To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action

ravi12
ravi12 Posts: 57 Security Scout

hello

we are managing clients centrally through FSPM servers in our domain (i.e. Intranet). how to Network Quarantine the PC automatically from Intranet as soon as any virus is detected in any PC with action failed/none.

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    That is a bad idea.

    1) When F-Secure detects a malware it gets blocked, regardless of any further action defined by the administrator or if that action fails (The way F-Secure diplays this is "irritating", they know).

     

    2) Worm behaviour gets detected not on the machine that runs the worm, but on those that ar targeted by that worm. This way you would quarantine 99% of your network, but not the one that causes the problem (outdated  patches, Sigantures or other software)

     

    The best way is to install a lokal firewall to EVERY system with an Office profile so that only outbout traffic is possible. This way the machine is automatically quarantined, as it can not reach and infect the others.

This discussion has been closed.

Categories