Showing results for 
Search instead for 
Did you mean: 

Disable the NIC

I tried posting this in another section of the site but didn't get a response. Maybe I'm just drawing a complete blank, it has been a while since I touched HIPs signatures. Just tell me if I'm overlooking the obvious.

Is there a way to have HIPs disable the clients NIC card based on a signature being triggered?
0 Kudos
2 Replies
Level 7

RE: Disable the NIC

No way to do this.

However, if the signature is being triggered, that means HIPS caught the attack, and disabling the NIC would seem redundant.

Also, once a NIPS signature is logged, the attacker is automatically block for x amount of minutes depending on what you set in policy.
0 Kudos

RE: Disable the NIC

Thanks for the response chuck. I see where you are going with the whole blocking of the attack. However, we are looking at it more from a preventative measure. Lets say a virus definition hasn't been updated for x number of days because the user hasn't plugged in their machine in a while. We'd like to be able to take away their network connectivity until they bring it back for us to update. Yes it'll be a hassle but they're learn to plug in their machines from time to time.
0 Kudos