Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: When should a Device be placed in Quarantine?

Carbon Black Cloud: When should a Device be placed in Quarantine?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Windows Sensor: All Supported Versions
  • Carbon Black Cloud MacOS Sensor: All Supported Versions
  • Carbon Black Cloud Linux Sensor: Version 2.13 and Later

Question

When should a Device be placed in Quarantine?

Answer

If a Carbon Black Cloud Administrator suspects that a computer's security has been compromised, use the Quarantine option to isolate the device from the rest of the network to help reduce the spread of malicious activity

Additional Notes

  • Quarantine mode allows both CB Support and CBC Administrators to continue investigating a device from the CBC Web Console (Investigate Page, Live Response, Live Query, etc..) while reducing the risks involved with allowing a compromised device to access the local network
  • CB Support will still be able to to pull sensor logs from the device while in quarantined mode

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1752
Contributors