You can do this using custom props and tag based assignment. Here is how it works conceptually
- On ePO we create a FW policy to quarantine.
- We then create a Quarantine tag
- We then use Policy Assignment Rules to map the Quarantine tag to the policy
- Using an OS command reaction script, you can use maconfig.exe to set a custom property to the McAfee agent. We use this to set custom prop 1 to Quarantine
- Once done, you wake up the McAfee agent using cmdagent.exe. Again this can be done in the same reaction script
- On communicating to ePO, the client sends its new property, which in turn assigns the new FW policy to the machine. The system then enforces the new FW policy.
Step 2 - How to build the quarantine tag
Step 3 - How to assign quarantine FW policy on the quarantine tag
Step 4 - 5 - Create custom MAR reaction
Choose "Execute OS command"
Paste in the following
"C:\Program Files\McAfee\Agent\maconfig.exe" -custom -prop1 ""
"C:\Program Files\McAfee\Agent\cmdagent.exe" -p