The Best way to contain the spreading of the malware is to
1. Disconnect from the network and isolate it
2. Run a full scan on the machine
3. Collect the suspicious files and submit as the sample
4. Obtain a extra dat and apply it on the infected machine, once the malware is detected and deleted apply the ED on other machines in your network
You can configure Access Protection Policies to control the spreading of Malware in your environment, to configure the Access protection policies you will need to understand the behavior of the malware and then create the appropriate policy.
You can take a look at the below mentioned document