This content has been marked as final. Show 2 replies
No way to do this.
However, if the signature is being triggered, that means HIPS caught the attack, and disabling the NIC would seem redundant.
Also, once a NIPS signature is logged, the attacker is automatically block for x amount of minutes depending on what you set in policy.
Thanks for the response chuck. I see where you are going with the whole blocking of the attack. However, we are looking at it more from a preventative measure. Lets say a virus definition hasn't been updated for x number of days because the user hasn't plugged in their machine in a while. We'd like to be able to take away their network connectivity until they bring it back for us to update. Yes it'll be a hassle but they're learn to plug in their machines from time to time.