0 Replies Latest reply on Feb 12, 2013 2:41 PM by Brian Bolduc

    Is there a way to automate the quarantine process of an infected machine?

      sometimes VSE is unable to "handle"  a threat discovered on a machine. This leaves the potential for the device to spread the exploit to neighboring devices. While receiving an email is nice, its hardly effective at 3 in the morning.

      Between EPO & VSE, there should be an option or policy to lock a machine out of the network in the event of a discovered threat. Done locally on the machine by disabling network protocols, stopping services or disabling the NIC. Or possibly in conjunction with Cisco Clean Access or other switch vendors.

       

      Real Life example: Employee accessed a site with multiple exploits. McAfee handle all except for a recently discovered Trojan which was able to propagate to at least 20 other machines still online. Had VSE or EPO been able to lock the machine off the network, it could have prevented the outbreak.

       

      What it boils down to is we need a way to automate quarantining the machine.  How can we do this with McAfee's products?