Is there a way to automate the quarantine process of an infected machine?
sometimes VSE is unable to "handle" a threat discovered on a machine. This leaves the potential for the device to spread the exploit to neighboring devices. While receiving an email is nice, its hardly effective at 3 in the morning.
Between EPO & VSE, there should be an option or policy to lock a machine out of the network in the event of a discovered threat. Done locally on the machine by disabling network protocols, stopping services or disabling the NIC. Or possibly in conjunction with Cisco Clean Access or other switch vendors.
Real Life example: Employee accessed a site with multiple exploits. McAfee handle all except for a recently discovered Trojan which was able to propagate to at least 20 other machines still online. Had VSE or EPO been able to lock the machine off the network, it could have prevented the outbreak.
What it boils down to is we need a way to automate quarantining the machine. How can we do this with McAfee's products?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.