How to add Exclusion set for the MID Server in Cisco AMP to prevent MID Server upgrade fail


Description

If Cisco AMP is running, MID Server upgrade failed. As a work around we need to exclude the MID Server process in Cisco AMP. In what follows we explain how we can add the proper exclusion set for MID Server upgrade. The exclusion set needs to have the following exclusions

Instructions

Step1: Create a new Exclusion Set for the MID Server wrapper

 

  1. Login to the amp console as an admin: https://console.amp.cisco.com
  2. Under Management choose Exclusions


  3. Choose "Custom Exclusions", "Windows" and click on “+ New Exclusion Set…” and create a new exclusion set.


  4. Create a new exclusion, choose a name

     

Step2: Add Exclusions to Exclusion Set

Step2.1: Add File Scan Exclusion for wrapper-windows-x86-64.exe

  1. On the exclusion set choose “File Scan” under Process section for the type


  2. Add the complete path for "wrapper-windows-x86-64.exe" under agent/bin folder. Make sure that you choose “Apply to child processes”

Step2.2: Add File Scan Exclusion for java.exe

  1. Click on + Add Exclusion
  2. Choose File Scan under Process Section
  3. Add the complete path for java.exe in jre/bin folder Make sure that you choose “Apply to child processes”

Step 2.3: Add Wildcard for the MID Server folder

  1. Click on + Add Exclusion
  2. Choose Wildcard under Process Section
  3. Add the path for the MID Server for example C:\Servicenow\*
  4. Save

Step3: Add the new exclusion set to the corresponding policy

At this step you need to add the created exclusion set in the previous step to the policy used for the MID Server host machine. Below are the steps

  1. Choose “Policies” Under “Management” 


  2. Choose Windows and from the list choose the policy which is used for your end point (MID Sever host machine) and choose “Edit” for that policy


  3. Choose “Exclusions” on the left and under “Custom Exclusions” select the new exclusion that you created in the previous section and save it

Step4: Make sure that the updated policy is synced on the MID Server host machine

  1. Logon to the MID Server host machine and open “Cisco AMP for Endpoint Connectors” and in the setting choose “sync Policy” 



  2. The Policy sync takes time. To make sure that the new policy is set on the host machine: Open policy.xml under Cisco AMP in “Program Files” (or any place that Cisco AMP was installed) and make sure that your exclusion path for the wrapper, java.exe and wildcard are available in that file