-x86-64.exe" under agent/bin folder. Make sure that you choose "Apply to child processes" Step2.2: Add File Scan Exclusion for java.exe Click on + Add ExclusionChoose File Scan under Process SectionAdd the complete path for java.exe in jre/bin folder Make sure that you choose "Apply to child processes" Step 2.3: Add Wildcard for the MID Server folder Click on + Add ExclusionChoose Wildcard under Process SectionAdd the path for the MID Server for example C:\Servicenow\*Save Step3: Add the new exclusion set to the corresponding policy At this step you need to add the created exclusion set in the previous step to the policy used for the MID Server host machine. Below are the steps Choose "Policies" Under "Management" Choose Windows and from the list choose the policy which is used for your end point (MID Sever host machine) and choose "Edit" for that policy Choose "Exclusions" on the left and under "Custom Exclusions" select the new exclusion that you created in the previous section and save it Step4: Make sure that the updated policy is synced on the MID Server host machine Logon to the MID Server host machine and open "Cisco AMP for Endpoint Connectors" and in the setting choose "sync Policy" The Policy sync takes time. To make sure that the new policy is set on the host machine: Open policy.xml under Cisco AMP in "Program Files" (or any place that Cisco AMP was installed) and make sure that your exclusion path for the wrapper, java.exe and wildcard are available in that file Related Linksundefined