Capture Client Premier Administration Guide

Configurable Network Quarantine

One of the basic mitigation actions for an infected endpoint is to Disconnect it from the Network and put it in Network Quarantine. This ensures that a threat cannot attack other endpoints, or communicate with the external network from the infected endpoint.

You can set the automatic Disconnect from Network option in the Policy Settings. Endpoints are only disconnected if a threat is found, after the threat is executed. Endpoints are not disconnected if a threat is detected pre-execution (by the Reputation or Static AI engines) because the threat is not active.

With Network Quarantine, you can configure rules to allow specific network traffic to communicate with quarantined endpoints. By default, only the Agents can communicate with the Management Console if they are disconnected from the network.

For example, allow remote access from specific IP addresses to the infected endpoints to investigate or respond to incidents. Or allow the endpoints to send data to a specific server.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden