11-27-2017 09:37 PM - edited 02-20-2020 09:05 PM
Hi,
Quarantine failed events were triggered for the user.
Error details for the events are shown below:
Error Code | 3221225539 |
---|---|
Description | Unknown Error |
Can anyone please explain the meaning of the error?
11-28-2017 09:52 AM
I found a similar question in the Cisco Support Community that may be helpful.
SourceFire AMP - Cisco Support Community
Kelli Glass
Moderator for Cisco Customer Communities
11-28-2017 10:10 AM
That's the Windows error code that AMP received when it attempted to quarantine the file.
The most common reason for quarantine failure is that there is another third-party AV tool (for example, Windows Defender) installed, and that other tool removed the file before AMP could get to it. This is not a problem from an operational standpoint; AMP correctly detected the threat, and the threat is now neutralized.
If you are encountering other problems, you might consider opening a support case.
06-10-2019 03:49 AM
w do I open a support case for AMP 4E? THis is not a product .
06-11-2019 02:03 AM
Hello @Kewal sharma,
if there is any unexpected behavior where you need more technical deep dive background, opening a TAC case can help to answer these questions.
What do you mean with "AMP4E is not a product"??
Cheers,
Thorsten
06-11-2019 04:27 AM
That error is a Windows STATUS_SHARING_VIOLATION error. I suggest looking on the Microsoft Support Community site for additional information on what can cause this error.
https://support.microsoft.com/en-us
Thanks,
Matt
06-11-2019 08:10 AM - edited 06-11-2019 08:26 AM
Agree with @matt,
the error code indicates the following. Btw, i have seen such "challenges" also with other AV products, where an engine does not get exclusive access rights to a file on the disk.
If you translate the DEC to HEX, your are getting the following result: C0000043
In the Microsoft Documentation (https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/8f11e0f3-d545-46cc-97e6-f00569e3e1bc) this Error Code shows the following information.
Reasons can be
Are you still seeing this error codes?
Cheers
06-12-2019 09:29 PM
Team,
I am new to AMP and I have already gone through AMP user Guide and got the basic understanding.
Right now, My concern is my AMP Dashboard, where I have 54 Events which require attention and need to Troubleshoot.
Events type are "System Process Protected, Executed Malware & Threat Detected". If Possible, can anyone suggest whether I have to do anything to clear these events and If yes, then wht steps do i need to take.
06-12-2019 10:18 PM
Hello @Kewal sharma,
your local responsible Cisco Partner or a Cisco Systems Engineer should be able to go through your results.
If not, just send me a message, so i can support you.
Based on the Events, YES, there someone should take a deeper look into your environment.
Greetings,
Thorsten
06-12-2019 10:24 PM
06-12-2019 09:51 AM - edited 06-12-2019 09:53 AM
08-17-2022 10:36 PM
3221225539 Error refers to "Attempted open operation conflicts with an existing open"
The file is already opened by another application meaning you should track down which application is using it.
Let me know if you need further assistance.
Regards,
Rachel Gomez
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: