Carbon Black Cloud: When should a Device be placed in Quarantine?
Article ID: 290226
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
When should a Device be placed in Quarantine?
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Windows Sensor: All Supported Versions
- Carbon Black Cloud MacOS Sensor: All Supported Versions
- Carbon Black Cloud Linux Sensor: Version 2.13 and Later
Resolution
If a Carbon Black Cloud Administrator suspects that a computer's security has been compromised, use the Quarantine option to isolate the device from the rest of the network to help reduce the spread of malicious activity
Additional Information
- Quarantine mode allows both CB Support and CBC Administrators to continue investigating a device from the CBC Web Console (Investigate Page, Live Response, Live Query, etc..) while reducing the risks involved with allowing a compromised device to access the local network
- CB Support will still be able to to pull sensor logs from the device while in quarantined mode
Feedback
Yes
No
Powered by
