logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: When should a Device be placed in Quarantine?

Carbon Black Cloud: When should a Device be placed in Quarantine?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Windows Sensor: All Supported Versions
  • Carbon Black Cloud MacOS Sensor: All Supported Versions
  • Carbon Black Cloud Linux Sensor: Version 2.13 and Later

Question

When should a Device be placed in Quarantine?

Answer

If a Carbon Black Cloud Administrator suspects that a computer's security has been compromised, use the Quarantine option to isolate the device from the rest of the network to help reduce the spread of malicious activity

Additional Notes

  • Quarantine mode allows both CB Support and CBC Administrators to continue investigating a device from the CBC Web Console (Investigate Page, Live Response, Live Query, etc..) while reducing the risks involved with allowing a compromised device to access the local network
  • CB Support will still be able to to pull sensor logs from the device while in quarantined mode

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
2454
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.