Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Isolate infected machine from accessing internet and network

Jump to Best Answer

1. Isolate infected machine from accessing internet and network

0 Recommend
Migration User
Posted Aug 24, 2014 06:17 AM

Reply Reply Privately
Hi,

Is there any option on SEPM to Isolate infected machines from accessing internet and local network until it is cleaned.

Thanks
2. RE: Isolate infected machine from accessing internet and network
Best Answer

0 Recommend
Migration User
Posted Aug 24, 2014 06:42 AM

Reply Reply Privately
See this

Best Practices for Troubleshooting Viruses on a Network

Article:TECH122466 | Created: 2010-01-15 | Updated: 2014-08-14 | Article URL http://www.symantec.com/docs/TECH122466

What is Risk Tracer?

Article:TECH102539 | Created: 2007-01-27 | Updated: 2014-04-17 | Article URL http://www.symantec.com/docs/TECH102539

How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection

Article:TECH94526 | Created: 2009-01-11 | Updated: 2013-04-16 | Article URL http://www.symantec.com/docs/TECH94526

See mick2009 articles

https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network
3. RE: Isolate infected machine from accessing internet and network
Best Answer

0 Recommend
ℬrίαη
Posted Aug 24, 2014 08:02 AM

Reply Reply Privately
No but you can get creative with the firewall, see my article on how I handle these issues:

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-5

And a few others for Incident Response:

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-1

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-2

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-3

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-4
4. RE: Isolate infected machine from accessing internet and network

0 Recommend
Mick2009
Posted Aug 25, 2014 05:20 AM

Reply Reply Privately
Hi TheSniper_,

Symantec Network Access Control (SNAC) is a slightly different product which works with SEP. It can put non-compliant computers onto an isolated quarantine network. That's about the closest thing to what you are inquiring about.

Personally, I just pull the network cable to ensure that the suspicious computer will not be infecting any others.

What actions or symptoms are you seeing / what is making you suspect the computer?

Many thanks in advance,

Mick
5. RE: Isolate infected machine from accessing internet and network

0 Recommend
Migration User
Posted Aug 25, 2014 07:14 AM

Reply Reply Privately
Mick2009, i tried SNAC before and it caused so much issues in our enviroment, so i am looking for a solution with the box SEPM

Endpoint Protection

Isolate infected machine from accessing internet and network

Migration UserAug 24, 2014 06:17 AM

Migration UserAug 24, 2014 06:42 AMBest Answer

ℬrίαηAug 24, 2014 08:02 AMBest Answer

Mick2009Aug 25, 2014 05:20 AM

Migration UserAug 25, 2014 07:14 AM

1. Isolate infected machine from accessing internet and network

2. RE: Isolate infected machine from accessing internet and network Best Answer

Best Practices for Troubleshooting Viruses on a Network

What is Risk Tracer?

How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection

3. RE: Isolate infected machine from accessing internet and network Best Answer

4. RE: Isolate infected machine from accessing internet and network

5. RE: Isolate infected machine from accessing internet and network

2. RE: Isolate infected machine from accessing internet and network
Best Answer

3. RE: Isolate infected machine from accessing internet and network
Best Answer