cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Is there a way to automate the quarantine process of an infected machine?

sometimes VSE is unable to "handle"  a threat discovered on a machine. This leaves the potential for the device to spread the exploit to neighboring devices. While receiving an email is nice, its hardly effective at 3 in the morning.

Between EPO & VSE, there should be an option or policy to lock a machine out of the network in the event of a discovered threat. Done locally on the machine by disabling network protocols, stopping services or disabling the NIC. Or possibly in conjunction with Cisco Clean Access or other switch vendors.

Real Life example: Employee accessed a site with multiple exploits. McAfee handle all except for a recently discovered Trojan which was able to propagate to at least 20 other machines still online. Had VSE or EPO been able to lock the machine off the network, it could have prevented the outbreak.

What it boils down to is we need a way to automate quarantining the machine.  How can we do this with McAfee's products?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community