We had a recent malware attack on a computer that went undetected by Symantec except for an IPS alert. The IPS blocked access to the C&C server but a local payload was able to do a lot of damage to the computer and its connected network.
Is there a feature of SEP that will isolate the computer from the network i.e. disconnect the network card, which can be triggered on certain events?
We would like the computer to isolate itself any time the IPS triggers.