Showing results for 
Search instead for 
Did you mean: 

Is there a way to automate the quarantine process of an infected machine?

sometimes VSE is unable to "handle"  a threat discovered on a machine. This leaves the potential for the device to spread the exploit to neighboring devices. While receiving an email is nice, its hardly effective at 3 in the morning.

Between EPO & VSE, there should be an option or policy to lock a machine out of the network in the event of a discovered threat. Done locally on the machine by disabling network protocols, stopping services or disabling the NIC. Or possibly in conjunction with Cisco Clean Access or other switch vendors.

Real Life example: Employee accessed a site with multiple exploits. McAfee handle all except for a recently discovered Trojan which was able to propagate to at least 20 other machines still online. Had VSE or EPO been able to lock the machine off the network, it could have prevented the outbreak.

What it boils down to is we need a way to automate quarantining the machine.  How can we do this with McAfee's products?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community