Showing results for 
Show  only  | Search instead for 
Did you mean: 

AR Reaction: Disable Network Adapter

No ratings

Sometime , administrator may want to disconnect the infected clients.

Active Response with HIPS FW using Application-Based policy Tagging   might be the Best Practice in this case , but the customers who don't have HIPS FW would want more "light" way.

In this example, we will create a simple AR Reaction to disable Network Adapter, and also display a simple dialog to the user.

This is optional, but is useful for testing and demonstration purposes. In this note we'll walk through all the steps necessary to create this reaction.

Creating Disable Network Adapter and Notify User Reaction

  1. Open the Active Response Catalog and select the Reactions tab.  Click New Reaction.
  2. Next enter a name and a description for this Reaction
  3. For Reaction Content, select " Execute OS command" and enter the following 2 lines:

    msg * "Don't re-enable Network Adapter!! Your PC might be infected. Administrator closed your network connection. Bring your PC to IT helpdesk."

    netsh interface set interface "Local Area Connection" disabled

  4. Click the Save button at the top of the screen to save your work.

Testing the Disable Network Adapter and Notify Reaction

Once saved, your reaction will be immediately distributed to your endpoints via the DXL.

You can view this test on Active Response Demo video.

(from 3:30)

Going Further

For some additional thoughts on using Reactions within Active Response, see AR Reaction: More ideas

Version history
Revision #:
1 of 1
Last update:
‎10-02-2015 02:43 AM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community