I tried posting this in another section of the site but didn't get a response. Maybe I'm just drawing a complete blank, it has been a while since I touched HIPs signatures. Just tell me if I'm overlooking the obvious.
Is there a way to have HIPs disable the clients NIC card based on a signature being triggered?
Thanks for the response chuck. I see where you are going with the whole blocking of the attack. However, we are looking at it more from a preventative measure. Lets say a virus definition hasn't been updated for x number of days because the user hasn't plugged in their machine in a while. We'd like to be able to take away their network connectivity until they bring it back for us to update. Yes it'll be a hassle but they're learn to plug in their machines from time to time.